MicrosoftWe are migrating from one generic WAF config to an application specific WAF Policy, as we have a bunch of rules disabled which we dont need disabled for other applications. This improves our security and enables us to do more fine grained blocking.
I must say, the whole policy part is supported, but is not totally done in the Application Gateway. If you activate a WAF policy rule for an application, that one becomes the default for the gateway. The notification you get when linking it is a bit vague and doesnt explain if you get any downtime when saving or what is being done to the previous default. The Application Gateway will then state that policy is used for everything, which is not the case if you have multiple. Microsoft could improve on the UI here. At the end though this does work fine, and there seems to be no downtime. The settings, when viewed from the policies, are correct.
