{"id":"93c8d020-3205-4339-a32d-a2f30b7abbef","shortId":"9F9ekz","kind":"skill","title":"azure-web-application-firewall","tagline":"Expert knowledge for Azure Web Application Firewall development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring Front Door/Ap","description":"# Azure Web Application Firewall Skill\n\nThis skill provides expert guidance for Azure Web Application Firewall. Covers troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Troubleshooting | L37-L43 | Diagnosing and fixing common Azure WAF issues on Front Door and Application Gateway, including false positives, blocked requests, rule tuning, and investigating WAF logs. |\n| Best Practices | L44-L52 | Best practices for configuring, tuning, and hardening Azure WAF on Front Door and Application Gateway, including rule tuning, exclusions, geomatch rules, and deployment security. |\n| Decision Making | L53-L59 | Guidance on planning and executing migration from legacy WAF configs to full WAF policies, and choosing/upgrading the appropriate Azure WAF managed rulesets. |\n| Architecture & Design Patterns | L60-L64 | Architectural guidance for designing DDoS-resistant web apps using Azure WAF with Front Door, including traffic flow, protection layers, and best-practice deployment patterns. |\n| Limits & Quotas | L65-L69 | Configuring WAF request body and file upload size limits on Application Gateway, including max size settings, constraints, and how to safely adjust them. |\n| Security | L70-L76 | Details on WAF security rules (Front Door DRS), bot protection on Application Gateway, and enforcing WAF configurations and governance using Azure Policy. |\n| Configuration | L77-L123 | Configuring Azure WAF (Front Door & App Gateway): policies, custom/managed rules, rate limiting, geo/IP filters, bot/CAPTCHA, exclusions, logging/scrubbing, and custom block responses. |\n| Integrations & Coding Patterns | L124-L134 | Using WAF with other Azure services: integrating logs with Sentinel/Log Analytics, automating incident response, investigating events, and protecting APIM/Azure OpenAI via Front Door WAF. |\n| Deployment | L135-L140 | How to deploy and provision Azure Application Gateway WAF v2 using Bicep, ARM templates, or Terraform, including required resources, parameters, and configuration structure. |\n\n### Troubleshooting\n| Topic | URL |\n|-------|-----|\n| Resolve common Azure Front Door WAF questions | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-faq |\n| Resolve common Azure Application Gateway WAF issues | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-faq |\n| Troubleshoot Azure Application Gateway WAF blocking issues | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-troubleshoot |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Implement best practices for Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-best-practices |\n| Tune Azure Front Door WAF rules and exclusions | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-tuning |\n| Apply best practices for Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/best-practices |\n| Apply geomatch WAF rules to strengthen web app security | https://learn.microsoft.com/en-us/azure/web-application-firewall/geomatch-custom-rules-examples |\n| Secure and harden Azure Web Application Firewall deployments | https://learn.microsoft.com/en-us/azure/web-application-firewall/secure-web-application-firewall |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Migrate Azure Application Gateway WAF configs to full policies | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/migrate-policy |\n| Plan upgrade from WAF configuration to WAF policy | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/upgrade-ag-waf-policy |\n| Choose and upgrade Azure WAF managed rulesets | https://learn.microsoft.com/en-us/azure/web-application-firewall/ruleset-support-policy |\n\n### Architecture & Design Patterns\n| Topic | URL |\n|-------|-----|\n| Design application DDoS protection with Azure WAF and Front Door | https://learn.microsoft.com/en-us/azure/web-application-firewall/shared/application-ddos-protection |\n\n### Limits & Quotas\n| Topic | URL |\n|-------|-----|\n| Configure WAF request and file upload size limits on Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Understand Azure WAF Front Door DRS rule groups | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-drs |\n| Understand bot protection capabilities on Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection-overview |\n| Enforce WAF governance using Azure Policy | https://learn.microsoft.com/en-us/azure/web-application-firewall/shared/waf-azure-policy |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Configure CAPTCHA challenges in Azure Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/captcha-challenge |\n| Configure custom block responses for Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-custom-response-code |\n| Configure IP restriction rules in Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction |\n| Create and attach a WAF policy in Azure Front Door | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-create-portal |\n| Define custom WAF rules for Azure Front Door | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules |\n| Configure Azure Front Door WAF custom and managed rules | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules-powershell |\n| Configure exclusion lists for Front Door WAF policies | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion |\n| Set up WAF exclusion rules on Azure Front Door | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion-configure |\n| Configure geo-filtering rules in Azure Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-geo-filtering |\n| Configure monitoring and logging for Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-monitor |\n| Enable and configure bot protection in Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-policy-configure-bot-protection |\n| Configure Azure Front Door WAF policy-level settings | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-policy-settings |\n| Configure rate limiting policies in Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit |\n| Create and tune WAF rate-limit rules on Front Door | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit-configure |\n| Create a geo-filtering WAF policy with PowerShell | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-tutorial-geo-filtering |\n| Configure log scrubbing on Azure Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-sensitive-data-protection-configure-frontdoor |\n| Enable sensitive data protection for Front Door WAF logs | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-sensitive-data-protection-frontdoor |\n| Reference for Application Gateway WAF CRS and DRS rules | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules |\n| Customize Application Gateway WAF rules using Azure CLI | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-cli |\n| Customize Application Gateway WAF rules in Azure portal | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-portal |\n| Customize Application Gateway WAF rules with PowerShell | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-powershell |\n| Configure WAF exclusion lists on Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-configuration |\n| Configure and analyze Application Gateway WAF metrics | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-metrics |\n| Associate WAF policies with existing Application Gateways | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/associate-waf-policy-existing-gateway |\n| Configure bot protection rules for Azure Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection |\n| Configure custom block response codes and pages for Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/configure-custom-response-code |\n| Create WAF v2 custom rules with Azure PowerShell | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/configure-waf-custom-rules |\n| Design and apply WAF v2 custom rules on Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/create-custom-waf-rules |\n| Create and attach WAF policies to Azure Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/create-waf-policy-ag |\n| Overview of WAF v2 custom rules on Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview |\n| Configure HTTP DDoS ruleset for Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/ddos-ruleset |\n| Configure geomatch custom rules for Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/geomatch-custom-rules |\n| Use Application Gateway WAF Insights dashboards | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/insights |\n| Configure per-site WAF policies with PowerShell | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/per-site-policies |\n| Understand and scope WAF policies on Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/policy-overview |\n| Create rate-limiting custom rules for Application Gateway WAF v2 | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/rate-limiting-configure |\n| Configure rate limiting for Azure Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/rate-limiting-overview |\n| Upgrade CRS/DRS ruleset versions on Application Gateway WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/upgrade-ruleset-version |\n| Configure sensitive data protection in WAF logs | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection |\n| Set up WAF log scrubbing on Application Gateway | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection-configure |\n| Enable and manage logging for Azure WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-logs |\n| Manage WAF policies centrally with Azure Firewall Manager | https://learn.microsoft.com/en-us/azure/web-application-firewall/shared/manage-policies |\n| Use JavaScript challenge for bot mitigation in WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/waf-javascript-challenge |\n\n### Integrations & Coding Patterns\n| Topic | URL |\n|-------|-----|\n| Automate WAF incident response with Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/automated-detection-response-with-sentinel |\n| Protect APIM-hosted APIs with Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/protect-api-hosted-apim-by-waf |\n| Secure Azure OpenAI endpoints using Front Door WAF | https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/protect-azure-open-ai |\n| Analyze Application Gateway WAF logs with Log Analytics | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/log-analytics |\n| Investigate Azure WAF events with Security Copilot | https://learn.microsoft.com/en-us/azure/web-application-firewall/waf-copilot |\n| Detect new web threats using WAF and Sentinel | https://learn.microsoft.com/en-us/azure/web-application-firewall/waf-new-threat-detection |\n| Integrate Azure WAF logs with Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/web-application-firewall/waf-sentinel |\n\n### Deployment\n| Topic | URL |\n|-------|-----|\n| Deploy Azure Application Gateway WAF v2 using Bicep | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/quick-create-bicep |\n| Deploy Azure Application Gateway WAF v2 via ARM template | https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/quick-create-template |\n| Provision Application Gateway WAF v2 with Terraform | https://learn.microsoft.com/en-us/azure/web-application-firewall/quickstart-web-application-firewall-terraform |","tags":["azure","web","application","firewall","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding"],"capabilities":["skill","source-microsoftdocs","skill-azure-web-application-firewall","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-web-application-firewall","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.698","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 497 github stars · SKILL.md body (14,549 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T00:53:39.744Z","embedding":null,"createdAt":"2026-04-18T22:00:29.243Z","updatedAt":"2026-04-22T00:53:39.744Z","lastSeenAt":"2026-04-22T00:53:39.744Z","tsv":"'/en-us/azure/web-application-firewall/afds/automated-detection-response-with-sentinel':1174 '/en-us/azure/web-application-firewall/afds/captcha-challenge':680 '/en-us/azure/web-application-firewall/afds/protect-api-hosted-apim-by-waf':1186 '/en-us/azure/web-application-firewall/afds/protect-azure-open-ai':1197 '/en-us/azure/web-application-firewall/afds/waf-faq':481 '/en-us/azure/web-application-firewall/afds/waf-front-door-best-practices':515 '/en-us/azure/web-application-firewall/afds/waf-front-door-configure-custom-response-code':691 '/en-us/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction':702 '/en-us/azure/web-application-firewall/afds/waf-front-door-create-portal':715 '/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules':726 '/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules-powershell':738 '/en-us/azure/web-application-firewall/afds/waf-front-door-drs':646 '/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion':749 '/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion-configure':761 '/en-us/azure/web-application-firewall/afds/waf-front-door-geo-filtering':774 '/en-us/azure/web-application-firewall/afds/waf-front-door-monitor':785 '/en-us/azure/web-application-firewall/afds/waf-front-door-policy-configure-bot-protection':797 '/en-us/azure/web-application-firewall/afds/waf-front-door-policy-settings':809 '/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit':820 '/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit-configure':834 '/en-us/azure/web-application-firewall/afds/waf-front-door-tuning':526 '/en-us/azure/web-application-firewall/afds/waf-front-door-tutorial-geo-filtering':846 '/en-us/azure/web-application-firewall/afds/waf-sensitive-data-protection-configure-frontdoor':857 '/en-us/azure/web-application-firewall/afds/waf-sensitive-data-protection-frontdoor':869 '/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules':881 '/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-cli':892 '/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-portal':903 '/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-powershell':913 '/en-us/azure/web-application-firewall/ag/application-gateway-waf-configuration':923 '/en-us/azure/web-application-firewall/ag/application-gateway-waf-faq':491 '/en-us/azure/web-application-firewall/ag/application-gateway-waf-metrics':933 '/en-us/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits':632 '/en-us/azure/web-application-firewall/ag/associate-waf-policy-existing-gateway':943 '/en-us/azure/web-application-firewall/ag/best-practices':536 '/en-us/azure/web-application-firewall/ag/bot-protection':955 '/en-us/azure/web-application-firewall/ag/bot-protection-overview':657 '/en-us/azure/web-application-firewall/ag/configure-custom-response-code':969 '/en-us/azure/web-application-firewall/ag/configure-waf-custom-rules':980 '/en-us/azure/web-application-firewall/ag/create-custom-waf-rules':993 '/en-us/azure/web-application-firewall/ag/create-waf-policy-ag':1005 '/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview':1017 '/en-us/azure/web-application-firewall/ag/ddos-ruleset':1028 '/en-us/azure/web-application-firewall/ag/geomatch-custom-rules':1039 '/en-us/azure/web-application-firewall/ag/insights':1048 '/en-us/azure/web-application-firewall/ag/log-analytics':1208 '/en-us/azure/web-application-firewall/ag/migrate-policy':575 '/en-us/azure/web-application-firewall/ag/per-site-policies':1059 '/en-us/azure/web-application-firewall/ag/policy-overview':1070 '/en-us/azure/web-application-firewall/ag/quick-create-bicep':1253 '/en-us/azure/web-application-firewall/ag/quick-create-template':1265 '/en-us/azure/web-application-firewall/ag/rate-limiting-configure':1084 '/en-us/azure/web-application-firewall/ag/rate-limiting-overview':1095 '/en-us/azure/web-application-firewall/ag/upgrade-ag-waf-policy':586 '/en-us/azure/web-application-firewall/ag/upgrade-ruleset-version':1106 '/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection':1116 '/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection-configure':1127 '/en-us/azure/web-application-firewall/ag/web-application-firewall-logs':1137 '/en-us/azure/web-application-firewall/ag/web-application-firewall-troubleshoot':501 '/en-us/azure/web-application-firewall/geomatch-custom-rules-examples':548 '/en-us/azure/web-application-firewall/quickstart-web-application-firewall-terraform':1275 '/en-us/azure/web-application-firewall/ruleset-support-policy':596 '/en-us/azure/web-application-firewall/secure-web-application-firewall':559 '/en-us/azure/web-application-firewall/shared/application-ddos-protection':614 '/en-us/azure/web-application-firewall/shared/manage-policies':1148 '/en-us/azure/web-application-firewall/shared/waf-azure-policy':666 '/en-us/azure/web-application-firewall/waf-copilot':1218 '/en-us/azure/web-application-firewall/waf-javascript-challenge':1159 '/en-us/azure/web-application-firewall/waf-new-threat-detection':1229 '/en-us/azure/web-application-firewall/waf-sentinel':1239 '/microsoftdocs/mcp/blob/main/readme.md)':169 '3':140 'accept':208 'access':174 'adjust':359 'agent':89,133,192,206 'analyt':428,1205 'analyz':926,1198 'api':1179 'apim':1177 'apim-host':1176 'apim/azure':436 'app':315,396,544 'appli':527,537,983 'applic':4,11,39,50,232,263,348,376,452,485,494,531,554,566,603,628,652,872,883,894,905,919,927,939,950,964,989,1001,1013,1023,1034,1041,1066,1078,1090,1101,1123,1199,1245,1256,1267 'appropri':296 'architectur':20,58,301,307,597 'arm':458,1261 'associ':934 'attach':705,996 'autom':429,1165 'avail':159 'azur':2,9,37,48,225,257,297,317,385,392,422,451,474,484,493,517,552,565,590,607,637,662,674,710,721,728,756,768,799,851,888,899,949,976,1000,1089,1133,1143,1188,1210,1231,1244,1255 'azure-web-application-firewal':1 'best':16,54,245,250,329,502,507,528 'best-practic':328 'bicep':457,1250 'block':237,410,497,683,958 'bodi':341 'bot':373,648,789,945,1153 'bot/captcha':405 'capabl':81,650 'captcha':671 'categori':92,100,116,212,214 'central':1141 'challeng':672,1151 'choos':587 'choosing/upgrading':294 'cli':889 'code':28,66,413,960,1161 'combin':71 'common':224,473,483 'config':288,569 'configur':26,34,64,253,338,381,387,391,467,580,619,667,670,681,692,727,739,762,775,788,798,810,847,914,924,944,956,1018,1029,1049,1085,1107 'constraint':354 'content':76,178 'copilot':1215 'cover':52 'creat':703,821,835,970,994,1071 'crs':875 'crs/drs':1097 'custom':409,682,717,732,882,893,904,957,973,986,1010,1031,1075 'custom/managed':399 'dashboard':1045 'data':860,1109 'ddos':312,604,1020 'ddos-resist':311 'decis':18,56,274,560 'defin':716 'deploy':31,69,272,331,442,448,556,1240,1243,1254 'descript':216 'design':21,59,302,310,598,602,981 'detail':365 'detect':1219 'develop':13 'diagnos':221 'doc':184 'document':79,177 'door':230,261,321,371,395,440,476,511,519,611,640,676,687,698,712,723,730,744,758,770,781,793,801,816,831,853,864,1182,1193 'door/ap':36 'drs':372,641,877 'e.g':104,120 'enabl':786,858,1128 'endpoint':1190 'enforc':379,658 'event':433,1212 'exclus':268,406,523,740,753,916 'execut':283 'exist':938 'expert':6,45 'fallback':196 'fals':235 'fetch':80,176,185,198 'file':110,118,125,130,343,623 'filter':404,765,839 'firewal':5,12,40,51,555,1144 'fix':223 'flow':324 'front':35,229,260,320,370,394,439,475,510,518,610,639,675,686,697,711,722,729,743,757,769,780,792,800,815,830,852,863,1181,1192 'full':290,571 'gateway':233,264,349,377,397,453,486,495,532,567,629,653,873,884,895,906,920,928,940,951,965,990,1002,1014,1024,1035,1042,1067,1079,1091,1102,1124,1200,1246,1257,1268 'geo':764,838 'geo-filt':763,837 'geo/ip':403 'geomatch':269,538,1030 'github.com':168 'github.com/microsoftdocs/mcp/blob/main/readme.md)':167 'govern':383,660 'group':643 'guid':166 'guidanc':46,279,308 'harden':256,551 'host':1178 'http':1019 'implement':506 'import':87,131 'incid':430,1167 'includ':14,234,265,322,350,462 'index':93,213 'insight':1044 'instal':163,165 'integr':27,65,412,424,1160,1230 'investig':242,432,1209 'ip':693 'issu':227,488,498 'javascript':1150 'knowledg':7 'l120':107 'l123':390 'l124':416 'l124-l134':415 'l134':417 'l135':444 'l135-l140':443 'l140':445 'l35':106 'l35-l120':105 'l37':219 'l37-l43':218 'l43':220 'l44':248 'l44-l52':247 'l52':249 'l53':277 'l53-l59':276 'l59':278 'l60':305 'l60-l64':304 'l64':306 'l65':336 'l65-l69':335 'l69':337 'l70':363 'l70-l76':362 'l76':364 'l77':389 'l77-l123':388 'latest':148 'layer':326 'learn':191,205 