How to effectively tune Azure WAF without exhausting too many resources

Jyotirmoy Pan 0 Reputation points
2024-11-07T15:32:30.6733333+00:00

We have Azure WAF rules in prevention mode in both Azure Front Door and APIM gateway. We are facing this issue for a long term due to so many false positives blocking requests from our end users, frustrating us and users as there is no predictive pattern.

In the past the same question has been asked and the answer is to tune WAF and keep adding to exclusion list. However, on an enterprise scale this is not easy to achieve. For example, we have approximately 0K WAF blocks. Out of these 99% seem to be rightly prevented but 1% or about 100 requests are false positives. Now we then need a dedicated team just to go through these 100 requests and add them to exclusion lists. This is both exhausting and time consuming and non-sustainable.

We would like to understand if there are any solutions that can actually provide us a list of false positives and add them to exclusion lists with single point approvals instead of the entire process being manual. If not, how is Microsoft envisaging enterprises to manage this? We would need some guidance on the best practices as this has been one of our biggest pain areas around improving end user experience.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,172 questions
Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
692 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
680 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.