If you're creating an Application Gateway in Terraform for Azure you're using this resource
azurerm_application_gateway. This resource allows for some basic configuration of the Web Application Firewall through the
waf_configuration block. However the configuration there is very limited and basically restricted to turning it off and on and choosing the base rule set. If you want a custom rule then you need to break off the rules into a separate
azurerm_web_application_firewall_policy. This can then be referenced back in the
azurerm_application_gateway through the
You can use the advanced rules to set up things like Geographic restrictions. For instance this set of rules will block everything but requests from Canada and the US.
### Web application firewall settings