Provide protection with web application firewall

Enabled for Public preview General availability
Users by admins, makers, or analysts - May 31, 2024

Business value

With this feature, you can enable a web application firewall (WAF) for a website to safeguard your data, providing protection against a wide range of cyber threats including SQL injection and cross-site scripting (XSS).

Feature details

Web Application Firewall (WAF) provides centralized protection for Power Pages sites, defending against common exploits and vulnerabilities by preventing malicious attacks before they enter the network. WAF is a turnkey solution which enables you to incorporate a foundational Azure-managed ruleset specifically targeting OWASP vulnerabilities. The Web Application Firewall managed rule sets for Power Pages are a subset of Azure-managed DRS 2.0 rule sets.

These rule sets protect against the following threat categories:

  • Cross-site scripting
  • Local file inclusion
  • Remote file inclusion
  • Session fixation
  • Protocol attackers
  • Protocol enforcement

You can also configure custom rulesets and download WAF logs.