# WordPress WAF Custom rules for Azure Front Door (AFD)




## What the Bicep File Does

This Bicep file ([waf-wordpress-exclusions.bicep](#file-waf-wordpress-exclusions-bicep)) defines an Azure WAF policy specifically configured with rule exclusions for WordPress sites, based on the [OWASP Core Rule Set - WordPress Rule Exclusions Plugin](https://github.com/coreruleset/wordpress-rule-exclusions-plugin)

### Key Features

1. **Base WAF Policy Configuration**:
   - Creates a WAF policy resource with configurable name and location
   - Supports both Detection and Prevention modes
   - Includes standard settings for request body checking and file upload limits

2. **OWASP Core Rule Set**:
   - Implements OWASP CRS 3.2
   - Incorporates rule group overrides specifically for WordPress functionality

3. **WordPress-Specific Exclusions**:
   - Implements exclusions for common WordPress features that trigger false positives
   - Includes exclusions for:
     - WordPress login forms
     - Comment submission
     - Admin post editing
     - WordPress Customizer
     - Gutenberg Editor 
     - WordPress sessions and cookies

## How to Use This File

1. Deploy using Azure CLI:
   ```bash
   az deployment group create --resource-group YourResourceGroup --template-file waf-wordpress-exclusions.bicep
   ```

2. Deploy using Azure PowerShell:
   ```powershell
   New-AzResourceGroupDeployment -ResourceGroupName YourResourceGroup -TemplateFile waf-wordpress-exclusions.bicep
   ```

3. You can customize parameters during deployment:
   ```bash
   az deployment group create --resource-group YourResourceGroup --template-file waf-wordpress-exclusions.bicep --parameters wafPolicyName=my-wordpress-waf wafMode=Detection
   ```