Azure Web Application Firewall(WAF) - Overview
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of our web applications from mundane exploits and susceptibilities. Commonly known vulnerabilities are SQL injection, cross-site scripting, and more...
The below architecture diagram describes how Application Gateway avails in routing different websites with different domains hosted on different servers from the same Application Gateway and how the requests can be filtered and accepted/blocked predicated on the type of traffic.
Application Gateway operates as an application delivery controller (ADC). It offers Convey Layer Security (TLS), termination, cookie-predicated session affinity, round-robin load distribution, content-predicated routing, faculty to host multiple websites, and security enhancements.
Application Gateway security enhancements include TLS policy management and end-to-end TLS support. Application security is fortified by WAF integration into the Application Gateway. The combination protects our web applications against mundane vulnerabilities. And it provides a facile-to-configure central location to manage.
Features
- Protection against SQL-injection and Cross-site scripting.
- Protection against common web attacks, such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion.
- Protection against HTTP protocol breaches.
- Protection against HTTP protocol anomalies, such as missing host utilizer-agent and accept headers.
- Protection against crawlers and scanners.
- Detection of common application misconfigurations(for example, Apache and IIS).
- Configurable request size limits with lower and upper bounds.
- Protect our applications from bots with the bot mitigation ruleset.
Benefits
Following are the core benefits that Web Application Firewall on Application Gateway provides:
Protection
- Protect our web applications from web vulnerabilities and attacks without modification to back-end code.
- Protect multiple web applications concurrently. An instance of Application Gateway can host up to 40 websites that are forfended by a web application firewall.
- Engender custom WAF policies for different sites abaft the same WAF
- Forfend your web applications from malevolent bots with the IP Reputation ruleset.
Monitoring
- Monitor attacks against our web applications by utilizing a genuine-time WAF log. The log is integrated with Azure Monitor to track WAF alerts and facilely monitor trends.
- The Application Gateway WAF is integrated with Azure Security Center. Security Center provides a central view of the security state of all your Azure resources.
Customization
- Customize WAF rules and rule groups to suit our application requisites and eliminate false positives.
- Associate a WAF Policy for each site abaft our WAF to allow for site-specific configuration
- Engender custom rules to suit the needs of our application