Merge pull request #312290 from halkazwini/waf-freshness1

WAF freshness

Author: prmerger-automator[bot]

articles/web-application-firewall/afds/afds-overview.md

@@ -5,7 +5,8 @@ author: halkazwini
 ms.author: halkazwini
 ms.service: azure-web-application-firewall
 ms.topic: concept-article
-ms.date: 01/14/2025
+ms.date: 02/25/2026
+
 # Customer intent: As a security administrator, I want to configure Azure Web Application Firewall policies on Azure Front Door, so that I can protect my web applications from malicious attacks and ensure compliance with security standards while maintaining high availability.
 ---
 
@@ -17,7 +18,7 @@ Azure Web Application Firewall on Azure Front Door is a global and centralized s
 
 A WAF prevents malicious attacks close to the attack sources before they enter your virtual network. You get global protection at scale without sacrificing performance. A WAF policy easily links to any Azure Front Door profile in your subscription. New rules can be deployed within minutes, so you can respond quickly to changing threat patterns.
 
-![Screenshot that shows Azure Web Application Firewall.](../media/overview/wafoverview.png)
+:::image type="content" source="../media/overview/wafoverview.png" alt-text="Screenshot that shows Azure Web Application Firewall.":::
 
 [!INCLUDE [ddos-waf-recommendation](../../../includes/ddos-waf-recommendation.md)]
 
@@ -114,7 +115,7 @@ Three bot categories are supported: *Bad*, *Good*, and *Unknown*. The WAF platfo
 
 The WAF platform manages and dynamically updates bot signatures. You can set custom actions to block, allow, log, or redirect for different types of bots.
 
-![Screenshot that shows a bot protection rule set.](../media/afds-overview/botprotect2.png)
+:::image type="content" source="../media/afds-overview/botprotect2.png" alt-text="Screenshot that shows a bot protection rule set." lightbox="../media/afds-overview/botprotect2.png":::
 
 If bot protection is enabled, incoming requests that match bot rules are blocked, allowed, or logged based on the configured action. Bad bots are blocked, good bots are allowed, and unknown bots are logged by default. You can set custom actions to block, allow, log, or JS challenge for different types of bots. You can access WAF logs from a storage account, event hub, log analytics, or send logs to a partner solution.
 

articles/web-application-firewall/afds/waf-front-door-custom-rules.md

@@ -1,11 +1,12 @@
 ---
-title: Web application firewall custom rule for Azure Front Door
+title: WAF Custom Rule for Azure Front Door
 description: Learn how to use web application firewall (WAF) custom rules to protect your web applications from malicious attacks.
 author: halkazwini
 ms.author: halkazwini
 ms.service: azure-web-application-firewall
 ms.topic: concept-article
-ms.date: 05/31/2024
+ms.date: 02/25/2026
+
 # Customer intent: "As a security administrator, I want to configure custom rules for a web application firewall, so that I can protect my web applications from various types of malicious attacks and control access based on defined conditions."
 ---
 
@@ -230,7 +231,8 @@ Here's an example JSON description of the custom rule:
 
 Custom rules can be duplicated within a given policy. When duplicating a rule, you need to specify a unique name for the rule and a unique priority value. Additionally, custom rules can be copied from one Azure Front Door WAF policy to another as long as the policies are both in the same subscription. When copying a rule from one policy to another, you need to select the Azure Front Door WAF policy you wish to copy the rule into. Once you select the WAF policy you need to give the rule a unique name, and assign a priority rank.
 
-## Next steps
-- [Configure a WAF policy by using Azure PowerShell](waf-front-door-custom-rules-powershell.md).
-- Learn about [Azure Web Application Firewall on Azure Front Door](afds-overview.md).
-- Learn how to [create an Azure Front Door instance](../../frontdoor/quickstart-create-front-door.md).
+## Related content
+
+- [Configure a WAF policy by using Azure PowerShell](waf-front-door-custom-rules-powershell.md)
+- [Azure Web Application Firewall on Azure Front Door](afds-overview.md)
+- [Create an Azure Front Door instance](../../frontdoor/quickstart-create-front-door.md)

articles/web-application-firewall/afds/waf-front-door-monitor.md

@@ -1,13 +1,15 @@
 ---
-title: Azure Web Application Firewall monitoring and logging
+title: Monitoring and Logging
+titleSuffix: Azure Web Application Firewall
 description: Learn about Azure Web Application Firewall in Azure Front Door monitoring and logging.
 author: halkazwini
 ms.author: halkazwini
 ms.service: azure-web-application-firewall
 ms.topic: how-to
-ms.date: 05/23/2024
+ms.date: 02/25/2026
 ms.custom: devx-track-js
 zone_pivot_groups: front-door-tiers
+
 # Customer intent: As a security analyst, I want to monitor and analyze Azure Web Application Firewall logs and metrics, so that I can ensure my application's security and identify any potential threats to its integrity.
 ---
 
@@ -185,6 +187,9 @@ The following snippet shows an example log entry, including the reason that the
 
 For more information about the other Azure Front Door logs, see [Monitor metrics and logs in Azure Front Door](../../frontdoor/front-door-diagnostics.md#logs).
 
