waf-audit

Community

Scan AFD WAF for upload-blocking misconfigurations.

Authortmalcolm-0607
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Azure Front Door WAF managed rules 200002 and 200003 silently block file uploads exceeding the 128KB body inspection limit, returning HTTP 403 errors that never reach the application backend and making root cause analysis extremely difficult. This skill scans Bicep and ARM deployment templates to detect these misconfigurations, classifies risk across 5 key dimensions, and generates API-version-aware remediation snippets.

Core Features & Use Cases

  • Automated Template Scanning: Discovers AFD WAF policies in Bicep and ARM JSON templates across entire repository directories, including parameterized modes and conditional deployment gates.
  • 5-Dimension Risk Classification: Evaluates deployment state, WAF mode, request body check status, rule override compliance, and upload exposure to assign accurate risk levels from DEFERRED to CRITICAL.
  • Remediation Generation: Produces ready-to-use Bicep fix snippets that disable rules 200002 and 200003 for confirmed upload services, with API-version-safe syntax that omits unnecessary action fields.
  • Advisory Reporting: Flags App Gateway WAF OWASP CRS rules that may block multipart uploads, and compares live template scans against a dated baseline to detect infrastructure-as-code drift.
  • Use Case: A cloud engineer preparing to promote an AFD WAF policy from Detection to Prevention mode can run this audit to confirm no upload-blocking rules are active, avoiding production outages for file upload endpoints.

Quick Start

Use the waf-audit skill to scan your repository's infrastructure-as-code templates for Azure Front Door WAF misconfigurations that block file uploads.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: waf-audit
Download link: https://github.com/tmalcolm-0607/mad-council-claw/archive/main.zip#waf-audit

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.