Network - 26884 - Bot protection rule set is enabled and assigned in Azure Front Door WAF#1076
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Updates assessment test 26884 to align with an updated spec for Azure Front Door WAF Bot Manager protection, adding stricter evaluation criteria and updating test messaging/title accordingly.
Changes:
- Renames the test title wording from “ruleset” to “rule set”.
- Extends WAF policy evaluation to include WAF mode and Bot Manager rule-enabled checks.
- Updates pass/fail result messaging to reflect the new criteria.
Comments suppressed due to low confidence (1)
src/powershell/tests/Test-Assessment.26884.ps1:263
- The pass/fail message says all WAF policies attached to Azure Front Door are enabled, in Prevention mode, and have Bot Manager configured with an enabled rule, but the evaluation short-circuits on the first security policy that meets the criteria (
breakonce$hasValidBotProtectionis true). If a Front Door profile has multiple security policies/WAF policies, this can pass even when other attached policies are non-compliant. Either enforce the criteria across all security policies/WAF policies attached to the profile (and reflect that in$hasValidBotProtection), or adjust the messaging/intent to “at least one attached policy is compliant.”
# Check if WAF policy is enabled, in Prevention mode, and Bot Manager is present with at least one rule enabled
if ($wafIsPremium -and $wafEnabled -eq 'Enabled' -and $wafMode -eq 'Prevention' -and $hasEnabledRule) {
$hasValidBotProtection = $true
# Only count domains from security policy with valid bot protection
$domainsProtected = $currentPolicyDomainCount
}
break
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
alexandair
requested changes
Mar 18, 2026
Collaborator
alexandair
left a comment
alexandair
left a comment
There was a problem hiding this comment.
@aahmed-spec Please, address my feedback.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
made changes as per updated spec