Azure WAF Custom Rule - Match Type -Number

Someiah C S 60 Reputation points
2024-03-21T13:22:26.32+00:00

Could you provide more information on the match type number in custom rules for the WAF policy? I'm curious about its specific use cases and any details available.

User's image

Additionally, I'd like to learn more about the Microsoft Bot Manager ruleset. What exactly does it do, and what are the best practices for handling the actions on those rules? For instance, should we allow search engine crawlers?

Azure Web Application Firewall
0 comments No comments
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 34,601 Reputation points Microsoft Employee
    2024-03-22T04:33:54.06+00:00

    @Someiah C S .

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    The Match Type is used to select the type of data the rule condition should evaluate for a match. i.e., This impacts the Operators list.

    If you have Match Type as String, these are the Operators available,

    • User's image

    Similarly if you have Match Type as Number, these are the Operators available

    • User's image

    With respect to Microsoft Bot Manager ruleset,

    • Bad Bots things like scraping, scanning, and looking for vulnerabilities in your web application. When these bots are stopped at the Web Application Firewall (WAF), they can’t attack you. They also can’t use up your resources and services, such as your backends and other underlying infrastructure.
    • You can enable a managed bot protection rule set for your WAF to block or log requests from known malicious IP addresses. The IP addresses are sourced from the Microsoft Threat Intelligence feed. Intelligent Security Graph powers Microsoft threat intelligence and is used by multiple services including Microsoft Defender for Cloud
    • See : WAF on Azure Application Gateway bot protection overview

    There are three types of Bot Rules:

    • BadBots
    • GoodBots
    • UnknownBots

    See : Bot Manager Rule Set 1.0 on regional WAF

    • The default action for bad bot groups is set to Block, for the verified search engine crawlers group it’s set to Allow, and for the unknown bot category it’s set to Log.
    • You may overwrite the default action with AllowBlock, or Log for any type of bot rule. 
    • You are free to disable a rule should you find it to be a False Positive.
    • In case Azure WAF blocks a bot which is a well-known good bot or something you own, you can contact Microsoft Support and request them to whitelist the Bot.

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil


    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.


0 additional answers

Sort by: Most helpful