{"id":"93c8d020-3205-4339-a32d-a2f30b7abbef","shortId":"9F9ekz","kind":"skill","title":"azure-web-application-firewall","tagline":"Expert knowledge for Azure Web Application Firewall development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring Front Door/Ap","description":"# Azure Web Application Firewall Skill\n\nThis skill provides expert guidance for Azure Web Application Firewall. Covers troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Troubleshooting | L37-L42 | Diagnosing and fixing common Azure WAF issues on Front Door and Application Gateway, including false positives, blocked requests, rule tuning, and investigating WAF logs. |\n| Best Practices | L43-L51 | Best practices for configuring, tuning, and hardening Azure WAF on Front Door and Application Gateway, including rule tuning, exclusions, geomatch rules, and deployment security. |\n| Decision Making | L52-L58 | Guidance on planning and executing migration from legacy WAF configs to full WAF policies, and choosing/upgrading the appropriate Azure WAF managed rulesets. |\n| Architecture & Design Patterns | L59-L63 | Architectural guidance for designing DDoS-resistant web apps using Azure WAF with Front Door, including traffic flow, protection layers, and best-practice deployment patterns. |\n| Limits & Quotas | L64-L68 | Configuring WAF request body and file upload size limits on Application Gateway, including max size settings, constraints, and how to safely adjust them. |\n| Security | L69-L76 | Configuring Front Door WAF security: IP allow/deny rules, managed DRS rule groups, exclusion lists, and enforcing WAF settings and compliance with Azure Policy. |\n| Configuration | L77-L118 | Configuring Azure WAF (Front Door & App Gateway): policies, custom/managed rules, rate limiting, geo/IP filters, bot/CAPTCHA, exclusions, logging/scrubbing, and custom block responses. |\n| Integrations & Coding Patterns | L119-L129 | Using WAF with other Azure services: integrating logs with Sentinel/Log Analytics, automating incident response, investigating events, and protecting APIM/Azure OpenAI via Front Door WAF. |\n| Deployment | L130-L135 | How to deploy and provision Azure Application Gateway WAF v2 using Bicep, ARM templates, or Terraform, including required resources, parameters, and configuration structure. |\n\n### Troubleshooting\n| Topic | URL |\n|-------|-----|\n| Resolve common Azure Front Door WAF questions | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-faq |\n| Resolve common Azure Application Gateway WAF issues | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-faq |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Implement best practices for Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-best-practices |\n| Tune Azure Front Door WAF rules and exclusions | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-tuning |\n| Apply best practices for Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/best-practices |\n| Apply geomatch WAF rules to strengthen web app security | https://learn.microsoft.com/en-us/azure/web-application-firewall/geomatch-custom-rules-examples |\n| Secure and harden Azure Web Application Firewall deployments | https://learn.microsoft.com/en-us/azure/web-application-firewall/secure-web-application-firewall |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Migrate Azure Application Gateway WAF configs to full policies | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/migrate-policy |\n| Plan upgrade from WAF configuration to WAF policy | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/upgrade-ag-waf-policy |\n| Choose and upgrade Azure WAF managed rulesets | https://learn.microsoft.com/en-us/azure/web-application-firewall/ruleset-support-policy |\n\n### Architecture & Design Patterns\n| Topic | URL |\n|-------|-----|\n| Design application DDoS protection with Azure WAF and Front Door | https://learn.microsoft.com/en-us/azure/web-application-firewall/shared/application-ddos-protection |\n\n### Limits & Quotas\n| Topic | URL |\n|-------|-----|\n| Configure WAF request and file upload size limits on Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Configure IP restriction rules in Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction |\n| Understand Azure WAF Front Door DRS rule groups | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-drs |\n| Configure WAF exclusion lists for Azure Front Door | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion |\n| Enforce WAF governance using Azure Policy | https://learn.microsoft.com/en-us/azure/web-application-firewall/shared/waf-azure-policy |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Configure CAPTCHA challenges in Azure Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/captcha-challenge |\n| Configure custom block responses for Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-custom-response-code |\n| Define custom WAF rules for Azure Front Door | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules |\n| Configure Azure Front Door WAF custom and managed rules | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules-powershell |\n| Set up WAF exclusion rules on Azure Front Door | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion-configure |\n| Configure geo-filtering rules in Azure Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-geo-filtering |\n| Configure monitoring and logging for Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-monitor |\n| Enable and configure bot protection in Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-policy-configure-bot-protection |\n| Configure Azure Front Door WAF policy-level settings | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-policy-settings |\n| Configure rate limiting policies in Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit |\n| Create and tune WAF rate-limit rules on Front Door | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit-configure |\n| Create a geo-filtering WAF policy with PowerShell | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-tutorial-geo-filtering |\n| Configure log scrubbing on Azure Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-sensitive-data-protection-configure-frontdoor |\n| Enable sensitive data protection for Front Door WAF logs | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-sensitive-data-protection-frontdoor |\n| Reference for Application Gateway WAF CRS and DRS rules | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules |\n| Customize Application Gateway WAF rules using Azure CLI | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-cli |\n| Customize Application Gateway WAF rules in Azure portal | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-portal |\n| Customize Application Gateway WAF rules with PowerShell | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-powershell |\n| Configure WAF exclusion lists on Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-configuration |\n| Configure and analyze Application Gateway WAF metrics | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-metrics |\n| Associate WAF policies with existing Application Gateways | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/associate-waf-policy-existing-gateway |\n| Configure bot protection rules for Azure Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection |\n| Configure custom block response codes and pages for Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/configure-custom-response-code |\n| Create WAF v2 custom rules with Azure PowerShell | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/configure-waf-custom-rules |\n| Design and apply WAF v2 custom rules on Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/create-custom-waf-rules |\n| Create and attach WAF policies to Azure Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/create-waf-policy-ag |\n| Configure HTTP DDoS ruleset for Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/ddos-ruleset |\n| Use Application Gateway WAF Insights dashboards | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/insights |\n| Configure per-site WAF policies with PowerShell | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/per-site-policies |\n| Understand and scope WAF policies on Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/policy-overview |\n| Create rate-limiting custom rules for Application Gateway WAF v2 | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/rate-limiting-configure |\n| Configure rate limiting for Azure Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/rate-limiting-overview |\n| Upgrade CRS/DRS ruleset versions on Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/upgrade-ruleset-version |\n| Configure sensitive data protection in WAF logs | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection |\n| Set up WAF log scrubbing on Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection-configure |\n| Enable and manage logging for Azure WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-logs |\n| Manage WAF policies centrally with Azure Firewall Manager | https://learn.microsoft.com/en-us/azure/web-application-firewall/shared/manage-policies |\n| Use JavaScript challenge for bot mitigation in WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/waf-javascript-challenge |\n\n### Integrations & Coding Patterns\n| Topic | URL |\n|-------|-----|\n| Automate WAF incident response with Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/automated-detection-response-with-sentinel |\n| Protect APIM-hosted APIs with Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/protect-api-hosted-apim-by-waf |\n| Secure Azure OpenAI endpoints using Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/protect-azure-open-ai |\n| Analyze Application Gateway WAF logs with Log Analytics | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/log-analytics |\n| Investigate Azure WAF events with Security Copilot | https://learn.microsoft.com/en-us/azure/web-application-firewall/waf-copilot |\n| Detect new web threats using WAF and Sentinel | https://learn.microsoft.com/en-us/azure/web-application-firewall/waf-new-threat-detection |\n| Integrate Azure WAF logs with Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/web-application-firewall/waf-sentinel |\n\n### Deployment\n| Topic | URL |\n|-------|-----|\n| Deploy Azure Application Gateway WAF v2 using Bicep | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/quick-create-bicep |\n| Deploy Azure Application Gateway WAF v2 via ARM template | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/quick-create-template |\n| Provision Application Gateway WAF v2 with Terraform | https://learn.microsoft.com/en-us/azure/web-application-firewall/quickstart-web-application-firewall-terraform |","tags":["azure","web","application","firewall","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding"],"capabilities":["skill","source-microsoftdocs","skill-azure-web-application-firewall","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-web-application-firewall","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 549 github stars · SKILL.md body (13,750 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T18:54:01.275Z","embedding":null,"createdAt":"2026-04-18T22:00:29.243Z","updatedAt":"2026-05-18T18:54:01.275Z","lastSeenAt":"2026-05-18T18:54:01.275Z","tsv":"'/en-us/azure/web-application-firewall/afds/automated-detection-response-with-sentinel':1118 '/en-us/azure/web-application-firewall/afds/captcha-challenge':682 '/en-us/azure/web-application-firewall/afds/protect-api-hosted-apim-by-waf':1130 '/en-us/azure/web-application-firewall/afds/protect-azure-open-ai':1141 '/en-us/azure/web-application-firewall/afds/waf-faq':482 '/en-us/azure/web-application-firewall/afds/waf-front-door-best-practices':506 '/en-us/azure/web-application-firewall/afds/waf-front-door-configure-custom-response-code':693 '/en-us/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction':637 '/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules':704 '/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules-powershell':716 '/en-us/azure/web-application-firewall/afds/waf-front-door-drs':648 '/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion':659 '/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion-configure':728 '/en-us/azure/web-application-firewall/afds/waf-front-door-geo-filtering':741 '/en-us/azure/web-application-firewall/afds/waf-front-door-monitor':752 '/en-us/azure/web-application-firewall/afds/waf-front-door-policy-configure-bot-protection':764 '/en-us/azure/web-application-firewall/afds/waf-front-door-policy-settings':776 '/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit':787 '/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit-configure':801 '/en-us/azure/web-application-firewall/afds/waf-front-door-tuning':517 '/en-us/azure/web-application-firewall/afds/waf-front-door-tutorial-geo-filtering':813 '/en-us/azure/web-application-firewall/afds/waf-sensitive-data-protection-configure-frontdoor':824 '/en-us/azure/web-application-firewall/afds/waf-sensitive-data-protection-frontdoor':836 '/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules':848 '/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-cli':859 '/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-portal':870 '/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-powershell':880 '/en-us/azure/web-application-firewall/ag/application-gateway-waf-configuration':890 '/en-us/azure/web-application-firewall/ag/application-gateway-waf-faq':492 '/en-us/azure/web-application-firewall/ag/application-gateway-waf-metrics':900 '/en-us/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits':623 '/en-us/azure/web-application-firewall/ag/associate-waf-policy-existing-gateway':910 '/en-us/azure/web-application-firewall/ag/best-practices':527 '/en-us/azure/web-application-firewall/ag/bot-protection':922 '/en-us/azure/web-application-firewall/ag/configure-custom-response-code':936 '/en-us/azure/web-application-firewall/ag/configure-waf-custom-rules':947 '/en-us/azure/web-application-firewall/ag/create-custom-waf-rules':960 '/en-us/azure/web-application-firewall/ag/create-waf-policy-ag':972 '/en-us/azure/web-application-firewall/ag/ddos-ruleset':983 '/en-us/azure/web-application-firewall/ag/insights':992 '/en-us/azure/web-application-firewall/ag/log-analytics':1152 '/en-us/azure/web-application-firewall/ag/migrate-policy':566 '/en-us/azure/web-application-firewall/ag/per-site-policies':1003 '/en-us/azure/web-application-firewall/ag/policy-overview':1014 '/en-us/azure/web-application-firewall/ag/quick-create-bicep':1197 '/en-us/azure/web-application-firewall/ag/quick-create-template':1209 '/en-us/azure/web-application-firewall/ag/rate-limiting-configure':1028 '/en-us/azure/web-application-firewall/ag/rate-limiting-overview':1039 '/en-us/azure/web-application-firewall/ag/upgrade-ag-waf-policy':577 '/en-us/azure/web-application-firewall/ag/upgrade-ruleset-version':1050 '/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection':1060 '/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection-configure':1071 '/en-us/azure/web-application-firewall/ag/web-application-firewall-logs':1081 '/en-us/azure/web-application-firewall/geomatch-custom-rules-examples':539 '/en-us/azure/web-application-firewall/quickstart-web-application-firewall-terraform':1219 '/en-us/azure/web-application-firewall/ruleset-support-policy':587 '/en-us/azure/web-application-firewall/secure-web-application-firewall':550 '/en-us/azure/web-application-firewall/shared/application-ddos-protection':605 '/en-us/azure/web-application-firewall/shared/manage-policies':1092 '/en-us/azure/web-application-firewall/shared/waf-azure-policy':668 '/en-us/azure/web-application-firewall/waf-copilot':1162 '/en-us/azure/web-application-firewall/waf-javascript-challenge':1103 '/en-us/azure/web-application-firewall/waf-new-threat-detection':1173 '/en-us/azure/web-application-firewall/waf-sentinel':1183 '/microsoftdocs/mcp/blob/main/readme.md)':169 '3':140 'accept':208 'access':174 'adjust':359 'agent':89,133,192,206 'allow/deny':371 'analyt':429,1149 'analyz':893,1142 'api':1123 'apim':1121 'apim-host':1120 'apim/azure':437 'app':315,397,535 'appli':518,528,950 'applic':4,11,39,50,232,263,348,453,486,522,545,557,594,619,839,850,861,872,886,894,906,917,931,956,968,978,985,1010,1022,1034,1045,1067,1143,1189,1200,1211 'appropri':296 'architectur':20,58,301,307,588 'arm':459,1205 'associ':901 'attach':963 'autom':430,1109 'avail':159 'azur':2,9,37,48,225,257,297,317,386,393,423,452,475,485,508,543,556,581,598,639,654,664,676,699,706,723,735,766,818,855,866,916,943,967,1033,1077,1087,1132,1154,1175,1188,1199 'azure-web-application-firewal':1 'best':16,54,245,250,329,493,498,519 'best-practic':328 'bicep':458,1194 'block':237,411,685,925 'bodi':341 'bot':756,912,1097 'bot/captcha':406 'capabl':81 'captcha':673 'categori':92,100,116,212,214 'central':1085 'challeng':674,1095 'choos':578 'choosing/upgrading':294 'cli':856 'code':28,66,414,927,1105 'combin':71 'common':224,474,484 'complianc':384 'config':288,560 'configur':26,34,64,253,338,365,388,392,468,571,610,627,649,669,672,683,705,729,742,755,765,777,814,881,891,911,923,973,993,1029,1051 'constraint':354 'content':76,178 'copilot':1159 'cover':52 'creat':788,802,937,961,1015 'crs':842 'crs/drs':1041 'custom':410,684,695,710,849,860,871,924,940,953,1019 'custom/managed':400 'dashboard':989 'data':827,1053 'ddos':312,595,975 'ddos-resist':311 'decis':18,56,274,551 'defin':694 'deploy':31,69,272,331,443,449,547,1184,1187,1198 'descript':216 'design':21,59,302,310,589,593,948 'detect':1163 'develop':13 'diagnos':221 'doc':184 'document':79,177 'door':230,261,321,367,396,441,477,502,510,602,633,642,656,678,689,701,708,725,737,748,760,768,783,798,820,831,1126,1137 'door/ap':36 'drs':374,643,844 'e.g':104,120 'enabl':753,825,1072 'endpoint':1134 'enforc':380,660 'event':434,1156 'exclus':268,377,407,514,651,720,883 'execut':283 'exist':905 'expert':6,45 'fallback':196 'fals':235 'fetch':80,176,185,198 'file':110,118,125,130,343,614 'filter':405,732,806 'firewal':5,12,40,51,546,1088 'fix':223 'flow':324 'front':35,229,260,320,366,395,440,476,501,509,601,632,641,655,677,688,700,707,724,736,747,759,767,782,797,819,830,1125,1136 'full':290,562 'gateway':233,264,349,398,454,487,523,558,620,840,851,862,873,887,895,907,918,932,957,969,979,986,1011,1023,1035,1046,1068,1144,1190,1201,1212 'geo':731,805 'geo-filt':730,804 'geo/ip':404 'geomatch':269,529 'github.com':168 'github.com/microsoftdocs/mcp/blob/main/readme.md)':167 'govern':662 'group':376,645 'guid':166 'guidanc':46,279,308 'harden':256,542 'host':1122 'http':974 'implement':497 'import':87,131 'incid':431,1111 'includ':14,234,265,322,350,463 'index':93,213 'insight':988 'instal':163,165 'integr':27,65,413,425,1104,1174 'investig':242,433,1153 'ip':370,628 'issu':227,489 'javascript':1094 'knowledg':7 'l118':391 'l119':417 'l119-l129':416 'l120':107 'l129':418 'l130':445 'l130-l135':444 'l135':446 'l35':106 'l35-l120':105 'l37':219 'l37-l42':218 'l42':220 'l43':248 'l43-l51':247 'l51':249 'l52':277 'l52-l58':276 'l58':278 'l59':305 'l59-l63':304 'l63':306 'l64':336 'l64-l68':335 'l68':337 'l69':363 'l69-l76':362 'l76':364 'l77':390 'l77-l118':389 'latest':148 'layer':326 'learn':191,205 'learn-agent-skil':190,204 