You can turn on the web application firewall after provisioning the application gateway. WAF can be configured in the following modes:

• Detection mode: The application gateway WAF will monitor and log all threat alerts to a log file. You need to make sure that the WAF log is selected and turned on. The WAF will not block the incoming requests when WAF is configured in Detection mode. 
• Prevention mode: In this mode, intrusions and attacks that have been detected by rules are actively blocked by the application gateway. The connection is terminated and the attacker will receive a 403 unauthorized access exception. Prevention mode continues to log such attacks in the WAF logs.

To enable WAF, take the following steps:

1. Open the Application Gateway resource again.
2. Under Settings, select Web application firewall. In the WAF blade, you have to switch the tier from Standard to WAF. We created an application gateway using the Standard tier in our PowerShell script. Then, you can select Detection or Prevention regarding the Firewall mode, and configure the required settings, as follows:

In this section, we covered three different ways of managing the Azure application load balancer. In the next section, we are going to cover Azure Front Door.