WAF Exclusion Limit

Aravindhan 6 Reputation points

Hi Team,

What is the limit on the number of exclusion in WAF Policy? Is it 100 ? or 40 ?

Bcoz i see this

WAF exclusion per policy 100 100

And also

Maximum WAF exclusions per Application Gateway 40

In the page


Appreciate the clarification

Azure Web Application Firewall
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 23,426 Reputation points Microsoft Employee

    Hello @Aravindhan ,
    Thank you for reaching out.

    The information present in the document mentioned above is correct. The difference here is due to WAF policy for Azure Application gateway (Regional WAF policy) and Azure Front Door (Global WAF policy). There are two options when applying WAF policies in Azure. WAF with Azure Front Door is a globally distributed, edge security solution. WAF with Application Gateway is a regional, dedicated solution.


    This limitation of exclusion is per application gateway. To put it other words you can attach as many regional WAF policy to your application gateway but the cumulative exclusions must not exceed 40. If you are exceeding this limit it is recommended to use custom rules instead.


    This limitation is for a Global WAF policy attached to Azure Front Door Standard/Premium.

    Hope this helps answer your query. Please let me know if you have any additional questions here. Thank you!

    0 comments No comments