Web Application Firewall (WAF) for Power Pages (preview)
[This topic is pre-release documentation and is subject to change.]
Web Application Firewall (WAF) provides centralized protection for Power Pages sites, defending against common exploits and vulnerabilities by preventing malicious attacks before they enter the network. By utilizing WAF, Power Pages sites receive global protection at a scale without sacrificing performance.
Important
- This is a preview feature.
- Preview features aren’t meant for production use and may have restricted functionality. These features are available before an official release so that customers can get early access and provide feedback.
WAF mode for Power Pages
Web Application Firewall is powered by Azure Front Door (AFD), and the policy is configured using an AFD profile with Prevention mode enabled. In Prevention mode, requests matching the rules defined in the managed rule set are blocked.
WAF managed rule sets for Power Pages
The WAF managed rule sets for Power Pages are a subset of Azure-managed rule sets and are updated as needed to protect against new attack signatures.
The rule sets protect against the following threat categories:
Cross-site scripting
Local file inclusion
Remote file inclusion
Session fixation
Protocol attackers
Protocol enforcement
Next steps
Configure Web Application Firewall for Power Pages (preview)
See also
Web Application Firewall DRS rule groups and rules for Power Pages (preview)
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for