-## Next step
+## Related content
+
+- [Best practices for Azure Front Door WAF](waf-front-door-best-practices.md)
+- [Create a WAF policy on Azure Front Door](waf-front-door-create-portal.md)
+- [Azure Web Application Firewall on Azure Front Door](afds-overview.md)
 
-Learn more about [Azure Front Door](../../frontdoor/front-door-overview.md).

articles/web-application-firewall/afds/waf-front-door-rate-limit.md

@@ -1,11 +1,12 @@
 ---
-title: Web application firewall rate limiting for Azure Front Door
+title: WAF Rate Limiting for Azure Front Door
 description: Learn how to use web application firewall rate limiting to protect your web applications from malicious attacks.
 author: halkazwini
 ms.author: halkazwini
 ms.service: azure-web-application-firewall
 ms.topic: concept-article
-ms.date: 07/29/2024
+ms.date: 02/25/2026
+
 # Customer intent: As a web application administrator, I want to implement rate limiting using a web application firewall, so that I can protect my applications from denial-of-service attacks and manage traffic effectively.
 ---
 
@@ -43,7 +44,7 @@ A few considerations to keep in mind while you determine threshold values and ti
 - Setting larger time window sizes (for example, five minutes over one minute) and larger threshold values (for example, 200 over 100) tend to be more accurate in enforcing close to rate limit's thresholds than using the shorter time window sizes and lower threshold values.
 - Azure Front Door WAF rate limiting operates on a fixed time period. Once a rate limit threshold is breached, all traffic matching that rate limiting rule is blocked for the remainder of the fixed window. 
 
-## Next steps
+## Related content
 
-- Configure [rate limiting on your Azure Front Door WAF](waf-front-door-rate-limit-configure.md).
-- Review [rate limiting best practices](waf-front-door-best-practices.md#rate-limiting-best-practices).
+- [Configure rate limiting on your Azure Front Door WAF](waf-front-door-rate-limit-configure.md).
+- [Rate limiting best practices](waf-front-door-best-practices.md#rate-limiting-best-practices).

articles/web-application-firewall/ag/application-gateway-waf-configuration.md

@@ -1,12 +1,13 @@
 ---
-title: Web application firewall exclusion lists in Azure Application Gateway - Azure portal
+title: WAF Exclusion Lists in Azure Application Gateway
 description: This article provides information on Web Application Firewall exclusion lists configuration in Application Gateway with the Azure portal.
 author: halkazwini
 ms.author: halkazwini
 ms.service: azure-web-application-firewall
 ms.topic: concept-article
-ms.date: 01/13/2025
+ms.date: 02/25/2026
 ms.custom: devx-track-azurepowershell
+
 # Customer intent: As a web application administrator, I want to configure exclusion lists for my Web Application Firewall, so that I can prevent false positives and ensure legitimate traffic is not blocked by security rules.
 ---
 
