azure-waf

Azure WAF - what's the difference among allow, log and disable?


I don't know what's the difference between them.

If I don't want the rule to block requests. Disable it and change its action to Allow, which is better?


Solution

  • As per https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules

    • Allow - WAF allows the request to process, logs an entry in WAF logs, and exits.
    • Log - WAF logs an entry in WAF logs, and continues to evaluate the next rule in the priority order.

    The key difference is that Allow will exit i.e. it will not process any other rules. Whereas log will record an entry but continue to process other rules (which may themselves block). So which is better will depend on your intention for the rule.

    I'm not quite sure what the relation of disable is to your question (that will mean the rule is not active until you enable it), Block and Redirect are the other options (see link above).