From 5913ed647e42c452d57971f321ec8aedf40e272b Mon Sep 17 00:00:00 2001 From: andrewmathuj <101790053+andrewmathuj@users.noreply.github.com> Date: Tue, 9 Jun 2026 16:29:44 +0300 Subject: [PATCH 1/4] Create Bot Protection should be enabled for Application Gateway for Containers (AGC) WAF.json --- ...enabled for Application Gateway for Containers (AGC) WAF.json | 1 + 1 file changed, 1 insertion(+) create mode 100644 Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /Bot Protection should be enabled for Application Gateway for Containers (AGC) WAF.json diff --git a/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /Bot Protection should be enabled for Application Gateway for Containers (AGC) WAF.json b/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /Bot Protection should be enabled for Application Gateway for Containers (AGC) WAF.json new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /Bot Protection should be enabled for Application Gateway for Containers (AGC) WAF.json @@ -0,0 +1 @@ + From a1cadf18aa2427fc50d4af0a31d38b9b5797461a Mon Sep 17 00:00:00 2001 From: andrewmathuj <101790053+andrewmathuj@users.noreply.github.com> Date: Tue, 9 Jun 2026 16:30:27 +0300 Subject: [PATCH 2/4] Add policy for enabling Bot Protection in AGC WAF This policy ensures that the Microsoft Bot Manager rule set is enabled in all Web Application Firewall (WAF) policies attached to Application Gateway for Containers (AGC). --- ...tion Gateway for Containers (AGC) WAF.json | 57 +++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /Bot Protection should be enabled for Application Gateway for Containers (AGC) WAF.json b/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /Bot Protection should be enabled for Application Gateway for Containers (AGC) WAF.json index 8b137891..52a25801 100644 --- a/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /Bot Protection should be enabled for Application Gateway for Containers (AGC) WAF.json +++ b/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /Bot Protection should be enabled for Application Gateway for Containers (AGC) WAF.json @@ -1 +1,58 @@ + { + "displayName": "Bot Protection Enabled WAF AGC", + "policyType": "Custom", + "mode": "All", + "description": "This policy ensures that the Microsoft Bot Manager rule set is enabled in all Web Application Firewall (WAF) policies attached to Application Gateway for Containers (AGC)", + "metadata": { + "category": "Network", + "version": "1.0.0" + }, + "parameters": { + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "AuditIfNotExists", + "Disabled" + ], + "defaultValue": "AuditIfNotExists" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies" + }, + { + "count": { + "field": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/applicationGatewayForContainers[*]" + }, + "greater": 0 + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies", + "name": "[field('name')]", + "existenceCondition": { + "count": { + "field": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/managedRules.managedRuleSets[*]", + "where": { + "field": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/managedRules.managedRuleSets[*].ruleSetType", + "equals": "Microsoft_BotManagerRuleSet" + } + }, + "greater": 0 + } + } + } + } + } From 11dcce00f4236ae2a69afa163c10824ad71521e2 Mon Sep 17 00:00:00 2001 From: andrewmathuj <101790053+andrewmathuj@users.noreply.github.com> Date: Tue, 9 Jun 2026 16:31:19 +0300 Subject: [PATCH 3/4] Create README.md --- .../README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /README.md diff --git a/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /README.md b/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /README.md new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /README.md @@ -0,0 +1 @@ + From 89adb81581144fd9549697b77d9576889cddb84c Mon Sep 17 00:00:00 2001 From: andrewmathuj <101790053+andrewmathuj@users.noreply.github.com> Date: Tue, 9 Jun 2026 16:32:09 +0300 Subject: [PATCH 4/4] Update README with bot protection policy details Added a description for the bot protection policy in the README. --- .../README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /README.md b/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /README.md index 8b137891..5e747b6e 100644 --- a/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /README.md +++ b/Azure WAF/Policy - Azure Policy Definitions/Policy - Bot Protection should be enabled for AGC WAF /README.md @@ -1 +1,2 @@ - + ## Bot Protection should be enabled for Application Gateway for Containers (AGC) WAF + This policy mandates that the Microsoft Bot Manager rule set is enabled in all Web Application Firewall (WAF) policies attached to Application Gateway for Containers (AGC).