'learn.microsoft.com':481,491,505,516,526,538,549,565,576,586,604,622,636,647,658,667,681,692,703,715,727,740,751,763,775,786,800,812,823,835,847,858,869,879,889,899,909,921,935,946,959,971,982,991,1002,1013,1027,1038,1049,1059,1070,1080,1091,1102,1117,1129,1140,1151,1161,1172,1182,1196,1208,1218 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/automated-detection-response-with-sentinel':1116 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/captcha-challenge':680 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/protect-api-hosted-apim-by-waf':1128 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/protect-azure-open-ai':1139 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-faq':480 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-best-practices':504 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-custom-response-code':691 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction':635 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules':702 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules-powershell':714 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-drs':646 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion':657 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion-configure':726 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-geo-filtering':739 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-monitor':750 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-policy-configure-bot-protection':762 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-policy-settings':774 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit':785 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit-configure':799 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-tuning':515 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-tutorial-geo-filtering':811 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-sensitive-data-protection-configure-frontdoor':822 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-sensitive-data-protection-frontdoor':834 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules':846 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-cli':857 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-portal':868 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-powershell':878 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-configuration':888 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-faq':490 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-metrics':898 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits':621 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/associate-waf-policy-existing-gateway':908 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/best-practices':525 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection':920 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/configure-custom-response-code':934 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/configure-waf-custom-rules':945 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/create-custom-waf-rules':958 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/create-waf-policy-ag':970 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/ddos-ruleset':981 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/insights':990 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/log-analytics':1150 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/migrate-policy':564 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/per-site-policies':1001 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/policy-overview':1012 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/quick-create-bicep':1195 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/quick-create-template':1207 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/rate-limiting-configure':1026 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/rate-limiting-overview':1037 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/upgrade-ag-waf-policy':575 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/upgrade-ruleset-version':1048 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection':1058 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection-configure':1069 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-logs':1079 'learn.microsoft.com/en-us/azure/web-application-firewall/geomatch-custom-rules-examples':537 'learn.microsoft.com/en-us/azure/web-application-firewall/quickstart-web-application-firewall-terraform':1217 'learn.microsoft.com/en-us/azure/web-application-firewall/ruleset-support-policy':585 'learn.microsoft.com/en-us/azure/web-application-firewall/secure-web-application-firewall':548 'learn.microsoft.com/en-us/azure/web-application-firewall/shared/application-ddos-protection':603 'learn.microsoft.com/en-us/azure/web-application-firewall/shared/manage-policies':1090 