![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 93%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,185 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 17%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Hello mani
I understand you're seeing some unexpected behavior with your Azure Application Gateway WAF. When using Azure Application Gateway with WAF in Prevention mode, the behavior depends on your rule set configuration:
Default Behavior - Prevention mode will block requests that match WAF rules by default, regardless of the individual rule's action setting. The "Log" action in rule settings typically refers to logging the event, not overriding the mode's blocking behavior.
Custom Rule Behavior - For custom rules specifically, if you set a custom rule's action to "Log", it will only log the request even in Prevention mode (won't block).
But for managed rule sets (OWASP Core Rule Set), Prevention mode will block regardless of individual rule logging settings
If you need to log without blocking for testing purposes, you should:
- Switch to Detection mode temporarily, or
- Create custom rules with Log action, or
- Use rule exclusions for specific traffic patterns
Please don’t forget to close the thread by clicking "Accept the answer" and "Yes" wherever the information provided helps you, as this can be beneficial to other community members.