Jump to content

Search the Community

Showing results for tags 'azure'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Categories

  • autoexec.gr
  • Events
  • Γενικά

Forums

  • Γενικά
    • Τα πρωτοσέλιδα
    • Café
    • Λοιπά Θέματα
    • Ειδήσεις & Εκδηλώσεις
  • Προϊόντα
    • Εργαλεία και συμβουλές
    • Microsoft Office
    • Windows
    • Windows Server
    • Microsoft SQL Server
    • Exchange Server
    • SharePoint Server
    • Microsoft Hyper-V
    • Microsoft Azure
    • PowerShell
  • Τεχνολογία
    • Cloud
    • Virtualization
    • Management & Automation
  • Εκπαίδευση & Πιστοποίηση
    • Εκπαίδευση
    • Πιστοποίηση
  • Αγγελίες
    • Προσφορά Εργασίας
    • Αγοραπωλησίες
  • Archives
    • Γενικά
    • Εργαλεία και συμβουλές
    • Hardware
    • OS
    • Servers
    • Netwok & Security
    • Magazino

Blogs

  • Το προσωπικό σου blog
  • Bits & Bytes
  • Το Ελληνικό Exchange Blog
  • Ioannis Alexopoulos -- IT Blog
  • Εξομολογήσεις ενός διαχειριστή
  • Για την αντι-γραφή
  • spanougakis.com
  • Project Management: Art or Science? Profession or Competence?
  • BlackTrack
  • Hyper-Vangelis
  • Frees Point
  • Klag Rulez
  • Heimaros
  • Info Overflow
  • The dark side
  • Greek Active Directory Blog
  • The Greek Windows PKI blog
  • Greek Geek Girls "3G"
  • Tips, Tricks and Recipes for IT Pros
  • There is nothing like 127.0.0.1
  • kpsalida's Blog
  • απλά...το βλογ μου
  • Θέλω να γίνω τσομπάνης!
  • Holy IT
  • Admin
  • Catastrophic Failure
  • Rocking with Knowledge of SQL Server
  • Apple Macintosh in the Enteprise
  • Firewall In A Nutshell
  • The Infrastructurer
  • Smart Office
  • Το άδειο σεντούκι
  • iThalis
  • Παιδιά! Έχουμε mail ?
  • SBS & όχι μόνο , Ioannis Zontos
  • Paradigm Shift
  • Αη-Τι (ο άγιος Τι)
  • The TroubleShooter
  • George Markou's Blog
  • fmarkos' Blog
  • dead:beef::1
  • Vaggelis' Blog
  • Proxima's IT Admin Corner

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Occupation

Found 194 results

  1. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  2. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  3. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  4. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  5. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  6. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  7. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  8. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  9. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  10. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  11. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  12. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  13. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  14. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  15. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  16. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  17. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  18. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  19. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  20. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  21. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  22. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  23. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  24. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
  25. At the previous post we created an Azure Front Door to scale our web apps across Azure Regions and also publish them only through the Front Door’s URL. At this post we will create Web Application Firewall (WAF) rules, to protect our web apps. To add WAF functionality to the Front Door we need first to create WAF rules and then attach them to the Front Door Create the WAF Rule From the Azure Marketplace search for WAF and create a Web Application Firewall At the “Create a WAF policy” wizard select “Global WAF (Front Door) for policy, provide the subscription and resource group, give a name for the policy and select if you want it to be created enabled or disabled. At the next step select if the policy will prevent the action or just detect and report it. You can change this later too. You can provide a Redirect URL for rules that support redirection. The default status code is 403 but we can change it to e.g. 404. We can also add a custom response body. The next step is the rule. We can select one or more predefined rule sets and then customize at will. To customize, expand the rule set and select a rule. You can enable / disable the rule and you can change the action to Allow, Block, Lod or Redirect. WAF Custom Rule The next step is the custom rules. There’s a lot to customise here. First are the rule type settings. Select status of the rule, enabled or disabled. Select the Rule type between Match and Rate limit. If you select rate limit you will be prompt to set rate limit and threshold. The final rule tupe setting is to set the priority of the rule. Next is the Conditions (If this) and the action (then that). The condition can be Geolocation, IP address, Size or String. After selecting the Match Type the rest options are altered accordingly. The action can be Allow traffic, Deny traffic, Log traffic only or Redirect traffic For the demo I created a rule that will Deny all traffic from The Netherlands, because I can test it from an Azure VM located at the West Europe Region. The next step is to associate the rule to the Front Door. After that assign Tags if needed and create the rule. Once the Rule is ready, a “Front Door WAF policy” resource will be at the selected Resource Group. Inside the Front Door, at the Web application firewall section, you can review the assigned rules. Test 1 From an Azure VM at West Europe Region, I tried to access the Front Door’s URL and we can see my custom 403 body text! Test 2 From my Computer I tested a typical SQL Injection attack from https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) . Again my custom 403 page! The post Use Web Application Firewall (WAF) Rules with the Front Door to protect your app appeared first on Apostolidis IT Corner.
×
×
  • Create New...