I'm looking to implement custom rules for my Application Gateway Web Application Firewall (WAF) policy. Specifically, I want to exclude certain URIs from some of the anomaly scoring related to OWASP SQL injection checks since we're seeing a lot of false positives. However, I'm concerned that using custom rules might mean checking every request against these rules, which could be really resource-intensive. Has anyone here had experience with this? Did implementing custom rules lead to significant computational issues?
3 Answers
I'm not entirely sure what you mean by computationally expensive. From what I know, it doesn't add extra cost and any impact on performance is minimal. We have a bunch of custom exceptions, and while it's more work to sift through logs, we've never had performance issues. For us, it works better to ignore SQL rules for specific elements in the traffic rather than take a blanket approach.
Using custom rules can actually bypass managed rules, so it's often better to create exclusions within those managed rules instead. I started doing this by excluding specific argument names that were frequently flagged and it worked well for my situation. Just a heads up that if you have a custom rule applied, that request won't be checked against any managed rules, so that's something to consider.
If you're worried about costs, check out the Azure pricing calculator. It's worth noting that requests are typically charged as a single request, regardless of how many rules they're checked against.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads