Share via

Azure CDN WAF Policy Not Working as Expected

Sanket Pokale 5 Reputation points
2025-12-17T15:17:31.1433333+00:00

Hello,
We have set up Azure CDN and created a WAF policy with custom rules to restrict suspicious URLs. The CDN is also associated with a Traffic Manager profile. However, the WAF policy is not working as expected.

We also tried disabling the Traffic Manager profile, but unfortunately, that did not resolve the issue. We have the same setup in the lower environment, where it is working as expected.

Could you please help us identify and fix the issue?

{
    "apiVersion": "2025-03-01",
    "id": "/subscriptions/*******************************",
    "name": "***wafprod",
    "type": "microsoft.network/frontdoorwebapplicationfirewallpolicies",
    "sku": {
        "name": "Standard_AzureFrontDoor"
    },
    "location": "global",
    "tags": {},
    "properties": {
        "policySettings": {
            "enabledState": "Enabled",
            "mode": "Prevention",
            "redirectUrl": null,
            "customBlockResponseStatusCode": 403,
            "customBlockResponseBody": null,
            "requestBodyCheck": "Enabled",
            "javascriptChallengeExpirationInMinutes": null,
            "captchaExpirationInMinutes": null,
            "logScrubbing": null
        },
        "customRules": {
            "rules": [
                {
                    "name": "BlockSuspiciousURLs",
                    "enabledState": "Enabled",
                    "priority": 1,
                    "ruleType": "MatchRule",
                    "rateLimitDurationInMinutes": 1,
                    "rateLimitThreshold": 100,
                    "matchConditions": [
                        {
                            "matchVariable": "RequestUri",
                            "selector": null,
                            "operator": "RegEx",
                            "negateCondition": false,
                            "matchValue": [
                                "(?i).*snapchat.*"
                            ],
                            "transforms": []
                        }
                    ],
                    "action": "Block",
                    "groupBy": []
                },
                
        "managedRules": {
            "managedRuleSets": []
        },
        "frontendEndpointLinks": [],
        "securityPolicyLinks": [
            {
                "id": "/subscriptions/***********
            }
        ],
        "resourceState": "Enabled",
        "provisioningState": "Succeeded"
    }
}
Azure Content Delivery Network
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vallepu Venkateswarlu 6,995 Reputation points Microsoft External Staff Moderator
    2025-12-17T15:49:25.3833333+00:00

    Hi @ Sanket Pokale •,

    Welcome to Microsoft Q&A Platform.

    You can check whether the WAF rule is being triggered by querying the AzureDiagnostics logs:

    AzureDiagnostics
| where ruleName_s == "BlockSuspiciousURLs"

    If no records are returned, it indicates that the rule was never matched.

    If Diagnostic settings are not enabled, you can enable them by navigating to: Front Door → Diagnostic settings → Enable (WAF logs).

    Alternatively, you can try the configuration below, as suggested Match based on request URI 

    "operator": "Contains",
"matchValue": [
  "snapchat"
]

    The Contains operator directly matches substrings in the request URI and is the recommended approach for simple keyword-based URL filtering.

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please 210246-screenshot-2021-12-10-121802.pngand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.