Azure-Enabling web application firewall on Application gateway

Posted: June 20, 2018 in Azure

Web application firewall (WAF) is a feature of Application Gateway that provides centralized protection of  web applications from common exploits and vulnerabilities.

Web Application Firewall work differently from a standard IP firewall. A normal firewall is designed to block individual TCP or UDP ports, or to restrict the type of traffic that’s allowed to flow across a particular port. However, WAFs are designed to monitor HTTP or HTTPS traffic that’s being sent to a Web application. The firewall’s job is to determine whether the traffic is normal user traffic, or if it’s something malicious. An example of a malicious request might be a hidden field manipulation attack. If malicious traffic is detected, then the WAF will block the request to prevent it from reaching the Web application server, and will typically also terminate the session.

In Azure portal click new resource-Application Gateway

1.PNG

Select WAF (SKU size needs to be minimum medium)

2.PNG

Choose network and subnet

Firewall modes:

Detection-malicious access will be allowed and logged

Prevention:malicious access will be denied

3.PNG

Creating Backend pool

On Application gateway properties click Backend Pools-add your web servers to pool

4.PNG

Test access:

6.png

7.PNG

Simulating atack

http://40.115.6.212/?XSSAttack=%22%3E%3Cscript%3Einserting-bad-script-here%3C/script%3E%3C%22

Access will be denied

 

8.PNG

We can allow specific traffic based on OWASP 3.O rule set, in example below ATTACK-XSS and ATTACK-SQLI will be allowed (script above)

On Web application firewall click on Advanced rule configuration

 

9.PNG

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s