Provide protection with web application firewall
| Enabled for | Public preview | General availability |
|---|---|---|
| Users by admins, makers, or analysts | - | 
May 31, 2024 |
Business value
With this feature, you can enable a web application firewall (WAF) for a website to safeguard your data, providing protection against a wide range of cyber threats including SQL injection and cross-site scripting (XSS).
Feature details
Web Application Firewall (WAF) provides centralized protection for Power Pages sites, defending against common exploits and vulnerabilities by preventing malicious attacks before they enter the network. WAF is a turnkey solution which enables you to incorporate a foundational Azure-managed ruleset specifically targeting OWASP vulnerabilities. The Web Application Firewall managed rule sets for Power Pages are a subset of Azure-managed DRS 2.0 rule sets.
These rule sets protect against the following threat categories:
- Cross-site scripting
- Local file inclusion
- Remote file inclusion
- Session fixation
- Protocol attackers
- Protocol enforcement
You can also configure custom rulesets and download WAF logs.
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for