Azure – You can now define exclusion lists in your WAF with Azure Front Door

You may already know that Azure offers a Web Application Firewall capability.

Until now, you were not able to define request attributes exclusions list to be omitted from the WAF evaluation process.

Well, good news, this is now possible.

The attribute supported for the exclusion:

  • request header,
  • cookie,
  • query string,
  • post args

To define your exclusions, you can use either PowerShell, Azure Cli or the administration portal.

PowerShell command

New-AzFrontDoorWafManagedRuleExclusionObject –Variable <RequestHeaderNames, RequestCookieNames, QueryStringArgNames or RequestBodyPostArgNames>  -Operator <operator – like equals, equalsany…> –Selector <pattern to match if the operator is not equalsany>

From the portal

Access the WAF you want to configure the exclusion and then access the Managed Rules blade, available under the Settings section


There you can click on Manage exclusion available in the toolbar


And then you can define your exclusion rule