@@ -523,12 +524,12 @@ resource wafPolicy 'Microsoft.Network/ApplicationGatewayWebApplicationFirewallPo
 }
 ```
 
-
 ---
 
 So if the URL `http://www.contoso.com/?user%3c%3e=joe` is scanned by the WAF, it doesn't evaluate the string **joe**, but it still evaluates the parameter name **user%3c%3e**. 
 
-## Next steps
+## Related content
 
-- After you configure your WAF settings, you can learn how to view your WAF logs. For more information, see [Application Gateway diagnostics](../../application-gateway/application-gateway-diagnostics.md#diagnostic-logging).
-- [Learn more about Azure network security](../../networking/security/index.yml)
+- [WAF DRS and CRS rule groups and rules](application-gateway-crs-rulegroups-rules.md)
+- [Application Gateway diagnostics](../../application-gateway/application-gateway-diagnostics.md#diagnostic-logging).
+- [Upgrade CRS or DRS ruleset version](upgrade-ruleset-version.md)

articles/web-application-firewall/ag/application-gateway-waf-request-size-limits.md

@@ -1,22 +1,21 @@
 ---
-title: Web application firewall request size limits in Azure Application Gateway - Azure portal
+title: WAF Request Size Limits in Azure Application Gateway
 description: This article provides information on Web Application Firewall request size limits in Application Gateway with the Azure portal.
 author: halkazwini
 ms.author: halkazwini
 ms.service: azure-web-application-firewall
 ms.topic: concept-article
-ms.date: 07/16/2024
+ms.date: 02/25/2026
+
 # Customer intent: "As a security administrator, I want to configure the request and file upload size limits in the Web Application Firewall, so that I can optimize security policies and prevent unauthorized large requests or file uploads affecting application performance."
 ---
 
 # Web Application Firewall request and file upload size limits
 
 Web Application Firewall allows you to configure request size limits within a lower and upper boundary. Application Gateways Web Application Firewalls running Core Rule Set 3.2 or later have more request and file upload size controls, including the ability to disable max size enforcement for requests and/or file uploads.
 
-
 > [!IMPORTANT]
-> We are in the process of deploying a new feature for Application Gateway v2 Web Application Firewalls running Core Rule Set 3.2 or later that allows for greater control of your request body size, file upload size, and request body inspection. If you're running Application Gateway v2 Web Application Firewall with Core Rule Set 3.2 or later, and you notice requests getting rejected (or not getting rejected) for a size limit please refer to the troubleshooting steps at the bottom of this page.
-
+> We are in the process of deploying a new feature for Application Gateway v2 Web Application Firewalls running Core Rule Set 3.2 or later that allows for greater control of your request body size, file upload size, and request body inspection. If you're running Application Gateway v2 Web Application Firewall with Core Rule Set 3.2 or later, and you notice requests getting rejected (or not getting rejected) for a size limit,  refer to the [troubleshooting](#troubleshooting) steps in this article.
 
 ## Limits
 
@@ -33,7 +32,7 @@ Only requests with Content-Type of *multipart/form-data* are considered for file
 >**Example:** If you have a custom rule with priority 0 (the highest priority) set to allow a request with the header xyz, even if the request's size is larger than your maximum request size limit, it will get allowed before the max size limit is enforced
 
 >[!NOTE]
->There is a 4 KB buffer on the file upload limit. The file size restriction won't be enforced until the file upload exceeds your set limit plus this buffer.
+>There's a 4 KB buffer on the file upload limit. The file size restriction won't be enforced until the file upload exceeds your set limit plus this buffer.
 
 ## Request body inspection
 
@@ -64,7 +63,7 @@ If you're an Application Gateway v2 Web Application Firewall customer running Co
 **Enforce maximum request body limit**
 - PowerShell: "RequestBodyEnforcement"
 - CLI: "request_body_enforcement"
-- Control if your Web Application Firewall enforces a max size limit on request bodies; when turned off it does not reject any requests for being too large.
+- Control if your Web Application Firewall enforces a max size limit on request bodies; when turned off it doesn't reject any requests for being too large.
 
 **Maximum request body size (KB)**
 - PowerShell: "MaxRequestBodySizeInKB"
@@ -74,7 +73,7 @@ If you're an Application Gateway v2 Web Application Firewall customer running Co
 **Enforce maximum file upload limit**
 - PowerShell: "FileUploadEnforcement"
 - CLI: "file_upload_enforcement"
-- Controls if your Web Application Firewall enforces a max size limit on file uploads; when turned off it does not reject any file uploads for being too large.
+- Controls if your Web Application Firewall enforces a max size limit on file uploads; when turned off it doesn't reject any file uploads for being too large.
 
 **Maximum file upload size (MB)**
 - PowerShell: "FileUploadLimitInMB"

articles/web-application-firewall/ag/application-gateway-web-application-firewall-portal.md

@@ -1,13 +1,13 @@
 ---
-title: 'Tutorial: Create an application gateway with a Web Application Firewall using the Azure portal'
+title: 'Tutorial: Create an Application Gateway With a Web Application Firewall Using the Azure Portal'
 description: In this tutorial, you learn how to create an application gateway with a Web Application Firewall by using the Azure portal.
 author: halkazwini
 ms.author: halkazwini
 ms.service: azure-web-application-firewall
