Azure WAF Workshop 2026¶

WorkshopPLUS: Azure Web Application Firewall — Modern Edition

Centralized Layer 7 protection for your web applications with the latest Azure WAF features.

Start Learning Jump to Labs Challenges

15

Modules

12

Hands-on Labs

6

Challenges

50+

Attack Payloads

What You'll Learn¶

This workshop covers Azure Web Application Firewall from fundamentals to advanced operations, including the latest 2025-2026 features:

Next-Gen WAF Engine — 8x faster performance
JavaScript Challenge — Advanced bot mitigation
Copilot for Security — AI-powered WAF operations
Application Gateway for Containers — Kubernetes-native WAF
WAF Insights — Built-in analytics dashboard

Choose Your Path¶

Full Workshop (New Infrastructure)

Deploy the lab infrastructure from scratch and follow all labs in order.

Deploy & Start
Bring Your Own WAF

Already have Application Gateway WAF or Front Door WAF? Skip the deploy — download the scripts and jump straight to any lab or challenge.

See instructions below
Self-Study (Theory Only)

Read through the 15 modules as a learning resource — no Azure subscription needed.

Start with Module 01
Challenges Only

Have a WAF running? Download the challenge script, generate traffic, and test your investigation skills.

Start Challenges

Modules¶

00 — Introduction

Workshop logistics, agenda, and introductions
01 — Security Fundamentals

Zero Trust, shared responsibility, and threat landscape
02 — Azure WAF Overview

Features, benefits, and product suite
03 — WAF Policies

Configuration, modes, and Next-Gen Engine
04 — Managed Rules

DRS 2.1, anomaly scoring, and rule groups
05 — Exclusions & Tuning

False positive tuning and best practices
06 — Custom Rules

Geo-filtering, rate limiting, and match conditions
07 — Bot Protection

Bot Manager, JavaScript Challenge
08 — Application Gateway

Regional WAF with App Gateway v2
09 — Front Door

Global edge WAF with Front Door Premium
10 — AGC (Containers)

Application Gateway for Containers with WAF
11 — DDoS Protection

Layered defense strategy
12 — Monitoring

WAF Insights, logs, metrics, and KQL
13 — Copilot & Sentinel

AI-powered security operations
14 — Best Practices

Architecture decisions and landing zones

Hands-on Labs¶

All labs include one-click Deploy to Azure buttons and step-by-step instructions.

Deploy Lab Infrastructure

#	Lab	Type
01	Deploy Application Gateway WAF v2	Core
02	Detection Mode & Traffic Generation	Core
03	KQL Log Analysis	Core
03B	WAF Triage Workbook (Fine Tuning)	New
04	Exclusions & Custom Rules	Core
05	Prevention Mode Validation	Core
06	Front Door Premium WAF	Core
07	Bot Protection & JavaScript Challenge	Core
08	Rate Limiting with XFF	Core
09	Application Gateway for Containers	Core
10	Microsoft Sentinel Integration	Optional
11	Copilot for Security	Optional

Labs 10-11 require additional licensing

Microsoft Sentinel and Copilot for Security require separate licenses.

Challenges¶

Test your WAF investigation skills! Run the challenge traffic generator, analyze the logs, and answer 6 questions with real-time validation.

Start Challenges

Bring Your Own WAF¶

Already have an Application Gateway WAF or Front Door WAF in your environment? You don't need to deploy the workshop infrastructure — just download the scripts and point them at your WAF endpoint.

What you need¶

An Application Gateway WAF_v2 or Front Door Premium with a WAF Policy
WAF diagnostic logs enabled and flowing to a Log Analytics workspace
PowerShell 7+ installed on your machine

Download the scripts¶

Script	Purpose	Download
generate-traffic.ps1	One-shot attack simulation (for labs)	Download
simulate-waf-traffic.ps1	Continuous traffic generator (pre-populate logs)	Download
challenge-traffic.ps1	Deterministic traffic for challenges	Download

Quick start with your own WAF¶

# 1. Generate traffic against YOUR WAF endpoint
.\simulate-waf-traffic.ps1 -TargetUrl "http://<your-waf-endpoint>" -DurationMinutes 15

# 2. Wait 10 minutes for logs, then do any lab (e.g., Lab 03 - KQL Analysis)
#    Just replace the endpoint URLs in the lab instructions with yours

# 3. Or go straight to Challenges
.\challenge-traffic.ps1 -TargetUrl "http://<your-waf-endpoint>" -Challenge All

Which labs work with your own WAF?

Works directly	Needs adaptation	Needs workshop infra
Lab 02, 03, 03B, 04, 05	Lab 06, 07, 08 (adjust for your FD/AppGW)	Lab 01, 09, 10, 11
All 6 Challenges	—	—

Quick Start (New Infrastructure)¶

# 1. Clone the repository
git clone https://github.com/lcarli/AzureWAF-Learning.git
cd AzureWAF-Learning

# 2. Login to Azure
az login

# 3. Deploy all lab infrastructure (~20 minutes)
cd infra/
.\deploy.ps1 -ResourceGroupName "rg-waf-workshop" -Location "eastus2"

# 4. Pre-populate WAF logs (recommended before Lab 03)
cd ../scripts/
.\simulate-waf-traffic.ps1 -TargetUrl "http://<your-appgw-fqdn>" -DurationMinutes 15

Built with for the Azure community | Powered by MkDocs Material