You can configure the settings of the WAF by following these steps:

1. Navigate to the application gateway.
2. Under SETTINGS, click on Web application firewall, and a new blade will be opened. In this scenario, it is a standard application gateway that will be upgraded to WAF:

3. To upgrade the application gateway to WAF, you need to tick Upgrade to WAF tier. Then, you will have to specify the following settings:
   • Firewall status: You can specify whether you want to enable it or disable it by selecting the status you want. If it is enabled, you will be able to configure its settings.
   • Firewall mode: Specify whether you want the firewall to work in Detection or Prevention mode.
   • Rule set: The protections provided for Azure Application Gateway (WAF) are provided by the Open Web Application Security Project (OWASP). At the moment, it supports two versions of OWASP. So, if you click on the drop-down list, you can select OWASP 3.0 or OWASP 2.2.9.
   • Advanced rule configuration: By default, all the rules of the rule set you select will be applied. However, if you want to customize these rules, you can select this option. As a result, all the rules of the rule set will be displayed, and you can unselect the rule if you do not want to get it applied.

4. Once you are done with the configurations, do not forget to click on Save, and the application gateway will be upgraded to WAF.