Not possible to modify Action on Managed-rules in Application Gateway WAF

MF 71 Reputation points

We are using Azure application gateway WAF. Our WAF is in "Prevention" policy mode. We have defined some custom rules with blocked action.
We would like to enable some of the managed rules with "Only Log" action. However I can't find any way to change/set the managed-rules action.
We also considered copying some managed-rules in custom rules and set "Only Log" action for them however it's not possible to copy them or even see the content of those defined rules to create the same rule from them as custom rule.
It should be possible to use managed-rules but would be able to set up action based on our needs.

Can you please let me know what we can do?

Looking forward to hearing from you.


Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
844 questions
Azure Web Application Firewall
{count} votes

1 answer

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 17,811 Reputation points Microsoft Employee

    Hello @MF ,

    I got a response back from the team. Currently enabling "Only Log" action on certain managed rules is not supported by Azure application gateway WAF. This feature is currently planned to be released by end of CY22.

    If it helps you can follow the methodology discussed here to determine which rule blocked your request.

    If you can put the WAF in detection mode with monitoring enabled. If any request is block by managed rules, you can go through the Firewall Log and determine the rule which is blocking this issue: You can identify this via OWASP GitHub Repo where the details.file represents the file and details.line will represent the rule section which was triggered.

    Hope this helps! Please let me know if you have any additional questions.


    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.