Use Front Door WAF policy in prevention mode

March 21, 2025 ยท View on GitHub

SYNOPSIS

Use protection mode in Front Door Web Application Firewall (WAF) policies to protect back end resources.

DESCRIPTION

Front Door WAF policies support two modes of operation, detection and prevention. By default, prevention is configured.

  • Detection - monitors and logs all requests which match a WAF rule. In this mode, the WAF doesn't take action against incoming requests. To log requests, diagnostics on the Front Door instance must be configured.
  • Protection - log and takes action against requests which match a WAF rule. The action to perform is configurable for each WAF rule.

RECOMMENDATION

Consider setting Front Door WAF policy to use protection mode.