Default Rule Set (DRS) 2.1 for the regional Web Application Firewall (WAF) on Azure Application Gateway is now generally available on the Azure Application Gateway WAF V2 SKU.
DRS 2.1 is baselined off the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and extended to include additional proprietary protections rules developed by Microsoft Threat Intelligence team. The Microsoft Threat Intel team analyzes Common Vulnerabilities and Exposures (CVEs) and further adapts the CRS ruleset to address CVEs and reduce false positives.
For more information on what’s included in this release, please see our managed rules documentation.
