주요 콘텐츠로 건너뛰기

Enable and configure Custom Rules for Rate Limit, JS Challenge(preview) and CAPTCHA(preview)

Implementation Effort: Medium

User Impact: Low

Overview

Use custom WAF rules to augment the core rule set (CRS) and address specific needs with precision—such as blocking traffic from certain countries, rate-limiting on sensitive paths, or matching on particular HTTP headers or query parameters. In both Azure Front Door and Application Gateway WAF policies, navigate to Custom rules, define your match conditions (for example, RemoteAddr within a set of country IP ranges for geo-blocking, or a request rate threshold on a given URI), and then select the action: Block, Allow, or Log.

For interactive challenges, you can choose JavaScript Challenge (supported in both Azure Front Door and Application Gateway) or CAPTCHA (Azure Front Door ) to verify genuine users. This approach lets you tailor your WAF policy to your application’s unique requirements while ensuring a balance between security and user experience.

Reference