Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
6.3.2. Rule Sets and Policies
Managed Rule Sets:
| Rule Set | Protection |
|---|---|
| OWASP CRS 3.2 | OWASP Top 10 attacks |
| Microsoft DRS | Microsoft threat intelligence |
| Bot Manager | Bot detection and mitigation |
Custom Rules: Create rules for specific requirements:
| Match Variable | Examples |
|---|---|
| RemoteAddr | Client IP ranges |
| RequestUri | URL patterns |
| RequestHeaders | Header values |
| RequestBody | POST data patterns |
WAF Policy: Policies group rule configurations:
- Mode (detection/prevention)
- Rule set selection
- Custom rules
- Exclusions
Associate policies with:
- Entire Application Gateway
- Specific listeners
- URL path rules
⚠️ Exam Trap: WAF policy changes take 1-2 minutes to propagate. Don't expect immediate effect.
Written byAlvin Varughese
Founder•15 professional certifications