Is it possible to disable logging for custom rules in Azure WAF?

Question

Is it possible to disable logging for custom rules in Azure WAF?

iuiu 40

Is it possible to disable logging for custom rules in Azure WAF? I’d like to avoid logging allowed actions since they produce too much noise.

Alex Burlachenko 9,780 Reputation points

2025-04-10T11:44:02.5833333+00:00
Dear iuiu,

Thank you for your question regarding Azure WAF logging for custom rules. Yes, you can disable logging for specific custom rules to reduce noise from allowed actions.

Option 1: Disable Logging per Custom Rule

Navigate to your WAF Policy in the Azure portal.

Under Settings, select Custom rules.

Edit the desired rule and toggle Enable logging to Off.

Option 2: Filter Logs in Diagnostic Settings

If you still want logs but wish to exclude "Allowed" actions:

Go to Diagnostic settings for your WAF.

Adjust the log filtering to exclude specific rule actions.

Option 3: Modify Log Analytics Queries

If you use Azure Monitor Logs, refine your KQL queries to skip allowed actions:

AzureDiagnostics | where action_s != "Allowed"

Microsoft-managed rules will continue logging by default.

Disabling logging for security rules may affect incident investigations, so consider keeping logs for blocked requests.

Let me know if you'd like a step-by-step guide for any of these methods!

Best regards,

Alex

P.S. If my answer help to you, please Accept my answer
Shravan Addagatla 1,530 Reputation points Microsoft External Staff Moderator

2025-04-11T08:22:29.7466667+00:00

Hello iuiu

I just wanted to follow up to see if you had the opportunity to review my response regarding your questions

Thanks. I look forward to your response.
Shravan Addagatla 1,530 Reputation points Microsoft External Staff Moderator

2025-04-14T08:55:59.9966667+00:00

Hello iuiu

Just checking in to see if above information was helpful. If you have any further updates on this issue, please let me know. Thank you
iuiu 40 Reputation points

2025-04-15T00:19:27.6033333+00:00

It's been resolved. Thank you.

Accepted answer

0 additional answers

Your answer

Alex Burlachenko 9,780 Reputation points

2025-04-10T11:44:02.5833333+00:00

Dear iuiu,

Thank you for your question regarding Azure WAF logging for custom rules. Yes, you can disable logging for specific custom rules to reduce noise from allowed actions.

Option 1: Disable Logging per Custom Rule

Navigate to your WAF Policy in the Azure portal.

Under Settings, select Custom rules.

Edit the desired rule and toggle Enable logging to Off.

Option 2: Filter Logs in Diagnostic Settings

If you still want logs but wish to exclude "Allowed" actions:

Go to Diagnostic settings for your WAF.

Adjust the log filtering to exclude specific rule actions.

Option 3: Modify Log Analytics Queries

If you use Azure Monitor Logs, refine your KQL queries to skip allowed actions:

AzureDiagnostics | where action_s != "Allowed"

Microsoft-managed rules will continue logging by default.

Disabling logging for security rules may affect incident investigations, so consider keeping logs for blocked requests.

Let me know if you'd like a step-by-step guide for any of these methods!

Best regards,

Alex

P.S. If my answer help to you, please Accept my answer
Shravan Addagatla 1,530 Reputation points Microsoft External Staff Moderator

2025-04-11T08:22:29.7466667+00:00

Hello iuiu

I just wanted to follow up to see if you had the opportunity to review my response regarding your questions

Thanks. I look forward to your response.
Shravan Addagatla 1,530 Reputation points Microsoft External Staff Moderator

2025-04-14T08:55:59.9966667+00:00

Hello iuiu

Just checking in to see if above information was helpful. If you have any further updates on this issue, please let me know. Thank you
iuiu 40 Reputation points

2025-04-15T00:19:27.6033333+00:00

It's been resolved. Thank you.

Answer 1

Shravan Addagatla 1,530 Microsoft External Staff Moderator

Hello iuiu

In addition to the Alex Burlachenko response, I would like to add a few points regarding your concerns.

I just checked and would like to inform you that while you can manage logging behaviour for custom rules in Azure Web Application Firewall (WAF), but disabling logging entirely for allowed actions isn't directly configurable at this time.

Here’s what you can do:

Set the Action to "Allow" so that when a request matches a custom rule with an Allow action, it will still be logged, but no further rules will be evaluated, helping to reduce log data.
You can configure Azure Monitor or Log Analytics to filter out unnecessary logs, reducing the noise.
If certain rules generate excessive logs, you can disable them instead of setting them to Allow.

If above is unclear and/or you are unsure about something add a comment below and we shall try to address them.

iuiu 40 Reputation points

2025-06-11T04:54:52.7+00:00
Option 1: Disable Logging per Custom Rule

Navigate to your WAF Policy in the Azure portal.

Under Settings, select Custom rules.

Edit the desired rule and toggle Enable logging to Off.

I couldn’t find the “Enable logging” toggle when editing the custom rule in the Azure WAF.
Shravan Addagatla 1,530 Reputation points Microsoft External Staff Moderator

2025-06-11T10:03:47.96+00:00

Hi iuiu

Please ignore the Alex response, since the option doesn't exist.

Share via

Is it possible to disable logging for custom rules in Azure WAF?

0 additional answers

Your answer