Best practice rules for Application Gateway
- Check for Minimum TLS Version
Ensure that "minProtocolVersion" is set to "TLSv1_2" or higher for Azure Application Gateways.
- Enable Bot Protection for the Associated WAF Policy
Ensure that Bot Protection is enabled for the associated Web Application Firewall (WAF) policy.
- Enable HTTP/2 Support for Application Gateways
Ensure that HTTP/2 support is enabled for Azure Application Gateways.
- Enable Request Body Inspection for the Associated WAF Policy
Ensure that Request Body Inspection is enabled for the associated Web Application Firewall (WAF) policy.
- Enable Web Application Firewall for Application Gateways
Enable Web Application Firewall (WAF) policies for Application Gateways.