Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
When you enable the Web Application Firewall (WAF) for your Power Pages site, a subset of Azure managed rules relevant to Power Pages are turned on by default. For more information on rules and rule groups, see Web Application Firewall DRS rule groups and rules.
Prerequisites
- You must be an admin to configure custom rules.
- Web Application Firewall must be enabled for the site.
- You can't configure Web Application Firewall managed rules in Government Community Cloud (GCC), Government Community Cloud (GCC High), Department of Defense (DoD), China, and the UAE region.
Enable or disable managed rules in WAF for Power Pages sites
If your site has advanced customizations, certain rules can inadvertently block valid requests. Review the WAF logs and disable the required rules.
To enable or disable managed rules:
Navigate to the Security workspace.
Select Web Application Firewall.
On the right, select the Managed rules tab.
To disable a rule, select it and then select Disable.
To enable a specific managed rule that's currently disabled, select Add new rule, choose Managed, and select the rule you want to enable.
Select Save.
Configure bot protection rules
Bot protection rules help block requests that originate from automated bots. Bots are typically categorized as:
- Good bots, like search engine crawlers.
- Bad bots, like malicious scrapers and spam bots.
- Unknown bots, which don't identify themselves clearly.
When you enable bot protection rules, the system blocks requests that match these rules based on your configuration.
To configure bot protection rules:
Navigate to the Security workspace.
Select Web Application Firewall.
On the right, select the Managed rules tab.
Select Add new rule, and then select Bot protection rules (Good bots, Bad bots, or Unknown bots).
Select Save.