![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 54%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHG%3C/text%3E%3C/svg%3E)
Azure Web Application Firewall
An Azure service that provides protection for web apps.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Hello Humberto Garcia
It sounds like you have a pretty substantial list of IP addresses that you're managing for your WAF policy. There are a few important things to consider regarding the limitations and configurations for IP lists in Azure Web Application Firewall (WAF).
The limit of WAF IP address ranges per match condition is:
- 540 with CRS 3.1 or lower
- 600 with CRS 3.2 or newer
Maximum WAF custom rules that can be configured in a WAF is 100.
And WAF IP address ranges per match condition is 600.
So, that gives you a total of 60000 IP address ranges.
NOTE: This limit is same for both Application gateway WAF and Azure Front Door WAF.
If one custom rule already has 600 IP addresses/ranges, you can create another custom rule and add the new IPs/ranges.
One IP range is considered as 1 entry. And you can add 600 IP ranges in one custom rule. But you need to make sure that none of the address ranges has overlapping IP addresses and all the ranges have unique IP addresses.
Hope the above answer helps! Please let us know do you have any further queries.
Please do consider to “Up-vote” wherever the information provided helps you, this can be beneficial to other community members.