Public Preview: Exceptions in WAF for Azure Application Gateway and Azure Front Door
Share
Services
Azure Web Application Firewall (WAF) helps protect your web applications from common threats and attacks. In some cases, WAF may block requests that are safe and expected for your application. Existing exclusions help reduce false positives by omitting specific request attributes, such as headers, cookies, query string arguments, or body fields, from WAF evaluation while the rest of the request continues to be inspected.
Exceptions provide additional flexibility by allowing specific requests to bypass WAF inspection at the rule, rule group, or managed ruleset level. Exceptions can be defined using request URI, remote IP address, or request header name and value, helping customers tune WAF policies more precisely while keeping other protections active.
To configure Exceptions, navigate to your WAF policy in the Azure portal, select Managed rules, and then add an exception.
Learn more:
* [Application Gateway documentation](https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-exceptions "https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-exceptions")
* [Front Door documentation](https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/front-door-exceptions "https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/front-door-exceptions")