Introduction to Azure WAF (Web Application Firewall)
The Azure WAF (Web Application Firewall) provided in the Azure Application Gateway provides integrated security of web applications from shared exploitation and vulnerability. As web applications are increasingly targeted by aggressive attacks that exploit commonly known vulnerabilities. Among the most interactive, the main attacks are cross-site scripting and SQL injection. From the OWASP (Open Web Application Security Project), WAF on Application Gateway is generally based on the CRS (Core Rule Set) 3.1, 3.0 or, 2.2.9. Therefore, a WAF policy is required to allow a Web Application Firewall on Application Gateway, including complete organized rules, exclusions, custom rules, and customizations like file upload limit.
Create Azure WAF
We can create Azure WAF using three various techniques:
- Azure Application Gateway: Helps to balance web traffic, which allows web apps to manage traffic.
- Azure Front Door: Unified security, worldwide, adaptable passage points which executes the Microsoft worldwide edge network for planning fast, secure, and comprehensively versatile web applications.
- Azure CDN (Content Delivery Network): Provides a global CDN solution for offering high-bandwidth content and can be hosted on Azure or anywhere else.
Example Commands of Azure WAF
For arranging Azure WAF, the beneath orders can be applied, however just to application doors having n SKU sort of WAF:
- AZ network application-gateway WAF-config list-rule-sets: Provides existing WAF rule sets, rule IDs, and rule group information.
- AZ network application-gateway WAF-config set: To update the firewall layout of a web application.
- AZ network application-gateway WAF-config show: Get the firewall configuration of a web application.
- Azure-WAF-policies-get: Helps restore security policy within a resource cluster. E.g., azure-waf-policies-get limit = 1.
- Azure-WAF-policies-list-all-in-subscription: Regains entire WAF policies in a provided subscription. The command example can be: azure-waf-policies-list-all-in-subscription limit=3.
- Azure-WAF-policy-update-or-create: It creates or updates a specific policy with a specific ruleset name within a resource cluster.
- Azure-WAF-policy-delete: Removes an existing policy.
- Azure-WAF-auth-start: Starts the approval process and follows the command result instructions.
- Azure-WAF-auth-complete: Helps to achieve the approval process.
- Azure-WAF-auth-reset: To repeat the authorization process.
- Azure-WAF-auth-test: Checks the connection.
Benefits of Azure WAF
Below are the basic benefits mentioned in WAF Application Gateway offers as follows:
- Without modification to back-end code, secure the web applications from web susceptibilities and assaults.
- Protect different web applications at an indistinguishable time. An outline of Application Gateway can have up to 40 sites that are gotten by a web application firewall.
- Design custom WAF strategies for different sites behind matching WAF.
- Secure your web applications from vindictive bots, including the IP Reputation rule set.
- Monitor attacks against any web application via real-time WAF logs. The log is included with Azure Monitor for easy tracing of WAF alerts and monitoring trends.
- The Application Gateway WAF is incorporated with having Azure Security Centre that conveys a critical assessment of the security condition of whole Azure resources.
- Customize WAF rules and rule groups to suit application requirements and remove false positives.
- Relate a WAF Policy for each site behind the WAF to concurs for the site-explicit plan.
- Design custom rules to suit the requirements of the application.
Some features of Azure WAF are as follows:
- Protection against cross-site scripting.
- Defence against SQL injection.
- Protection against HTTP protocol violations.
- Defence against crawlers and scanners.
- Protection against HTTP protocol differences like absent host user-agent and agree on headers.
- Protection against a few mutual web attacks like command injection, HTTP response splitting, remote file inclusion, and HTTP request smuggling.
- Detection of shared application misconfigurations, such as IIS and Apache.
- Configuration request size limits, including lower and upper bounds.
- Design custom rules that suit the particular necessities of the applications.
Rules of Azure WAF
For enabling a WAF on Application Gateway, the user should design a WAF policy for protection that consists of two kinds of security rules, such as the entire managed rules and custom rules and exclusions with other customizations like file upload. This WAF policy linked to a web application can be at a per-URI level, global level, and per-site level.
If both are accessible, the custom principles may be dealt with before taking care of the standards in an oversaw rule set. We can characterize a standard as a creation of a match condition, a need, and an activity. The kinds of activity upheld are LOG, BLOCK, and ALLOW. Here, need expresses an unmistakable number that diagrams the request for rules to be handled. A more modest entire number worth signifies a higher need, and those rules are determined first before the principles having a higher entire number worth. In the wake of coordinating, the activity is performed, though the lower need rules won't be overseen further.
- Core rule sets: Application Gateway Provision Name three rule sets: CRS 2.2.9, CRS 3.0, and CRS 3.1. These rules protect web applications from malicious activity.
- Custom rule: The application gateway even supports custom rules that anyone can use to create their own rules that are calculated for each request, which is allowed through WAF. Here, these rules have a greater priority than the rest of the rules in the set of organized rules. An action permit or block is occupied when an agreed set of conditions is encountered. The match operator is currently accessible for custom rules.
Azure WAF Modes
The WAF on Application Gateway can be set up to execute in the succeeding two modes:
- Detection mode: In the Diagnostics area, the administrator continues logging diagnostics for Application Gateway. Screens and logs are entirely dangerous cautions. WAF log is named with turned on mode ought to be made affirmed. While executing in Detection mode, WAF won't hinder the approaching solicitations.
- Prevention mode: It blocks and attacks intrusions that detect rules. The connection will be closed if the attacker receives a “403 Unauthorized Access” exception. Such attacks are recorded on WAF logs in prevention mode.
- Annotation: You should execute a recently introduced Azure WAF in a creative climate for a brief timeframe in Detection mode. This offers the opening to secure firewall logs and alter any exemptions or custom guidelines going before progressing to the Prevention mode, which helps to diminish the occurrence of unpredicted obstructed traffic.
Azure WAF is a cloud-native service that protects web apps from shared web-hacking methods like SQL injection and security exposure like cross-site scripting. You can install this Azure service in minutes to get a full reflection on the environment and block the malicious attack before it reaches our server.