'learn-agent-skil':190,204 'learn.microsoft.com':480,490,500,514,525,535,547,558,574,585,595,613,631,645,656,665,679,690,701,714,725,737,748,760,773,784,796,808,819,833,845,856,868,880,891,902,912,922,932,942,954,968,979,992,1004,1016,1027,1038,1047,1058,1069,1083,1094,1105,1115,1126,1136,1147,1158,1173,1185,1196,1207,1217,1228,1238,1252,1264,1274 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/automated-detection-response-with-sentinel':1172 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/captcha-challenge':678 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/protect-api-hosted-apim-by-waf':1184 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/protect-azure-open-ai':1195 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-faq':479 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-best-practices':513 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-custom-response-code':689 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction':700 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-create-portal':713 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules':724 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules-powershell':736 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-drs':644 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion':747 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-exclusion-configure':759 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-geo-filtering':772 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-monitor':783 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-policy-configure-bot-protection':795 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-policy-settings':807 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit':818 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit-configure':832 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-tuning':524 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-tutorial-geo-filtering':844 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-sensitive-data-protection-configure-frontdoor':855 'learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-sensitive-data-protection-frontdoor':867 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules':879 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-cli':890 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-portal':901 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-powershell':911 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-configuration':921 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-faq':489 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-metrics':931 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits':630 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/associate-waf-policy-existing-gateway':941 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/best-practices':534 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection':953 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection-overview':655 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/configure-custom-response-code':967 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/configure-waf-custom-rules':978 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/create-custom-waf-rules':991 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/create-waf-policy-ag':1003 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview':1015 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/ddos-ruleset':1026 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/geomatch-custom-rules':1037 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/insights':1046 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/log-analytics':1206 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/migrate-policy':573 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/per-site-policies':1057 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/policy-overview':1068 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/quick-create-bicep':1251 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/quick-create-template':1263 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/rate-limiting-configure':1082 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/rate-limiting-overview':1093 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/upgrade-ag-waf-policy':584 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/upgrade-ruleset-version':1104 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection':1114 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/waf-sensitive-data-protection-configure':1125 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-logs':1135 'learn.