 ms.topic: tutorial
-ms.date: 05/23/2024
+ms.date: 02/25/2026
 ms.custom: sfi-image-nochange
-#Customer intent: As an IT administrator, I want to use the Azure portal to set up an application gateway with Web Application Firewall so I can protect my applications.
+
 # Customer intent: As an IT administrator, I want to configure an application gateway with a Web Application Firewall through the cloud portal so that I can ensure my web applications are protected against cybersecurity threats.
 ---
 

articles/web-application-firewall/ag/create-waf-policy-ag.md

@@ -1,11 +1,13 @@
 ---
-title: Create Web Application Firewall (WAF) policies for Application Gateway  
+title: Create WAF Policies for Application Gateway  
+titleSuffix: Azure Web Application Firewall
 description: Learn how to create Web Application Firewall policies for Application Gateway.
 author: halkazwini
 ms.author: halkazwini
 ms.service: azure-web-application-firewall
 ms.topic: concept-article
-ms.date: 01/15/2025
+ms.date: 02/25/2026
+
 # Customer intent: "As a cloud administrator, I want to create and manage Web Application Firewall policies for the Application Gateway, so that I can customize security settings for multiple sites efficiently and ensure each site is protected according to its specific requirements."
 ---
 
@@ -17,8 +19,8 @@ You can make as many policies as you want. Once you create a policy, it must be
 
 If your Application Gateway has an associated policy, and then you associate a different policy to a listener on that Application Gateway, the listener's policy takes effect, but just for the listeners that they're assigned to. The Application Gateway policy still applies to all other listeners that don't have a specific policy assigned to them. 
 
-   > [!NOTE]
-   > Once a Firewall Policy is associated to a WAF, there must always be a policy associated to that WAF. You can overwrite that policy, but disassociating a policy from the WAF entirely isn't supported. 
+> [!NOTE]
+> Once a Firewall Policy is associated to a WAF, there must always be a policy associated to that WAF. You can overwrite that policy, but disassociating a policy from the WAF entirely isn't supported. 
 
 All new Web Application Firewall's WAF settings (custom rules, managed ruleset configurations, exclusions, etc.) live inside of a WAF Policy. If you have an existing WAF, these settings might still exist in your WAF config. For steps on how to move to the new WAF Policy, see [Upgrade your WAF Config to a WAF Policy](#upgrade) later in this article. 
 
@@ -105,4 +107,5 @@ Then proceed with the steps to associate a WAF Policy to your application gatewa
 
 ## Next step
 
-Learn more about [Web Application Firewall CRS rule groups and rules](application-gateway-crs-rulegroups-rules.md).
+> [!div class="nextstepaction"]
+> [Web Application Firewall CRS rule groups and rules](application-gateway-crs-rulegroups-rules.md)

articles/web-application-firewall/ag/policy-overview.md

@@ -1,11 +1,12 @@
 ---
-title: Azure Web Application Firewall (WAF) policy overview
+title: WAF Policy Overview
 description: This article is an overview of Web Application Firewall (WAF) global, per-site, and per-URI policies.
 author: halkazwini
 ms.author: halkazwini
 ms.service: azure-web-application-firewall
 ms.topic: concept-article
-ms.date: 01/14/2025
+ms.date: 02/25/2026
+
 # Customer intent: "As a cloud security administrator, I want to create and manage Web Application Firewall policies for different application gateways, so that I can customize security settings based on the specific needs of each site and URI. "
 ---
 
@@ -16,7 +17,7 @@ Web Application Firewall Policies contain all the WAF settings and configuration
 There's no limit on the number of policies you can create. When you create a policy, it must be associated to an application gateway to take effect. It can be associated with any combination of application gateways, listeners, and path-based rules.
 
 > [!Note]
-> Application Gateway has two versions of the WAF sku: Application Gateway WAF_v1 and Application Gateway WAF_v2. WAF policy associations are only supported for the Application Gateway WAF_v2 sku.
+> Application Gateway has two versions of the WAF SKU: Application Gateway WAF_v1 and Application Gateway WAF_v2. WAF policy associations are only supported for the Application Gateway WAF_v2 SKU.
 
 ## Global WAF policy
 
@@ -38,7 +39,7 @@ As with per-site WAF policies, more specific policies override less specific one
 
 ### Example
 
-Say you have three sites: contoso.com, fabrikam.com, and adatum.com all behind the same application gateway. You want a WAF applied to all three sites, but you need added security with adatum.com because that is where customers visit, browse, and purchase products.
+Say you have three sites: contoso.com, fabrikam.com, and adatum.com all behind the same application gateway. You want a WAF applied to all three sites, but you need added security with adatum.com because that's where customers visit, browse, and purchase products.
 
 You can apply a global policy to the WAF, with some basic settings, exclusions, or custom rules if necessary to stop some false positives from blocking traffic. In this case, there's no need to have global SQL injection rules running because fabrikam.com and contoso.com are static pages with no SQL backend. So you can disable those rules in the global policy.
 

articles/web-application-firewall/index.yml

@@ -10,7 +10,7 @@ metadata:
   ms.topic: landing-page
   author: halkazwini
   ms.author: halkazwini
-  ms.date: 10/31/2024
+  ms.date: 02/25/2026
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new