Configure WAF on the Azure Front Door#324
Merged
IEvangelist merged 2 commits intomainfrom Jan 31, 2026
Merged
Conversation
These policies are required by Microsoft to prevent DDOS attacks on the site.
Contributor
There was a problem hiding this comment.
Pull request overview
Adds an Azure Front Door WAF policy and associates it with the Front Door endpoint to meet DDoS/WAF compliance requirements.
Changes:
- Introduces a configurable
rateLimitThresholdparameter for WAF rate limiting. - Adds a Front Door WAF Policy with a global rate-limit custom rule and a managed Bot Manager ruleset.
- Associates the WAF policy to the Front Door endpoint via a Front Door security policy.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
IEvangelist
approved these changes
Jan 30, 2026
Member
IEvangelist
left a comment
IEvangelist
left a comment
There was a problem hiding this comment.
This LGTM, but some of the copilot comments are interesting. Might be worth considering...
Member
Author
|
I'm getting an error trying to deploy this: trying to get copilot to fix it. |
eerhardt
commented
Jan 30, 2026
src/apphost/Aspire.Dev.AppHost/Bicep/front-door-appservice.bicep
Outdated
Show resolved
Hide resolved
IEvangelist
added a commit
that referenced
this pull request
Feb 3, 2026
* Clarify Azure AI Foundry format parameter documentation (#313) * Initial plan * Improve Azure AI Foundry format parameter documentation Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * Configure WAF on the Azure Front Door (#324) * Configure WAF on the Azure Front Door These policies are required by Microsoft to prevent DDOS attacks on the site. * Fix invalid wafPolicy name * Update resource creation in Node.js docs (#333) Correction to invalid syntax. * Add generic "Upgrade Aspire" article under What's new (#322) * Initial plan * Add Upgrade Aspire article and update sidebar configuration Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * Fix typo and remove broken link in Upgrade Aspire article Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * refactor: streamline Upgrade Aspire article and remove legacy content * fix: update Upgrade Aspire article for clarity and accuracy * chore: remove outdated setup and tooling link from Upgrade Aspire article * fix: update link to installation instructions for Aspire CLI in Upgrade Aspire article * fix: clarify upgrade instructions and remove outdated content in Upgrade Aspire article --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com> * Add CLI telemetry details page * Fix * Fix * Fix * Improve doc-tester and doc-writer skills, fix cross-platform paths (#361) * Add doc-writer and doc-tester skills with hex1b MCP server - Add doc-writer skill with Aspire documentation guidelines - Add doc-tester skill for validating documentation accuracy - Include common documentation rules from PR feedback patterns - Configure hex1b MCP server in .mcp.json, .vscode/mcp.json, opencode.jsonc - Add .doc-tester-workspace/ to .gitignore - Add .vscode/mcp.json exception to .gitignore * Improve doc-tester and doc-writer skills, fix cross-platform paths Key changes: doc-tester skill: - Add Knowledge Source Awareness section to distinguish between intrinsic knowledge and documentation-derived knowledge - Add Documentation Takes Priority guidance - follow the docs being tested, not skill defaults - Add Aspire CLI installation guidance (GA, Dev, PR, and Staging builds) - Replace dotnet-specific commands with polyglot-friendly Aspire CLI (aspire add, aspire run) - Add Hex1b MCP tools section for terminal screenshots and asciinema recordings doc-writer skill: - Add AsciinemaPlayer component documentation for terminal recordings - Add Hex1b MCP tools guidance for creating new recordings - Add Aspire CLI installation guidance for testing documentation - Add aspire add recommendation for testing integration packages Other fixes: - Update Prettier extension recommendation to esbenp.prettier-vscode - Fix cross-platform path in frontend.esproj (backslash to forward slash) * Update Hex1b.McpServer to 0.66.0 --------- Co-authored-by: Mitch Denny <mitch@mitchdeny.com> * Fix PowerShell syntax in telemetry opt-out example --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com> Co-authored-by: Tristan <Tri125@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com> Co-authored-by: Mitch Denny <midenn@microsoft.com> Co-authored-by: Mitch Denny <mitch@mitchdeny.com>
