Forum Discussion
Chris_321
Feb 08, 2023Copper Contributor
I don't understand the two WAF Mode
I have read the documentation on the two types of Waf (Detection and Prevention). Detection mode: Monitor and log all threat alerts. Enable logging diagnostics for Application Gateway in the Diagnos...
keenanbrooks
Feb 10, 2023Brass Contributor
Hi Chris,
The score can be seen within the logs from your application gateway, but essentially it's only going to show as blocked if it hits a total score of 5, use the below for reference:
https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview#anomaly-scoring-mode
We have our rules set to 'Anomaly Score' and we have not had any issues yet...
The query below can be used for you to review logs from your WAF from the application gateway:
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayFirewallLog"
Thanks
The score can be seen within the logs from your application gateway, but essentially it's only going to show as blocked if it hits a total score of 5, use the below for reference:
https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview#anomaly-scoring-mode
We have our rules set to 'Anomaly Score' and we have not had any issues yet...
The query below can be used for you to review logs from your WAF from the application gateway:
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayFirewallLog"
Thanks