Enable and use the latest Default Ruleset and Bot Manager Ruleset

Implementation Effort: Medium

User Impact: Low

Overview

After associating your WAF policy with Front Door or Application Gateway, enable the Default Rule Set (DRS) 2.1 to block OWASP Top Ten threats and vulnerabilities — such as SQL injection, cross-site scripting, and path traversal attacks. Assign the Bot Manager 1.1 rule group to detect and prevent malicious bot traffic.

Monitor WAF logs in Azure Monitor or built-in workbooks to identify false positives and refine your exclusions. Once you have validated your tuning, you can switch your log action to Prevention mode to actively block malicious requests.

These managed rule groups are available for both Azure Front Door and Application Gateway, ensuring consistent, automated defenses across your global and regional WAF deployments.

Reference

• Web Application Firewall DRS and CRS rule groups and rules
• Configure bot protection for Web Application Firewall on Azure Application Gateway
• Tune Azure Web Application Firewall for Azure Front Door
• Best practices for Azure Web Application Firewall (WAF) on Azure Application Gateway