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-troubleshoot':499 'learn.microsoft.com/en-us/azure/web-application-firewall/geomatch-custom-rules-examples':546 'learn.microsoft.com/en-us/azure/web-application-firewall/quickstart-web-application-firewall-terraform':1273 'learn.microsoft.com/en-us/azure/web-application-firewall/ruleset-support-policy':594 'learn.microsoft.com/en-us/azure/web-application-firewall/secure-web-application-firewall':557 'learn.microsoft.com/en-us/azure/web-application-firewall/shared/application-ddos-protection':612 'learn.microsoft.com/en-us/azure/web-application-firewall/shared/manage-policies':1146 'learn.microsoft.com/en-us/azure/web-application-firewall/shared/waf-azure-policy':664 'learn.microsoft.com/en-us/azure/web-application-firewall/waf-copilot':1216 'learn.microsoft.com/en-us/azure/web-application-firewall/waf-javascript-challenge':1157 'learn.microsoft.com/en-us/azure/web-application-firewall/waf-new-threat-detection':1227 'learn.microsoft.com/en-us/azure/web-application-firewall/waf-sentinel':1237 'legaci':286 'level':805 'limit':23,61,333,346,402,615,626,812,827,1074,1087 'line':102,114,215 'link':119,128 'list':741,917 'local':72 'locat':96 'log':244,425,778,848,866,1113,1120,1131,1202,1204,1233 'logging/scrubbing':407 'make':19,57,275,561 'manag':299,592,734,1130,1138,1145 'markdown':195,211 'max':351 'mcp':154,181 'metadata.generated':135 'metric':930 'microsoft':183,1170,1235 'microsoftdoc':155,182 'migrat':284,564 'mitig':1154 'monitor':776 'month':141 'network':173 'new':1220 'old':142 'openai':437,1189 'overview':1006 'page':962 'paramet':465 'pattern':22,29,60,67,303,332,414,599,1162 'per':1051 'per-sit':1050 'plan':281,576 'polici':292,386,398,572,583,663,708,746,804,813,841,936,998,1054,1064,1140 'policy-level':803 'portal':900 'posit':236 'powershel':843,910,977,1056 'practic':17,55,246,251,330,503,508,529 'prefer':179 'protect':325,374,435,605,649,790,861,946,1110,1175 'provid':44 'provis':450,1266 'pull':146 'queri':187,201 'question':478 'quick':74 'quick-refer':73 'quota':24,62,334,616 'rang':103 'rate':401,811,826,1073,1086 'rate-limit':825,1072 'read':109,124 'refer':75,129,870 'relev':97 'remot':78 'repositori':152 'request':238,340,621 'requir':172,463 'resist':313 'resolv':472,482 'resourc':464 'respons':411,431,684,959,1168 'restrict':694 'return':194,210 'rule':239,266,270,369,400,521,540,642,695,719,735,754,766,828,878,886,897,908,947,974,987,1011,1032,1076 'ruleset':300,593,1021,1098 'safe':358 'scope':1062 'scrub':849,1121 'section':98 'secur':25,63,273,361,368,545,549,633,1187,1214 'security.md':121,122 'sensit':859,1108 'sentinel':1171,1226,1236 'sentinel/log':427 'servic':423 'set':353,750,806,1117 'site':1052 'size':345,352,625 'skill':41,43,86,171,193,207 'skill-azure-web-application-firewall' 'source-microsoftdocs' 'specifi':113 'strengthen':542 'string':188,202 'structur':468 'suggest':143,160 'templat':459,1262 'terraform':461,1272 'text/markdown':209 'threat':1222 'tool':156 'topic':470,504,562,600,617,634,668,1163,1241 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'traffic':323 'troubleshoot':15,53,217,469,492 'tune':240,254,267,516,823 'understand':636,647,1060 'upgrad':577,589,1096 'upload':344,624 'url':471,505,563,601,618,635,669,1164,1242 'use':32,84,90,108,123,180,197,316,384,418,456,661,887,1040,1149,1191,1223,1249 'user':145,162 'v2':455,972,985,1009,1081,1248,1259,1270 'version':149,1099 'via':438,1260 'waf':226,243,258,287,291,298,318,339,367,380,393,419,441,454,477,487,496,512,520,533,539,568,579,582,591,608,620,638,654,659,677,688,699,707,718,731,745,752,771,782,794,802,817,824,840,854,865,874,885,896,907,915,929,935,952,966,971,984,997,1008,1025,1036,1043,1053,1063,1080,1092,1103,1112,1119,1134,1139,1156,1166,1183,1194,1201,1211,1224,1232,1247,1258,1269 'web':3,10,38,49,314,543,553,1221 'webpag':199","prices":[{"id":"0871ecb4-f4a6-4347-8a71-8f2b2e6bc300","listingId":"93c8d020-3205-4339-a32d-a2f30b7abbef","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T22:00:29.243Z"}],"sources":[{"listingId":"93c8d020-3205-4339-a32d-a2f30b7abbef","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-web-application-firewall","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-web-application-firewall","isPrimary":false,"firstSeenAt":"2026-04-18T22:00:29.243Z","lastSeenAt":"2026-04-22T00:53:39.744Z"}],"details":{"listingId":"93c8d020-3205-4339-a32d-a2f30b7abbef","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-web-application-firewall","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":497,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-04-19T02:43:40Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"a7ab13a6fc7ab6d1e0cf7d46aed9cee5a444a07f","skill_md_path":"skills/azure-web-application-firewall/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-web-application-firewall"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-web-application-firewall","description":"Expert knowledge for Azure Web Application Firewall development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring Front Door/App Gateway WAF rules, rate limits, bot/CAPTCHA, Sentinel logging, or IaC deployments, and other Azure Web Application Firewall related development tasks. Not for Azure Application Gateway (use azure-application-gateway), Azure Front Door (use azure-front-door), Azure Firewall (use azure-firewall), Azure DDos Protection (use azure-ddos-protection).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-web-application-firewall"},"updatedAt":"2026-04-22T00:53:39.744Z"}}