Azure WAF on Application Gateway

Azure Web Application Firewall (WAF) on Application Gateway provides centralized protection for web applications against common exploits and vulnerabilities. Key features include:

• SQL injection protection
• Cross-site scripting (XSS) protection
• Defense against command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion
• HTTP protocol violation and anomaly detection
• Bot mitigation and crawler/scanner protection
• Custom rule creation for application-specific security
• Geo-filtering to block/allow traffic by country/region
• JSON and XML body inspection

🔗 Azure WAF on AppGW: https://lnkd.in/gsbwR5_V

You Should Know:

1. Deploying Azure WAF via CLI

az network application-gateway waf-policy create \ 
--name MyWAFPolicy \ 
--resource-group MyResourceGroup \ 
--location eastus \ 
--type Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies 

2. Enabling OWASP Core Rule Set (CRS)

az network application-gateway waf-policy managed-rule add \ 
--policy-name MyWAFPolicy \ 
--resource-group MyResourceGroup \ 
--type OWASP \ 
--version 3.2 

3. Creating a Custom WAF Rule

az network application-gateway waf-policy custom-rule create \ 
--name BlockMaliciousUserAgent \ 
--policy-name MyWAFPolicy \ 
--resource-group MyResourceGroup \ 
--action Block \ 
--rule-type MatchRule \ 
--match-conditions "User-Agent=evilbot" \ 
--priority 100 

4. Geo-Blocking Traffic

az network application-gateway waf-policy custom-rule create \ 
--name BlockNonUS \ 
--policy-name MyWAFPolicy \ 
--resource-group MyResourceGroup \ 
--action Block \ 
--rule-type GeoMatch \ 
--geo-match "US" \ 
--priority 200 

5. Testing WAF with cURL

curl -X POST http://yourapp.com/login \ 
-H "User-Agent: evilbot" \ 
-d "username=admin' OR 1=1--" 

(Should be blocked if SQLi protection is enabled.)

6. Monitoring WAF Logs

az monitor log-analytics query \ 
--workspace MyWorkspace \ 
--query "AzureDiagnostics | where Category == 'ApplicationGatewayFirewallLog'" 

What Undercode Say

Azure WAF on Application Gateway is a powerful tool for securing web applications against OWASP Top 10 threats. Key takeaways:

• Always enable OWASP CRS for baseline protection.
• Use custom rules to tailor security for your app.
• Monitor logs for attack patterns and false positives.
• Combine with DDoS protection for multi-layered security.

For Linux admins, integrating WAF logs with Logstash or Splunk enhances visibility:

grep "SQL Injection" /var/log/azure-waf.log | awk '{print $1, $6}' 

Windows admins can use PowerShell for WAF management:

Get-AzApplicationGatewayFirewallPolicy -Name MyWAFPolicy -ResourceGroupName MyRG 

For advanced threat hunting, consider KQL queries in Azure Sentinel:

AzureDiagnostics 
| where Category == "ApplicationGatewayFirewallLog" 
| where Message contains "XSS" 

Expected Output:

A well-configured Azure WAF should:

✅ Block SQLi, XSS, and malicious bots.

✅ Log attacks for forensic analysis.

✅ Allow granular control via custom rules.

✅ Integrate with SIEM for real-time alerts.

🔗 Further Reading:

• OWASP Top 10
• Azure WAF Documentation

References:

Reported By: Nett Azure – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram