![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 32%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Web Application Firewall
An Azure service that provides protection for web apps.
361 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Hello @Aravindhan ,
Thank you for reaching out.
The information present in the document mentioned above is correct. The difference here is due to WAF policy for Azure Application gateway (Regional WAF policy) and Azure Front Door (Global WAF policy). There are two options when applying WAF policies in Azure. WAF with Azure Front Door is a globally distributed, edge security solution. WAF with Application Gateway is a regional, dedicated solution.
This limitation of exclusion is per application gateway. To put it other words you can attach as many regional WAF policy to your application gateway but the cumulative exclusions must not exceed 40. If you are exceeding this limit it is recommended to use custom rules instead.
This limitation is for a Global WAF policy attached to Azure Front Door Standard/Premium.
Hope this helps answer your query. Please let me know if you have any additional questions here. Thank you!