This tweet discusses a common issue with Azure Front Door Web Application Firewall (WAF). The issue can be seen either as a misconfiguration or a feature, depending on perspective. Azure Front Door is a service that provides security and performance enhancement for web applications, including a WAF to filter and monitor HTTP traffic to and from an application. The WAF is designed to protect web applications by filtering out malicious traffic. However, this particular situation highlights how certain configurations might allow malicious traffic to bypass the protection, effectively rendering the WAF less effective. This could be due to specific rules that are either too permissive or not properly tuned for the application they protect. It is important for administrators using Azure Front Door WAF to carefully review and understand their WAF configuration and the features they enable, ensuring that the rules are appropriately set to block attacks like SQL Injection (SQLi), Cross-Site Scripting (XSS), Remote Code Execution (RCE), and other common web vulnerabilities. Constant monitoring and testing, including penetration testing and using payloads designed to test the WAF’s filtering capabilities, are recommended best practices to avoid this common pitfall.