production
Sub: a1b2c3d4-waf-team
RG: rg-spa-blob
All systems operational
Total Resources
14
14 healthy · 0 degraded
WAF Blocks (24h)
47
+12 vs yesterday
Active Exclusions
6
Across 2 WAF policies
SAS Token TTL
247d
Auto-rotation enabled
Resource Health
ResourceTypeStatus
fd-waf-prodFront DoorHealthy
spaxk3f9aStorage AccountHealthy
kv-waf-prodKey VaultHealthy
waf-appgw-prodApp Gateway WAFHealthy
waf-fd-prodFront Door WAFWarning
la-waf-logsLog AnalyticsHealthy
Recent Activity
28 Feb 11:42
SAS Token Rotated
kv-waf-prod → spaxk3f9a · Auto-rotation
28 Feb 09:15
WAF Block — SQLi Attempt
Rule 942100 · 185.220.101.47 · Front Door
27 Feb 17:30
Terraform Apply
rg-spa-blob · 3 resources updated · Azure DevOps
27 Feb 14:00
WAF Exclusion Added
Rule 920300 · RequestHeaderNames · /api/upload
26 Feb 08:45
Health Probe Warning
fd-waf-prod · Origin latency spike · Resolved
Storage & Secrets
📦 spaxk3f9a
Healthy
TypeStorageV2
ReplicationLRS
Static WebsiteEnabled
Public AccessIP Restricted
SAS RotationAuto · 247d TTL
Endpointspaxk3f9a.z8.web.core.windows.net
🔑 kv-waf-prod
Healthy
SKUStandard
Soft Delete90 days
RBACEnabled
Secrets3 active
FD IdentitySecrets User
NetworkPrivate Endpoint
Front Door & WAF
🌐 fd-waf-prod
Healthy
SKUPremium
WAF Policywaf-fd-prod
Originspa-storage-origin
Private LinkApproved
IdentitySystem Assigned
CacheIgnoreQueryString
⛨ waf-fd-prod
Warning
ModePrevention
Rule SetOWASP 3.2
Custom Rules4 active
Exclusions6 active
Blocks (24h)47
Managed ByTerraform
Active Exclusions
RuleMatch VariableSelectorPolicy
920300RequestHeaderNames/api/uploadFD
931130RequestCookieNames.AspNetCore.SessionFD
942100RequestBodyPostArgNamessearch_queryAGW
942200RequestBodyPostArgNamesfilter_sqlAGW
920420RequestHeaderNamesContent-TypeFD
913100RequestUriName/healthAGW
Top Triggered Rules (24h)
942100SQL Injection (libinjection)Block18 hits
941100XSS via libinjectionBlock12 hits
930100Path Traversal AttackBlock9 hits
920350Host Header IP AddressLog5 hits
913100Security Scanner DetectedBlock3 hits
Traffic Flow
👤
User
Public Internet
HTTPS
🌐
Front Door
Premium · WAF
Private Link
📦
Storage
Blob · $web
↕ Key Vault via Managed Identity ↕ Logs → Log Analytics Workspace
Network Rules — Storage
RuleValueAction
Default*Deny
IP Rule203.x.x.x/32Allow
BypassAzureServicesAllow
Private Endpoints
ResourceSub-resourceStatus
spaxk3f9ablobApproved
kv-waf-prodvaultApproved
Deployment History
DatePipelineChangesAuthorStatus
2026-02-27 17:30waf-infra-prod3 updated · 0 destroyedrootSuccess
2026-02-25 14:10waf-infra-prod1 added · 2 updatedrootSuccess
2026-02-20 09:45waf-exclusions2 updatedrootSuccess
2026-02-18 16:22waf-infra-prod5 added · 1 updatedrootSuccess
2026-02-15 11:00spa-hosting3 addedrootPartial
2026-02-10 08:30waf-exclusions1 updatedrootFailed
Terraform State
📋 waf-infra-prod.tfstate
Clean
Resources14
DriftNone detected
BackendAzure Blob
Last Apply2026-02-27
📋 spa-hosting.tfstate
Clean
Resources4
DriftNone detected
BackendAzure Blob
Last Apply2026-02-27