Azure WAF is a web application firewall that helps safeguard your online applications from typical attacks like SQL injection, cross-site scripting, and other web exploits. To govern access to your web applications, you can create a WAF policy that combines custom and managed rules.
As we have experienced that when we visit the shopping mall, we must first go through the security checkpoint, where everyone entering the mall is frisked and their baggage is scanned as per the security protocols defined in the shopping mall’s policies.
WAF, like the security checkpoint at Shopping-Mall, is the first line of defense between the website and the internet. All web traffic and requests to the server are passed through the web app firewall. Where the malicious requests are filtered out, and protection is provided against a diverse range of threats by the web app firewall.
In this blog, we will be discussing the Web Application Firewall and its applications on Azure.
Azure Web Application Firewall
A web application firewall (WAF) is a specialized form of network security system that filters, monitors, and blocks inbound and outbound HTTP traffic to and from a web service based on a configured policy, usually with predefined rule sets to choose from.
WAF Modes
Below are the two types of WAF modes:
• Detection: Monitors and Records all threat warning into a log file when we run WAF in “Detection” mode. In this mode, incoming requests are not blocked and will be recorded in WAF logs.
• Prevention: Detects and blocks incoming attack requests and the attacker simply gets a “403 Forbidden” error in Prevention mode. In this mode, attacks will be recorded in the WAF logs.
Supported Services:
There are three different options to create a WAF in Azure:
• Azure Front Door: A scalable, global entry point that uses Microsoft’s global edge network to build fast, secure, and scalable web applications.
• Azure Content Delivery Network (CDN): The global CDN solution to deliver high bandwidth content. This can be hosted in Azure or any other location.
• Azure Application Gateway: Web traffic load balancer that allows you to manage traffic to your web applications.
WAF Policy and Rules
The WAF policy consists of two types of security rules:
• Customer-created custom rules
• Managed rule sets, which are a collection of pre-configured rule sets managed by Azure
Custom rules are validated before the rules in a managed ruleset are processed. A rule consists of a match condition, a priority, and an action. When such a match is processed, rules with lower priorities are not processed.
We can create rules that fit our needs by combining managed and custom rules. For example, we can configure custom rules based on IP address, geographic location, HTTP parameters, size limit, and speed limit.
WAF Actions
WAF customers can choose to take one of the following actions when a request matches a rule’s conditions:
• Allow: The request goes through the WAF and is forwarded to the backend. No other lower priority rule can block this request.
• Block: The request is blocked, and WAF responds to the client without forwarding the request to the back end.
• Log: The request is logged in the WAF and WAF continues to evaluate the lower priority rules.
• Redirect: WAF redirects the request to the specified URI. The URI specified it is a policy-level setting. Once configured, all requests that match the Redirect action will be sent to that URI.
WAF protects against the following web vulnerabilities:
• SQL injection attacks
• Cross-site scripting attacks (XSS)
• Other common attacks, such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion.
• HTTP protocol violation
• HTTP protocol anomalies, such as the missing host user-agent and accept headers
• Bots, scanners & crawlers
• Common application misconfigurations (for example, IIS and Apache)
When malicious traffic is blocked by the WAF, no further action is usually required. However, consider checking Azure Security Center for attack details or checking Application Gateway logs in Azure Monitor.
Resource
Custom rules for Web Application Firewall v2 (Microsoft Azure Documentation)
Conclusion
Azure WAF is one of the key pillars of security in Azure. We have also discussed its features and elements.
To learn more about Azure Web Application Firewall.
