![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 5%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Azure Web Application Firewall
An Azure service that provides protection for web apps.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 52%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Hi K Sec Greg,
Thanks for posting question in Microsoft Q&A forum,
It sounds like you want to block specific endpoints in your Azure Front Door Web Application Firewall (WAF) due to security concerns. You can achieve this by creating custom rules in your WAF policy. Here's a step-by-step guide to help you set it up:
- Access Azure Portal: Navigate to the Azure portal and find your Azure Front Door service.
- Create or Modify WAF Policy:
- If you don’t have a WAF policy yet, you’ll need to create one. You can follow the Create a WAF policy for Azure Front Door by using the Azure portal guide.
- If you already have a policy, click on it to modify.
- Custom Rules:
- Go to the "Custom rules" section within your WAF policy.
- Add a new custom rule and define the match conditions. For your case, select the option to match against the request URI.
- Set the condition to block requests if the URI matches
/conf/users.xmlor/debug/script.
- Set the Action: Choose "Block" as the action for the rule you’re creating.
- Priority Setting: Assign a priority to your new rule. Remember, lower numbers have higher priority, so ensure it's set appropriately so that it gets triggered before any other rules that might conflict.
- Save and Deploy: After configuring your rules, save the WAF policy and deploy the changes.
- Testing: Test the endpoints to ensure that they are blocked as intended.
This will ensure that any requests to those specific endpoints are blocked by your Azure Front Door WAF, providing you the immediate protection you need until you can apply application-level patches.
References:
- Overview: What is Azure web application firewall for Azure Front Door?
- Custom rules for web application firewall with Azure Front Door
- Create a WAF policy for Azure Front Door
If you have further questions or need more details about any specific step, feel free to ask!
Please do not forget to 
and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.