IEvangelist
added a commit
that referenced
this pull request
Feb 3, 2026
* Clarify Azure AI Foundry format parameter documentation (#313) * Initial plan * Improve Azure AI Foundry format parameter documentation Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * Configure WAF on the Azure Front Door (#324) * Configure WAF on the Azure Front Door These policies are required by Microsoft to prevent DDOS attacks on the site. * Fix invalid wafPolicy name * Update resource creation in Node.js docs (#333) Correction to invalid syntax. * Add generic "Upgrade Aspire" article under What's new (#322) * Initial plan * Add Upgrade Aspire article and update sidebar configuration Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * Fix typo and remove broken link in Upgrade Aspire article Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * refactor: streamline Upgrade Aspire article and remove legacy content * fix: update Upgrade Aspire article for clarity and accuracy * chore: remove outdated setup and tooling link from Upgrade Aspire article * fix: update link to installation instructions for Aspire CLI in Upgrade Aspire article * fix: clarify upgrade instructions and remove outdated content in Upgrade Aspire article --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com> * Add CLI telemetry details page * Fix * Fix * Fix * Improve doc-tester and doc-writer skills, fix cross-platform paths (#361) * Add doc-writer and doc-tester skills with hex1b MCP server - Add doc-writer skill with Aspire documentation guidelines - Add doc-tester skill for validating documentation accuracy - Include common documentation rules from PR feedback patterns - Configure hex1b MCP server in .mcp.json, .vscode/mcp.json, opencode.jsonc - Add .doc-tester-workspace/ to .gitignore - Add .vscode/mcp.json exception to .gitignore * Improve doc-tester and doc-writer skills, fix cross-platform paths Key changes: doc-tester skill: - Add Knowledge Source Awareness section to distinguish between intrinsic knowledge and documentation-derived knowledge - Add Documentation Takes Priority guidance - follow the docs being tested, not skill defaults - Add Aspire CLI installation guidance (GA, Dev, PR, and Staging builds) - Replace dotnet-specific commands with polyglot-friendly Aspire CLI (aspire add, aspire run) - Add Hex1b MCP tools section for terminal screenshots and asciinema recordings doc-writer skill: - Add AsciinemaPlayer component documentation for terminal recordings - Add Hex1b MCP tools guidance for creating new recordings - Add Aspire CLI installation guidance for testing documentation - Add aspire add recommendation for testing integration packages Other fixes: - Update Prettier extension recommendation to esbenp.prettier-vscode - Fix cross-platform path in frontend.esproj (backslash to forward slash) * Update Hex1b.McpServer to 0.66.0 --------- Co-authored-by: Mitch Denny <mitch@mitchdeny.com> * Fix PowerShell syntax in telemetry opt-out example --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com> Co-authored-by: Tristan <Tri125@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com> Co-authored-by: Mitch Denny <midenn@microsoft.com> Co-authored-by: Mitch Denny <mitch@mitchdeny.com>
IEvangelist
added a commit
that referenced
this pull request
Feb 7, 2026
* Clarify Azure AI Foundry format parameter documentation (#313) * Initial plan * Improve Azure AI Foundry format parameter documentation Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * Configure WAF on the Azure Front Door (#324) * Configure WAF on the Azure Front Door These policies are required by Microsoft to prevent DDOS attacks on the site. * Fix invalid wafPolicy name * Update resource creation in Node.js docs (#333) Correction to invalid syntax. * Add generic "Upgrade Aspire" article under What's new (#322) * Initial plan * Add Upgrade Aspire article and update sidebar configuration Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * Fix typo and remove broken link in Upgrade Aspire article Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * refactor: streamline Upgrade Aspire article and remove legacy content * fix: update Upgrade Aspire article for clarity and accuracy * chore: remove outdated setup and tooling link from Upgrade Aspire article * fix: update link to installation instructions for Aspire CLI in Upgrade Aspire