Provide protection with web application firewall
Important
This content is archived and is not being updated. For the latest documentation, go to the Microsoft Power Pages documentation. For the latest release plans, go to Dynamics 365, Power Platform, and Cloud for Industry release plans.
| Enabled for | Public preview | General availability |
|---|---|---|
| Users by admins, makers, or analysts | - | 
May 31, 2024 |
Business value
With this feature, you can enable a web application firewall (WAF) for a website to safeguard your data, providing protection against a wide range of cyber threats including SQL injection and cross-site scripting (XSS).
Feature details
Web Application Firewall (WAF) provides centralized protection for Power Pages sites, defending against common exploits and vulnerabilities by preventing malicious attacks before they enter the network. WAF is a turnkey solution that enables you to incorporate a foundational Azure-managed ruleset specifically targeting OWASP vulnerabilities. The Web Application Firewall managed rule sets for Power Pages are a subset of Azure-managed DRS 2.0 rule sets.
These rule sets protect against the following threat categories:
- Cross-site scripting
- Local file inclusion
- Remote file inclusion
- Session fixation
- Protocol attackers
- Protocol enforcement
You can also configure custom rulesets and download WAF logs.