Announcing Web Application Firewall in Power Pages General Availability (GA)

We are thrilled to announce that the Web Application Firewall (WAF) feature is now generally available on the Power Pages platform, offering enhanced protection against several of the common OWASP Top Ten web application security threats. Back in October 2022, we had introduced the public preview for WAF featuring a basic Azure managed ruleset. Today, we’re excited to unveil its GA, with added features to bolster your site security.

With WAF, you have the power to control the web traffic to your site. Whether you need to allow traffic from specific geographic regions, block certain IP addresses, or safeguard your site against abnormal traffic from specific sources, firewall custom rules make it all possible.

We’re adding the following capabilities:

  1. Configuration of the following custom rules:
    • Geo-filtering: Tailor your firewall settings to allow or block traffic based on geographic regions.
    • IP address filtering: Exercise precise control over incoming traffic by permitting or denying access from specific IP addresses.
    • URI filtering: Safeguard your web applications by regulating access to request containing specific partial URI.
  2. Access to firewall Logs:
    • Gain valuable insights into your web traffic with access to comprehensive firewall logs.

Furthermore, all WAF logs are readily available – stored in a Dataverse table labeled ‘Power Pages log’, from which you can conveniently download or export directly for your analysis.

Power Pages Web Application Firewall

To learn about WAF and configuring the custom rules, visit Configure Web Application Firewall in Power Pages.

We are looking forward to your feedback, which will help us continue to build on and improve the capabilities of this feature. We want to hear from you!