article * fix: clarify upgrade instructions and remove outdated content in Upgrade Aspire article --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com> * Add CLI telemetry details page * Fix * Fix * Fix * Improve doc-tester and doc-writer skills, fix cross-platform paths (#361) * Add doc-writer and doc-tester skills with hex1b MCP server - Add doc-writer skill with Aspire documentation guidelines - Add doc-tester skill for validating documentation accuracy - Include common documentation rules from PR feedback patterns - Configure hex1b MCP server in .mcp.json, .vscode/mcp.json, opencode.jsonc - Add .doc-tester-workspace/ to .gitignore - Add .vscode/mcp.json exception to .gitignore * Improve doc-tester and doc-writer skills, fix cross-platform paths Key changes: doc-tester skill: - Add Knowledge Source Awareness section to distinguish between intrinsic knowledge and documentation-derived knowledge - Add Documentation Takes Priority guidance - follow the docs being tested, not skill defaults - Add Aspire CLI installation guidance (GA, Dev, PR, and Staging builds) - Replace dotnet-specific commands with polyglot-friendly Aspire CLI (aspire add, aspire run) - Add Hex1b MCP tools section for terminal screenshots and asciinema recordings doc-writer skill: - Add AsciinemaPlayer component documentation for terminal recordings - Add Hex1b MCP tools guidance for creating new recordings - Add Aspire CLI installation guidance for testing documentation - Add aspire add recommendation for testing integration packages Other fixes: - Update Prettier extension recommendation to esbenp.prettier-vscode - Fix cross-platform path in frontend.esproj (backslash to forward slash) * Update Hex1b.McpServer to 0.66.0 --------- Co-authored-by: Mitch Denny <mitch@mitchdeny.com> * Fix PowerShell syntax in telemetry opt-out example --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com> Co-authored-by: Tristan <Tri125@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com> Co-authored-by: Mitch Denny <midenn@microsoft.com> Co-authored-by: Mitch Denny <mitch@mitchdeny.com>
IEvangelist
added a commit
that referenced
this pull request
Feb 17, 2026
* Clarify Azure AI Foundry format parameter documentation (#313) * Initial plan * Improve Azure AI Foundry format parameter documentation Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * Configure WAF on the Azure Front Door (#324) * Configure WAF on the Azure Front Door These policies are required by Microsoft to prevent DDOS attacks on the site. * Fix invalid wafPolicy name * Update resource creation in Node.js docs (#333) Correction to invalid syntax. * Add generic "Upgrade Aspire" article under What's new (#322) * Initial plan * Add Upgrade Aspire article and update sidebar configuration Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * Fix typo and remove broken link in Upgrade Aspire article Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * refactor: streamline Upgrade Aspire article and remove legacy content * fix: update Upgrade Aspire article for clarity and accuracy * chore: remove outdated setup and tooling link from Upgrade Aspire article * fix: update link to installation instructions for Aspire CLI in Upgrade Aspire article * fix: clarify upgrade instructions and remove outdated content in Upgrade Aspire article --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com> * Add CLI telemetry details page * Fix * Fix * Fix * Improve doc-tester and doc-writer skills, fix cross-platform paths (#361) * Add doc-writer and doc-tester skills with hex1b MCP server - Add doc-writer skill with Aspire documentation guidelines - Add doc-tester skill for validating documentation accuracy - Include common documentation rules from PR feedback patterns - Configure hex1b MCP server in .mcp.json, .vscode/mcp.json, opencode.jsonc - Add .doc-tester-workspace/ to .gitignore - Add .vscode/mcp.json exception to .gitignore * Improve doc-tester and doc-writer skills, fix cross-platform paths Key changes: doc-tester skill: - Add Knowledge Source Awareness section to distinguish between intrinsic knowledge and documentation-derived knowledge - Add Documentation Takes Priority guidance - follow the docs being tested, not skill defaults - Add Aspire CLI installation guidance (GA, Dev, PR, and Staging builds) - Replace dotnet-specific commands with polyglot-friendly Aspire CLI (aspire