Update WAF rules and support information #127733
Conversation
Aligning FAQ documentation with CRS/DRS Ruleset that outlines that CRS 3.0 is no longer supported; DRS2.1 and CRS3.2 are recommended as the latest available versions, with all available features
prmerger-automator
bot
requested review from
AbdullahBell,
cherylmc and
halkazwini
|
@BrandynR-MSFT : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
@BrandynR-MSFT : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
Learn Build status updates of commit afc5147:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| articles/web-application-firewall/ag/application-gateway-waf-faq.yml | Details |
articles/web-application-firewall/ag/application-gateway-waf-faq.yml
- Line 47, Column 61: [Warning: bookmark-not-found - See documentation]
Cannot find bookmark '#drs-21' in 'articles/web-application-firewall/ag/application-gateway-crs-rulegroups-rules.md', did you mean '#drs21'?
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
There was a problem hiding this comment.
Pull Request Overview
Updates the Web Application Firewall (WAF) FAQ documentation to reflect current support for rule sets. The update removes CRS 3.0 from supported versions and adds DRS 2.1 as a recommended option.
- Removes CRS 3.0 from the list of currently supported rule sets
- Adds DRS 2.1 as a supported rule set option
- Updates deprecation notice to include CRS 3.0 alongside CRS 2.2.9
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
Can you review the proposed changes? Important: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
prmerger-automator
bot
added
the
aq-pr-triaged
| What rules are currently available for the WAF? | ||
| answer: | | ||
| The WAF currently supports Core Rule Set (CRS) [3.2](application-gateway-crs-rulegroups-rules.md#owasp32), [3.1](application-gateway-crs-rulegroups-rules.md#owasp31), and [3.0](application-gateway-crs-rulegroups-rules.md#owasp30). These rules provide baseline security against most of the top 10 vulnerabilities that Open Web Application Security Project (OWASP) identifies: | ||
| The WAF currently supports Default Rule Set (DRS) [2.1](application-gateway-crs-rulegroups-rules.md#drs-21), Core Rule Set (CRS) [3.2](application-gateway-crs-rulegroups-rules.md#owasp32), and [3.1](application-gateway-crs-rulegroups-rules.md#owasp31). These rules provide baseline security against most of the top 10 vulnerabilities that Open Web Application Security Project (OWASP) identifies: |
There was a problem hiding this comment.
| The WAF currently supports Default Rule Set (DRS) [2.1](application-gateway-crs-rulegroups-rules.md#drs-21), Core Rule Set (CRS) [3.2](application-gateway-crs-rulegroups-rules.md#owasp32), and [3.1](application-gateway-crs-rulegroups-rules.md#owasp31). These rules provide baseline security against most of the top 10 vulnerabilities that Open Web Application Security Project (OWASP) identifies: | |
| The WAF currently supports Default Rule Set (DRS) [2.1](application-gateway-crs-rulegroups-rules.md#drs21), Core Rule Set (CRS) [3.2](application-gateway-crs-rulegroups-rules.md#owasp32), and [3.1](application-gateway-crs-rulegroups-rules.md#owasp31). These rules provide baseline security against most of the top 10 vulnerabilities that Open Web Application Security Project (OWASP) identifies: |
| For more information, see the [OWASP top 10 vulnerabilities](https://owasp.org/www-project-top-ten/). | ||
| CRS 2.2.9 is no longer supported for new WAF policies. We recommend that you upgrade to the latest CRS version. You can't use CRS 2.2.9 along with CRS 3.2/DRS 2.1 and later versions. | ||
| CRS 2.2.9 and 3.0 are no longer supported for new WAF policies. We recommend that you upgrade to the latest CRS or DRS version. You can't use CRS 2.2.9 along with CRS 3.2/DRS 2.1 and later versions. |
There was a problem hiding this comment.
| CRS 2.2.9 and 3.0 are no longer supported for new WAF policies. We recommend that you upgrade to the latest CRS or DRS version. You can't use CRS 2.2.9 along with CRS 3.2/DRS 2.1 and later versions. | |
| CRS 2.2.9 and 3.0 are no longer supported for new WAF policies. We recommend that you [upgrade to the latest DRS version](/azure/web-application-firewall/ag/upgrade-ruleset-version). You can't use CRS 2.2.9 along with CRS 3.2/DRS 2.1 and later versions. |
There was a problem hiding this comment.
Thank you for your contribution, @BrandynR-MSFT!
Please commit these two small changes.
|
@BrandynR-MSFT - Can you respond to the requested changes or let us know if you would like us to commit them?
@halkazwini - When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
3 participants
Aligning FAQ documentation with CRS/DRS Ruleset that outlines that CRS 3.0 is no longer supported; DRS2.1 and CRS3.2 are recommended as the latest available versions, with all available features