'learn.microsoft.com/en-us/azure/web-application-firewall/shared/waf-azure-policy':666 'learn.microsoft.com/en-us/azure/web-application-firewall/waf-copilot':1160 'learn.microsoft.com/en-us/azure/web-application-firewall/waf-javascript-challenge':1101 'learn.microsoft.com/en-us/azure/web-application-firewall/waf-new-threat-detection':1171 'learn.microsoft.com/en-us/azure/web-application-firewall/waf-sentinel':1181 'legaci':286 'level':772 'limit':23,61,333,346,403,606,617,779,794,1018,1031 'line':102,114,215 'link':119,128 'list':378,652,884 'local':72 'locat':96 'log':244,426,745,815,833,1057,1064,1075,1146,1148,1177 'logging/scrubbing':408 'make':19,57,275,552 'manag':299,373,583,712,1074,1082,1089 'markdown':195,211 'max':351 'mcp':154,181 'metadata.generated':135 'metric':897 'microsoft':183,1114,1179 'microsoftdoc':155,182 'migrat':284,555 'mitig':1098 'monitor':743 'month':141 'network':173 'new':1164 'old':142 'openai':438,1133 'page':929 'paramet':466 'pattern':22,29,60,67,303,332,415,590,1106 'per':995 'per-sit':994 'plan':281,567 'polici':292,387,399,563,574,665,771,780,808,903,965,998,1008,1084 'policy-level':770 'portal':867 'posit':236 'powershel':810,877,944,1000 'practic':17,55,246,251,330,494,499,520 'prefer':179 'protect':325,436,596,757,828,913,1054,1119 'provid':44 'provis':451,1210 'pull':146 'queri':187,201 'question':479 'quick':74 'quick-refer':73 'quota':24,62,334,607 'rang':103 'rate':402,778,793,1017,1030 'rate-limit':792,1016 'read':109,124 'refer':75,129,837 'relev':97 'remot':78 'repositori':152 'request':238,340,612 'requir':172,464 'resist':313 'resolv':473,483 'resourc':465 'respons':412,432,686,926,1112 'restrict':629 'return':194,210 'rule':239,266,270,372,375,401,512,531,630,644,697,713,721,733,795,845,853,864,875,914,941,954,1020 'ruleset':300,584,976,1042 'safe':358 'scope':1006 'scrub':816,1065 'section':98 'secur':25,63,273,361,369,536,540,624,1131,1158 'security.md':121,122 'sensit':826,1052 'sentinel':1115,1170,1180 'sentinel/log':428 'servic':424 'set':353,382,717,773,1061 'site':996 'size':345,352,616 'skill':41,43,86,171,193,207 'skill-azure-web-application-firewall' 'source-microsoftdocs' 'specifi':113 'strengthen':533 'string':188,202 'structur':469 'suggest':143,160 'templat':460,1206 'terraform':462,1216 'text/markdown':209 'threat':1166 'tool':156 'topic':471,495,553,591,608,625,670,1107,1185 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'traffic':323 'troubleshoot':15,53,217,470 'tune':240,254,267,507,790 'understand':638,1004 'upgrad':568,580,1040 'upload':344,615 'url':472,496,554,592,609,626,671,1108,1186 'use':32,84,90,108,123,180,197,316,419,457,663,854,984,1093,1135,1167,1193 'user':145,162 'v2':456,939,952,1025,1192,1203,1214 'version':149,1043 'via':439,1204 'waf':226,243,258,287,291,298,318,339,368,381,394,420,442,455,478,488,503,511,524,530,559,570,573,582,599,611,634,640,650,661,679,690,696,709,719,738,749,761,769,784,791,807,821,832,841,852,863,874,882,896,902,919,933,938,951,964,980,987,997,1007,1024,1036,1047,1056,1063,1078,1083,1100,1110,1127,1138,1145,1155,1168,1176,1191,1202,1213 'web':3,10,38,49,314,534,544,1165 'webpag':199","prices":[{"id":"0871ecb4-f4a6-4347-8a71-8f2b2e6bc300","listingId":"93c8d020-3205-4339-a32d-a2f30b7abbef","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T22:00:29.243Z"}],"sources":[{"listingId":"93c8d020-3205-4339-a32d-a2f30b7abbef","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-web-application-firewall","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-web-application-firewall","isPrimary":false,"firstSeenAt":"2026-04-18T22:00:29.243Z","lastSeenAt":"2026-05-18T18:54:01.275Z"}],"details":{"listingId":"93c8d020-3205-4339-a32d-a2f30b7abbef","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-web-application-firewall","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":549,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-05-17T02:50:05Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"435aa85b584282d154e4da42b5170dbefd965084","skill_md_path":"skills/azure-web-application-firewall/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-web-application-firewall"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-web-application-firewall","description":"Expert knowledge for Azure Web Application Firewall development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring Front Door/App Gateway WAF rules, rate limits, geo/IP filters, bot/CAPTCHA, or Sentinel logging, and other Azure Web Application Firewall related development tasks. Not for Azure Application Gateway (use azure-application-gateway), Azure Front Door (use azure-front-door), Azure Firewall (use azure-firewall), Azure DDos Protection (use azure-ddos-protection).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-web-application-firewall"},"updatedAt":"2026-05-18T18:54:01.275Z"}}