add, aspire run) - Add Hex1b MCP tools section for terminal screenshots and asciinema recordings doc-writer skill: - Add AsciinemaPlayer component documentation for terminal recordings - Add Hex1b MCP tools guidance for creating new recordings - Add Aspire CLI installation guidance for testing documentation - Add aspire add recommendation for testing integration packages Other fixes: - Update Prettier extension recommendation to esbenp.prettier-vscode - Fix cross-platform path in frontend.esproj (backslash to forward slash) * Update Hex1b.McpServer to 0.66.0 --------- Co-authored-by: Mitch Denny <mitch@mitchdeny.com> * Fix PowerShell syntax in telemetry opt-out example --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com> Co-authored-by: Tristan <Tri125@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com> Co-authored-by: Mitch Denny <midenn@microsoft.com> Co-authored-by: Mitch Denny <mitch@mitchdeny.com>
IEvangelist
added a commit
that referenced
this pull request
Feb 18, 2026
* Clarify Azure AI Foundry format parameter documentation (#313) * Initial plan * Improve Azure AI Foundry format parameter documentation Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * Configure WAF on the Azure Front Door (#324) * Configure WAF on the Azure Front Door These policies are required by Microsoft to prevent DDOS attacks on the site. * Fix invalid wafPolicy name * Update resource creation in Node.js docs (#333) Correction to invalid syntax. * Add generic "Upgrade Aspire" article under What's new (#322) * Initial plan * Add Upgrade Aspire article and update sidebar configuration Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * Fix typo and remove broken link in Upgrade Aspire article Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> * refactor: streamline Upgrade Aspire article and remove legacy content * fix: update Upgrade Aspire article for clarity and accuracy * chore: remove outdated setup and tooling link from Upgrade Aspire article * fix: update link to installation instructions for Aspire CLI in Upgrade Aspire article * fix: clarify upgrade instructions and remove outdated content in Upgrade Aspire article --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com> * Add CLI telemetry details page * Fix * Fix * Fix * Improve doc-tester and doc-writer skills, fix cross-platform paths (#361) * Add doc-writer and doc-tester skills with hex1b MCP server - Add doc-writer skill with Aspire documentation guidelines - Add doc-tester skill for validating documentation accuracy - Include common documentation rules from PR feedback patterns - Configure hex1b MCP server in .mcp.json, .vscode/mcp.json, opencode.jsonc - Add .doc-tester-workspace/ to .gitignore - Add .vscode/mcp.json exception to .gitignore * Improve doc-tester and doc-writer skills, fix cross-platform paths Key changes: doc-tester skill: - Add Knowledge Source Awareness section to distinguish between intrinsic knowledge and documentation-derived knowledge - Add Documentation Takes Priority guidance - follow the docs being tested, not skill defaults - Add Aspire CLI installation guidance (GA, Dev, PR, and Staging builds) - Replace dotnet-specific commands with polyglot-friendly Aspire CLI (aspire add, aspire run) - Add Hex1b MCP tools section for terminal screenshots and asciinema recordings doc-writer skill: - Add AsciinemaPlayer component documentation for terminal recordings - Add Hex1b MCP tools guidance for creating new recordings - Add Aspire CLI installation guidance for testing documentation - Add aspire add recommendation for testing integration packages Other fixes: - Update Prettier extension recommendation to esbenp.prettier-vscode - Fix cross-platform path in frontend.esproj (backslash to forward slash) * Update Hex1b.McpServer to 0.66.0 --------- Co-authored-by: Mitch Denny <mitch@mitchdeny.com> * Fix PowerShell syntax in telemetry opt-out example --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: IEvangelist <7679720+IEvangelist@users.noreply.github.com> Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com> Co-authored-by: Tristan <Tri125@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com> Co-authored-by: Mitch Denny <midenn@microsoft.com> Co-authored-by: Mitch Denny <mitch@mitchdeny.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
These policies are required by Microsoft to prevent DDOS attacks on the site.