Overview of Azure Web Application Firewall
In this tutorial, we will get a brief about Azure Web Application Firewall.
The Web Application Firewall (WAF) protects your web applications from typical attacks and vulnerabilities from a central location. Malicious attacks that make use of well-known flaws are increasingly targeting them. Among the most popular attacks are SQL injection and cross-site scripting.
Preventing similar attacks in application code, on the other hand, is difficult. At several layers of the application structure, it may need meticulous maintenance, patching, and monitoring. The use of a centralized web application firewall simplifies security administration. Furthermore, a WAF provides application managers with greater certainty of threat and intrusion prevention.
Supported service
WAF can deploy with Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network (CDN) service from Microsoft. However, WAF on Azure CDN is currently under public preview. But, WAF has features that are customized for each specific service.
Azure Web Application Firewall on Azure Front Door
- Firstly, Azure Web Application Firewall (WAF) on Azure Front Door provides centralized protection for your web applications. However, WAF defends your web services against common exploits and vulnerabilities. It keeps your service highly available for your users and helps you meet compliance requirements.
- Secondly, WAF on Front Door is a global and centralized solution. It’s deployed on Azure network edge locations around the globe. WAF enabled web applications to inspect every incoming request delivered by Front Door at the network edge.
- Lastly, WAF prevents malicious attacks close to the attack sources, before they enter your virtual network. You get global protection at scale without sacrificing performance. A WAF policy easily links to any Front Door profile in your subscription.
What is Azure Web Application Firewall on Azure Application Gateway?
- Firstly, Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. However, Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks.
- Next, WAF on Application Gateway is based on Core Rule Set (CRS) 3.1, 3.0, or 2.2.9 from the Open Web Application Security Project (OWASP). The WAF automatically updates to include protection against new vulnerabilities, with no additional configuration needed.
Reference: Microsoft Documentation