Share via

Is it possible to allow multiple cookies in a custom rule in Frontdoor WAF?

Sebastian Enström 25 Reputation points
2026-02-05T13:00:44.64+00:00

Hi.

Like the title says. We have now a bunch of cookies that we need to allow through the WAF. We have solved this with exclusions for now, but I would like to move them to custom rule(s) to try and clean up the exclusion a bit.
Is it possible to have a collection rule with all these cookies, or is one rule per cookie the only way to build? So far I have not found a way.

BR

Azure Web Application Firewall
0 comments
Answer accepted by question author
  1. Ganesh Patapati 10,990 Reputation points Microsoft External Staff Moderator
    2026-02-05T13:37:05.9866667+00:00

    Hello Sebastian Enström

    No — Azure Front Door WAF does not currently support a single custom rule that matches multiple cookie names in one “collection” rule. You must create one custom rule per cookie, or continue using exclusions

    Here are some steps you could take:

    1. Create Individual Rules: Set up separate custom rules for each cookie you want to allow. You would use match conditions based on HTTP parameters, specifically targeting the cookies you want to permit.
    2. Use Match Conditions: Ensure each custom rule specifies the cookie name as part of the request's parameters. For instance, if you want to allow a cookie named sessionId, your rule would look for that.
    3. Prioritize Your Rules: If necessary, make sure that the priority is set accordingly. Custom rules in WAF are evaluated first, so you should adjust the priorities for optimal performance.

    NOTE: Front Door WAF custom rules are built from match conditions. Each match condition can evaluate one request attribute (header, cookie, query string, etc.), but the “CookieName” selector matches a single cookie at a time, and multiple cookie names cannot be combined in one match condition or multi-condition rule. Thus, the WAF engine requires separate rules.

    References for Further Guidance:

    Hope the above answer helps! Please let us know do you have any further queries.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.