I suggest you ...

Highlight Application Gateway WAF rules in different risk levels

IMHO, Azure should provide some guidelines on WAF rule configurations.
At least highlight the most important rules which we must turn on, so we can feel a bit safe when we have to turn off some non-important rules.
For example:
Rule 1,2,3 -- High risk; must turn on; when violated, do #a/b/c on your app to get compliant;
Ruel 4,5,6 – Medium risk; recommend to turn on, do #e/f/g app to get compliant;
Rule 7,8,9 – low risk; can be turned off.

P.S. It is kind of heavy for us to study all the rules https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.0/master/rules;

1 vote
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Samuel Li shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base