About the difference web application firewall policy custom rule

romero 125 Reputation points
2024-04-22T08:42:29.3433333+00:00

Hello.

Thanks for your interest in my topic.

I need clarification on the difference between the web application firewall policy in azure frontdoor and the web application firewall policy in application gateway.

In the waf policy for application gateway, I have Number among the match type.

In the waf policy for azure front door, there is size among the match type.

Are they the same? If they are the same, why is the wording different?

If they are different, I can't find an explanation of what they do differently.

[waf policy for application gateway

User's image

[waf policy for azure front door]

User's image

Azure Web Application Firewall
{count} votes

Accepted answer
  1. Deepanshukatara-6769 10,210 Reputation points
    2024-04-22T08:51:01.1533333+00:00

    Hi , Greetings!

    While both Azure Front Door and Azure Application Gateway provide Web Application Firewall (WAF) capabilities, they serve slightly different purposes and are implemented differently.

    let's directly address the specific match types "Number" in Azure Application Gateway's WAF policy and "Size" in Azure Front Door's WAF policy:

    Number (Azure Application Gateway):

    • In Azure Application Gateway's WAF policy, the "Number" match type typically refers to numerical values that can be matched against specific attributes or parameters of the HTTP request. This could include values such as the length of a parameter, the number of occurrences of a specific pattern, or other numeric characteristics of the request. Size (Azure Front Door):

    In Azure Front Door's WAF policy, the "Size" match type likely refers to the size of specific parts of the HTTP request or response. This could include the size of headers, body, or other components of the HTTP traffic.

    While there may be some overlap in functionality, they are not exactly the same. "Number" in Azure Application Gateway's WAF policy focuses on numerical characteristics of the request parameters, while "Size" in Azure Front Door's WAF policy focuses on the size of different parts of the HTTP traffic.

    While Front Door can load balance between your different scale units/clusters/stamp units across regions, Application Gateway allows you to load balance between your VMs/containers etc. that is within the scale units.

    Please check this thread for more details https://learn.microsoft.com/en-us/answers/questions/301218/azure-waf-frontdoor-vs-azure-waf-application-gatew

    Kindly accept answer if it helps, Thanks!

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.