Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Use and setup of WAF with Azure App Service Web Application?

I run a number of App Service MVC Asp.Net web applications. I think it would be a good idea to add a WAF to the front the App Service website to enable OWASP protection as well as more visibility on suspicious attacks. Also I would want this to be linked into Azure Security Centre.

As far as I can see this is not a problem with VM websites, but with App Service websites I have seen SO comment (April 2017) about how this may not be supported. Although this information may be outdated now.

1) Am I just trying to replace existing threat detection features that is built into App Services, so adding a WAF is not required?

2) If required, is App Service WAFs supported, and especially linked to Azure Security Centre.

3) If required and possible, then any pointers please?

By the way, I have considered the use of Cloudflare as a WAF wrapper around Azure which looks interesting, but intitially wanted to check out Azure functionality to start with.

Thanks.

like image 702
SamJolly Avatar asked Apr 04 '18 00:04

SamJolly


People also ask

How do I enable WAF in Azure App Service?

In the Azure portal, select New > Network > Application Gateway to create an application gateway. In Tier dropdown list, you can select Standard V2 or WAF V2 to enable WAF feature on the application gateway.

Do you need a WAF for Azure App Service?

1) WAF is supported and recommended even for App Service because it will improve your security capabilities while also providing you with more control and real-time monitoring.

Does Azure App Service have a firewall?

Azure Firewall uses a static public IP address for virtual network resources, which allows outside firewalls to identify traffic that originates from your virtual network.

Is Azure application gateway a WAF?

Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities.


1 Answers

1) WAF is supported and recommended even for App Service because it will improve your security capabilities while also providing you with more control and real-time monitoring.

Configure App Service Web Apps with Application Gateway

2) Yes to both. See here:

Azure Security Center and Microsoft Web Application Firewall Integration

3) See above links :)

like image 178
Bruno Faria Avatar answered Sep 23 '22 05:09

Bruno Faria