---
title: Application gateways should have Web Application Firewall enabled
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Application gateways should have Web
  Application Firewall enabled
---

# Application gateways should have Web Application Firewall enabled
 
## Description{% #description %}

Azure Web Application Firewall (WAF) on Application Gateway protects web applications from common exploits such as SQL injection, cross-site scripting, and other OWASP Top 10 threats by inspecting and filtering incoming HTTP traffic. Each Application Gateway should have an associated WAF policy to actively protect against web-based attacks.

## Remediation{% #remediation %}

Associate a WAF policy with the Application Gateway. Create a WAF policy if one does not exist, then attach it to the gateway. For guidance, see [Create a Web Application Firewall policy for Application Gateway](https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/create-waf-policy-ag).