Azure – You can now define exclusion lists in your WAF with Azure Front Door

You may already know that Azure offers a Web Application Firewall capability.

Until now, you were not able to define request attributes exclusions list to be omitted from the WAF evaluation process.

Well, good news, this is now possible.

The attribute supported for the exclusion:

  • request header,
  • cookie,
  • query string,
  • post args

To define your exclusions, you can use either PowerShell, Azure Cli or the administration portal.

PowerShell command

New-AzFrontDoorWafManagedRuleExclusionObject –Variable <RequestHeaderNames, RequestCookieNames, QueryStringArgNames or RequestBodyPostArgNames>  -Operator <operator – like equals, equalsany…> –Selector <pattern to match if the operator is not equalsany>

From the portal

Access the WAF you want to configure the exclusion and then access the Managed Rules blade, available under the Settings section


There you can click on Manage exclusion available in the toolbar


And then you can define your exclusion rule


Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies