Jump to content
Sign in to follow this  
  • entries
    355
  • comments
    0
  • views
    77919

Use Web Application Firewall (WAF) Rules with the Front Door to protect your app

Sign in to follow this  
proximagr

11 views

At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door

Create the WAF Rule

From the Azure Marketplace search for WAF and create a Web Application Firewall

image.png

At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled.

 

image-1.png

At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body.

image-2.png

The next step is the rule. We can select one or more predefined rule sets and then customize at will.

image-3-1024x571.png

To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect.

image-4-1024x276.png

WAF Custom Rule

The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule.

rules.gif

Next is the Conditions (If this) and the action (then that).
The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly.

conditions.gif

The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic

 

image-6.png

For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region.

image-7.png

The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule.

image-8.png

Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group.

image-9.png

Inside the Front Door, at the Web application firewall section, you can review the assigned rules.

image-10.png

Test 1

From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text!

image-11.png

Test 2

From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page!

image-13-1024x323.png

Share

The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.


Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...