Back to updates

WAF - 1

2026 (2)

February (2)

azure: [In development] Public Preview: X-Forwarded-For (XFF) grouping for rate limiting on Application Gateway WAF v2

Azure Updates

2026-02-03

Azure Application Gateway WAF v2 now offers Public Preview support for additional rate‑limiting GroupBy options that use the X‑Forwarded‑For (XFF) HTTP header, enabling better client identification when the gateway is behind proxies or CDNs.

azure: [Launched] Generally Available: Default Ruleset 2.2 in WAF for Azure Application Gateway

Azure Updates

2026-02-02

Microsoft announced the general availability of Default Rule Set (DRS) 2.2 for Web Application Firewall (WAF) on Azure Application Gateway. The Azure-managed rule set provides active protection against common web vulnerabilities and exploits and includes Microsoft Threat Intelligence.

2025 (4)

November (3)

azure: [Launched] Generally Available: Azure Application Gateway mTLS passthrough support

Azure Updates

2025-11-18

Azure Application Gateway now generally supports mTLS passthrough, enabling backend applications to receive client certificates and authorization headers for their own validation while still using the Web Application Firewall for traffic inspection.

azure: [In preview] Public Preview: Microsoft HTTP DDoS Ruleset 1.0 on Application Gateway WAF v2

Azure Updates

2025-11-18

Microsoft announced the public preview of the HTTP DDoS Ruleset 1.0 for Application Gateway WAF v2. The ruleset is designed to help mitigate evolving HTTP-layer DDoS and botnet-driven attacks that can bypass static controls.

azure: [Launched] Generally Available: Application Gateway for Containers with Web Application Firewall (WAF)

Azure Updates

2025-11-10

Azure announces general availability of Web Application Firewall (WAF) support for Application Gateway for Containers, the next evolution of Application Gateway combined with the Application Gateway Ingress Controller.

August (1)

azure: [In preview] Public Preview: Custom block response code and body for Application Gateway WAF

Azure Updates

2025-08-26

Azure Application Gateway WAF now publicly previews the ability to customize response status codes and bodies for blocked requests.