Azure service

Microsoft has announced the general availability of Azure Web Application Firewall in all Azure public regions. This will lead to better web application security since the firewall is added to the layer 7 Azure Application Gateway service.

In today’s world, Web applications have become primary and huge targets of malicious attacks that exploit common known vulnerabilities, such as SQL injection and cross site scripting attacks. To prevent and mitigate such exploits in the application requires rigorous maintenance, patching, and monitoring at multiple layers of the application topology.

With the introduction of a centralized web application firewall (WAF), web attacks can be minimized and hence, eases security management without requiring any application changes. Application and compliance administrators get better assurance against threats and intrusions.

Benefits of Azure Web Application Firewall

Following are the core benefits that Web Application Firewall provides:

Protection

  • Protect your application from web vulnerabilities and attacks without modifying backend code. WAF addresses various attack categories including:
    • SQL injection
    • Cross site scripting
    • Common attacks such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion attack
    • HTTP protocol violations
    • HTTP protocol anomalies
    • Bots, crawlers, and scanners
    • Common application misconfigurations (e.g. Apache, IIS, etc.)
    • HTTP Denial of Service
  • Protect multiple web applications simultaneously. Application Gateway supports hosting up to 20 websites behind a single gateway that can all be protected against web attacks.

WAF - App Gateway

Ease of use

  • Application Gateway WAF is simple to configure, deploy, and manage via the Azure Portal and REST APIs. PowerShell and CLI will soon be available.
  • Administrators can centrally manage WAF rules.
  • Existing Application Gateways can be simply upgraded to include WAF. WAF retains all standard Application Gateway features in addition to Web Application Firewall.

Monitoring

  • Application Gateway WAF provides the ability to monitor web applications against attacks using a real-time WAF log that is integrated with Azure Monitor to track WAF alerts and easily monitor trends. The JSON formatted log goes directly to the customer’s storage account. Customers have full control over these logs and can apply their own retention policies. Customers can also ingest these logs into their own analytics system. WAF logs are also integrated with Operations Management Suite (OMS) so customers can use OMS log analytics to execute sophisticated fine grained queries.

WAF - Access Log

  • Application Gateway WAF will shortly be integrated with Azure Security Center to provide a centralized security view of all your Azure resources. Azure Security Center scans your subscriptions for vulnerabilities and recommends mitigation steps for detected issues. One such vulnerability is the presence of web applications that are not protected by a WAF.

WAF - 1

WAF - 2

Customization

  • Application Gateway WAF can be run in detection or prevention mode. A common use case is for administrators to run in detection mode to observe traffic for malicious patterns. Once potential exploits are detected, turning to prevention mode blocks suspicious incoming traffic.
  • Customers can customize WAF RuleGroups to enable/disable broad categories or sub-categories of attacks. Therefore, an administrator can enable or disable RuleGroups for SQL Injection or Cross Site Scripting (XSS). Customers can also enable/disable specific rules within a RuleGroup. For example, the Protocol Anomaly RuleGroup is a collection of many rules that can be selectively enabled/disabled.

WAF - 3

More technical details on Azure Web Application Firewall can be found on this page
Source