Share via

Application Gateway WAF Custom Rules

Eddie Vincent 245 Reputation points
2025-09-02T13:37:49.29+00:00

Hi,

There are a lot of online examples however I am looking for something quite specific that works for my use case but cannot find anything online (after trawling the web for some time) that matches (some close examples but also contradictory information).

I already have a Web application firewall (application gateway) setup and simply want a set of Powershell commands (similar to the below) to allow access request to a specific URL (specific not broad for security reasons).

User's image

This seems pretty straight forward via the GUI in Azure however would not be easily transferable in IaC so looking for examples from the community.

Thanks!

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
0 comments
Answer accepted by question author
  1. Deepanshu katara 17,960 Reputation points MVP Moderator
    2025-09-02T14:12:47.88+00:00

    Hello ,

    Welcome to MS Q&A

    Here’s a PowerShell example that mirrors the style of your existing script but targets a specific URL path:

    # Define the match variable for RequestUri
$matchVariable = New-AzApplicationGatewayFirewallMatchVariable -VariableName RequestUri

# Create a condition to match the specific URL path
$condition = New-AzApplicationGatewayFirewallCondition `
    -MatchVariable $matchVariable `
    -Operator Equals `
    -MatchValue "/specific-path" `
    -TransformLowercase `
    -NegationCondition $false

# Create a custom rule to allow traffic to that path
$allowRule = New-AzApplicationGatewayFirewallCustomRule `
    -Name "AllowSpecificPath" `
    -Priority 1 `
    -RuleType MatchRule `
    -MatchCondition $condition `
    -Action Allow

# Optional: Define WAF policy settings
$policySetting = New-AzApplicationGatewayFirewallPolicySetting -Mode "Prevention"

# Apply the rule to your existing WAF policy
Set-AzApplicationGatewayFirewallPolicy `
    -Name "WafPolicy" `
    -ResourceGroupName "<rgname>" `
    -Location "<location>" `
    -CustomRule $allowRule `
    -PolicySetting $policySetting

    Replace "/specific-path" with the exact path you want to allow.

    Ref link -->https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/per-site-policies

    Pls let us know if further ques

    Kindly accept answer if it helps

    Thanks

    Deepanshu

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.