Azure Web Application Firewall Deployment [Hands On]


Azure

Author: Sahil Hulage
Reviewer: Deepak Prasad

Overview on Azure Web Application Firewall (WAF)

A Web Application Firewall (WAF) protects applications from multiple application-layer attacks. it may be cross-site scripting, SQL injection, cookie poisoning, etc. As we are moving towards cloud modernization, we should consider application security in account while publishing applications on the internet.

Azure provides Azure WAF service to provide their applications secure from internet attacks. it can be attached to the regional and global resources. Azure WAF is limited to working with Azure Front Door, Azure Application Gateway, and Azure CDN.

Azure WAF Dig

 

Prerequisite

  • Azure Subscription
  • Azure Front Door / Application Gateway for applying WAF
  • Basic Understanding of WAF

 

Step 01: - Creating WAF Policy

You can find WAF resources by simply searching it in your subscription as per the below image. You can get an overview of the service in the same pane.

Azure Web Application Firewall Deployment [Hands On]

 

Click on Create to start the wizard.  In the Basics tab you can see where you want to use this WAF policy. as mentioned you can use the WAF policy for limited resources.

Azure WAF

 

Next, you must give a name for your policy, like you can have multiple policies for multiple regional resources or multiple environments.

Azure WAF

 

Here we have a very interesting option to check. Policy state and Policy mode.

Policy state: - You can create WAF and let it disable for time being and then later you can attach it to resource and enable.

Policy mode: - We have Detection and Prevention.

Azure Web Application Firewall Deployment [Hands On]

 

Next, we must select a rule set that can be associated with WAF. A pre-configured rule set is enabled by default. This ruleset protects your web application from common threats defined in the top-ten Open Web Application Security Project (OWASP) categories

Azure Web Application Firewall Deployment [Hands On]

 

In the same way, you can change the behaviour of WAF rule action depending upon your application behaviour.

Azure Web Application Firewall Deployment [Hands On]

 

Policy setting helps you to create a response after something is blocked by your WAF. as per the above image you can set it up manually.

Azure Web Application Firewall Deployment [Hands On]

 

In the same way, we have options to create custom rules. as every organization has its own customization required to run its application.

Azure Web Application Firewall Deployment [Hands On]

 

And the final part is to associate WAF with Azure Services. as discussed, you can associate WAF with Front Door, Application Gateway, or Azure CDN.

Azure Web Application Firewall Deployment [Hands On]

Now, you can review and create the WAF policy.

 

Step 02: - How to attach WAF to Azure Front Door

In the above step, we have created a WAF policy for the global resource Front Door. Now we must attach it to the Front door as per the below steps.

After creating the WAF policy you can see the overview page. here you can see a number of rules, their associations, and their status like prevention mode or detect mode and you can change it from here also.

Azure Web Application Firewall Deployment [Hands On]

 

Go to the Association's tab and here you can see Add frontend. Click on that option.

Azure Web Application Firewall Deployment [Hands On]

You will get a list of Front Doors in your subscription. from that drop-down menu select the required front door.

You can follow the below article to deploy Front Door.

https://www.golinuxcloud.com/azure-front-door-tutorial/

 

Azure Web Application Firewall Deployment [Hands On]

 

Once you attached the WAF you can see the under associations tab. you can attach a single WAF to multiple Front-end hosts.

Azure Web Application Firewall Deployment [Hands On]

 

You can check the same from the front door WAF option. As per the below image, you can see its frontend host and attached WAF policy.

Azure Web Application Firewall Deployment [Hands On]

 

Step 03: - Monitor and access WAF logs

Basically, it’s very important to monitor WAF logs to understand the behaviour of our application. it should not be the case that WAF is blocking legitimate requests.

You can monitor WAF using Front Door metrics. As per the below image you can see we have to select WAF as a metric to show results.

Azure Web Application Firewall Deployment [Hands On]

and for storing logs of WAF you must enable the diagnostic setting of the attached resource. you can see the below image on how to enable the diagnostic setting for storing WAF logs.

First, go to the Diagnostics setting. and click on add diagnostic setting

Azure Web Application Firewall Deployment [Hands On]

 

Next, you can see Categories where you can select which logs you to store and where you want to store them.

We have options to store logs into Log Analytics, Storage account and etc. mostly will use log analytics as it works with the front door hand in hand and gives is seamless results. but if you want to store logs for the long term, I recommend you store them in a storage account.

It takes time to populate log into log analytics to show the results. you can query it from logs.

Examine WAF logs using Azure Log Analytics - Azure Application Gateway | Microsoft Docs

 

Summary

Azure Web Application Firewall (WAF) is an advanced version of a traditional firewall that resides on the outer edge of the network, in front of the public side of a web application. It works based on specific security rule sets.

WAF intercepts & analyzes each and every HTTP request before they reach the web application. It protects web applications from the below threatening cyber-attacks. It detects suspicious network traffic and automatically filters the same.

 

References

 

Sahil Hulage

Sahil Hulage

He possesses over 5+ years of experience as a Cloud Consultant, specializing in Azure DevOps and CloudLinux. With his expertise, he implements and optimizes cloud solutions, ensuring seamless operations and efficient resource management. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment