Azure WAF Cloud-Native App Protection and Support

Author

Reads 1.2K

Woman using a secure mobile app, showcasing data encryption on a smartphone.
Credit: pexels.com, Woman using a secure mobile app, showcasing data encryption on a smartphone.

Azure WAF offers cloud-native app protection and support, providing a robust defense against web attacks.

With Azure WAF, you can protect your web applications from common threats like SQL injection and cross-site scripting.

Azure WAF supports multiple deployment models, including Azure Resource Manager and classic deployments.

Azure WAF is integrated with Azure Monitor and Azure Log Analytics, making it easy to monitor and analyze security-related data.

Azure WAF includes a rule set that is updated regularly to keep up with the latest threats and vulnerabilities.

Azure WAF Security

Azure Web Application Firewall (WAF) protects web apps from common web-hacking techniques such as SQL injection and security vulnerabilities like cross-site scripting.

Microsoft invests more than USD1 billion annually on cybersecurity research and development, and employs over 3,500 security experts dedicated to data security and privacy.

Comprehensive protection for the Open Web Application Security Project (OWASP) top 10 security risks is provided by Azure WAF.

Custom and managed rule sets can be used to prevent malicious attacks at the edge.

Credit: youtube.com, Web Application Firewall Azure Configuration | WAF Step by Step

Real-time visibility into your environment and security alerts are available with Azure WAF.

Azure WAF can be easily deployed with no additional software agent required, making it a convenient solution for securing web apps.

Azure Policy can be used to help enforce organizational standards and assess compliance at scale for Web Application Firewall resources.

WAFs operate at Layer 7, focusing on the traffic that flows between web applications and the internet.

Here are some key benefits of using Azure WAF:

  • Comprehensive protection for OWASP top 10 security risks
  • Custom and managed rule sets to prevent malicious attacks
  • Real-time visibility into your environment and security alerts
  • Agentless deployment for ease of use
  • Compliance at scale with Azure Policy

Azure WAF Features

Azure Web Application Firewall has some amazing features that make it a powerful tool for protecting your web applications.

Managed Rules are automatically updated by Microsoft to ensure up-to-date protection, identifying and blocking common threats.

You can also create Custom Rules to extend coverage to address specific threats that may be unique to your web application.

Azure Web Application Firewall Policies bring together managed and custom rules, along with other firewall settings, to create comprehensive security policies tailored to protect different web applications.

Credit: youtube.com, What's New in Azure WAF: Rate Limiting and Log Scrubbing

Azure WAF operates in two modes: Detection mode logs incidents but doesn't block them, while Prevention mode not only logs incidents but actively blocks unauthorized requests.

You can specify certain attributes to be ignored during request validation, providing flexibility in handling specific scenarios.

Here are the different modes of Azure WAF:

You can also configure Azure WAF to flag requests that exceed a defined size limit, helping to manage and control the traffic your web application receives.

Azure WAF integrates with Azure Monitor to ensure that you receive immediate alerts when it detects potential threats, enabling swift response to security issues.

Azure WAF Pricing and Plans

Azure WAF offers two distinct pricing plans: the Basic Application Gateway, which starts at $18.25 per month, and the Web Application Firewall Application Gateway, priced at $91.98 per month.

If you're on a tight budget, the Basic Application Gateway might be the way to go. However, if you need more advanced features, the Web Application Firewall Application Gateway is the better choice.

You can also expect to pay extra for add-on charges, such as custom rules, which cost $1 per month, and requests processed, which cost $0.6 per million requests.

Pricing Options

Credit: youtube.com, Azure - How to Price Application Gateway?

Azure Web Application Firewall offers two distinct pricing plans: the Basic Application Gateway and the Web Application Firewall Application Gateway. The Basic Application Gateway is available at a starting cost of $18.25 per month.

If you need more advanced features, the Web Application Firewall Application Gateway is priced at $91.98 per month.

If you're looking to add custom rules to your Web Application Firewall, you'll need to consider the custom rules pricing. Custom rules cost $1 per month, while requests processed cost $0.6 per million requests.

Managed rulesets are another option, with the default ruleset costing $20 per month. Requests processed for the managed ruleset cost $1 per million requests.

Here's a summary of the add-on charges:

Subscriptions List

You can get all subscriptions for a tenant using the `azure-waf-subscriptions-list` command. This command returns a list of subscriptions with their respective IDs and display names.

The subscription ID is a unique identifier for each subscription, and it's used to identify the subscription in Azure. You can also filter subscriptions by their authorization source and tenant ID.

Credit: youtube.com, Azure Subscription Plans | Subscription Types | Upgradation of Subscription

Here's a list of the properties returned by the `azure-waf-subscriptions-list` command:

You can use the `azure-waf-subscriptions-list` command to get a list of subscriptions for your tenant, and then use the subscription ID to retrieve more information about each subscription.

Azure WAF Configuration and Management

Azure WAF configuration and management is a breeze with the right tools and knowledge. You can protect your web applications in just a few minutes with the latest managed and preconfigured rule sets, increasing security, reducing false positives, and improving performance.

To configure Azure WAF, you'll need to navigate to Settings > Integrations > Servers & Services, search for Azure Web Application Firewall, and click Add instance to create and configure a new integration instance. This will prompt you to enter various parameters, including App ID, Default Subscription ID, and Authentication Type.

Azure WAF policies can be retrieved within a resource group using the command `azure-waf-policies-get`, or all WAF policies in a subscription can be listed using the command `azure-waf-policies-list-all-in-subscription`. This command has various optional arguments, including `verbose`, `limit`, and `subscription_id`.

Here are the optional arguments for the `azure-waf-policies-list-all-in-subscription` command:

Get Started

Credit: youtube.com, Azure Web Application Firewall (WAF) | Part 1 of 2

To get started with Azure WAF configuration and management, you should configure your Web Application Firewall in the Azure portal.

First, you'll want to create an application gateway with Azure Web Application Firewall in the Azure portal, which is explained in the tutorial provided.

Next, you can create a Web Application Firewall policy for Azure Front Door in the Azure portal, another tutorial that can guide you through the process.

Azure offers learning modules to help you get started, such as the Introduction to Azure Web Application Firewall learning module.

By starting with these foundational steps and resources, you'll be well on your way to effectively configuring and managing your Azure WAF.

Policy Update/Create

To update or create a policy with Azure WAF, you can use the `azure-waf-policy-update-or-create` command. This command allows you to create or update a policy with a specified rule set name within a resource group. You can specify the policy name, resource group name, and managed rules, among other parameters.

Credit: youtube.com, Azure Application Gateway Policies (WAF) Configuration | Geo Filters | Custom Rules

You can use the following syntax to update or create a policy:

`azure-waf-policy-update-or-create policy_name="example_policy" resource_group_name="demisto-sentinel2" location="WestUs" managed_rules="{ \"managedRuleSets\": [{\"ruleSetType\": \"OWASP\",\"ruleSetVersion\": \"3.0\"}]}"`

This will create a policy named "example_policy" in the "demisto-sentinel2" resource group with the OWASP rule set version 3.0.

The `azure-waf-policy-update-or-create` command also allows you to specify other parameters, such as the resource ID, location, and custom rules. You can use the `verbose` parameter to retrieve the full details of the policy.

Here is a summary of the available parameters for the `azure-waf-policy-update-or-create` command:

False Positives

False Positives can be frustrating. Sometimes, Azure WAF will block legitimate traffic, such as Azure AD SSO in a blog.

To investigate these false positives, you need to turn on WAF logs. Go to the Azure Front Door associated with this WAF, enter Diagnostic settings, and click + Add diagnostic setting.

You'll want to check FrontdoorWebApplicationFirewallLog in Category details and keep logs for 30 days. Set the log destination to 2 locations, such as Log Analytics and a storage account.

Credit: youtube.com, How to Tune Your Azure WAF

After accessing the blocked URL again, wait a few minutes for the logs to be sent to the destination locations. WAF logs will appear in a container named ingishts-logs-frontdoorwebapplicationfirewalllog.

Open the container and find log files in Json format. Download and open the log to see which rule is blocking your request. In the log, you can see a rule named DefaultRuleSet-1.0-SQLI-942440 is blocking your request, and its ID can be used to filter rules in WAF settings.

The reason why this request got blocked is shown in the matches node. In this case, the ASP.NET Core cookie was considered suspicious, but it's actually safe.

To fix this issue, go back to the Azure WAF in the Azure portal, search for ID 942440, and filter out the particular rule. However, disabling the rule or setting its action as no block can be dangerous, as it may let real attacks through.

Instead, you need to set an exclusion just for your case. Click "Manage exclusions" and add a new exclusion for rule 942440. For quick demo purposes, you can allow anything with a .AspNetCore.Cookies cookie in this rule.

Configure on Cortex XSOAR

Credit: youtube.com, How to use WAF to protect your web applications with Azure Front Door | Azure Tips and Tricks

To configure Azure WAF on Cortex XSOAR, you'll need to navigate to Settings > Integrations > Servers & Services. From there, search for Azure Web Application Firewall and click Add instance to create and configure a new integration instance.

You'll then be presented with a list of parameters to fill in, including Default Subscription ID, which is required. You'll also need to select an Authentication Type, such as Authorization Code Flow, which is recommended.

The next step is to enter the necessary details for your Azure WAF instance, including Azure Managed Identities Client ID, if applicable. You can also choose to Trust any certificate, but this is not secure.

Before finalizing the configuration, click Test to validate the URLs, token, and connection. This will ensure that your Azure WAF instance is properly set up on Cortex XSOAR.

Commands

You can execute Azure WAF configuration commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.

Credit: youtube.com, Azure Application Gateway + Web Application Firewall

The commands provide a way to retrieve and manage Azure WAF policies, including getting policies, listing all policies in a subscription, and retrieving protection policies within a resource group.

The "azure-waf-policies-get" command retrieves protection policies within a resource group, and can be executed as is, without any arguments, to retrieve all policies.

You can also use the "azure-waf-policies-get" command with the "limit" argument to retrieve a specific number of policies. For example, "azure-waf-policies-get limit=2" will retrieve 2 policies.

The "azure-waf-policies-list-all-in-subscription" command retrieves all the WAF policies in a subscription, and can be executed with optional arguments such as "verbose", "limit", and "subscription_id".

Here's a summary of the arguments for the "azure-waf-policies-list-all-in-subscription" command:

After executing a command, a DBot message appears in the War Room with the command details.

Policy Delete

You can delete a policy using the `azure-waf-policy-delete` command.

The command requires the `policy_name` argument, which specifies the name of the policy to delete. If you don't provide `policy_name`, the command will retrieve all policies.

Credit: youtube.com, Remove WAF policy on Azure Gateway (2 Solutions!!)

You can also specify the `resource_group_name` argument to delete a policy from a specific resource group. If not provided, the instance's default resource group name will be used.

The `subscription_id` argument can be used to delete a policy from a specific subscription. If not provided, the integration default subscription ID will be used.

Here are the required arguments for the `azure-waf-policy-delete` command:

To delete a policy, simply run the `azure-waf-policy-delete` command with the `policy_name` argument, like this: `!azure-waf-policy-delete policy_name="example_policy"`.

Gateway V1

Azure WAF with Application Gateway v1 is a viable option for many users. This configuration is charged based on the amount of time the gateway is provisioned and available, as well as the amount of data processed by the application gateways.

For more detailed pricing information, refer to the Azure Application Gateway pricing page. There, you'll find specifics on additional non-WAF SKUs.

Application Gateway Type is a key consideration when setting up Azure WAF with Application Gateway v1. Here's a breakdown of the available types:

Keep in mind that monthly price estimates are based on 730 hours of usage per month. If you're using multiple instances, you'll be charged per instance.

Frequently Asked Questions

What is the difference between Azure WAF and Azure firewall?

Azure WAF protects inbound traffic to web workloads, while Azure Firewall inspects inbound and outbound traffic for other applications, offering broader security coverage. In essence, WAF focuses on web traffic, while Firewall provides more comprehensive protection.

What is the difference between WAF and gateway in Azure?

The main difference between Azure WAF and gateway is where the security filtering occurs, with WAF applying filters at edge locations and gateway applying filters at the VNET entry point. This distinction affects how and when security checks are performed, impacting overall security and performance.

Judith Lang

Senior Assigning Editor

Judith Lang is a seasoned Assigning Editor with a passion for curating engaging content for readers. With a keen eye for detail, she has successfully managed a wide range of article categories, from technology and software to education and career development. Judith's expertise lies in assigning and editing articles that cater to the needs of modern professionals, providing them with valuable insights and knowledge to stay ahead in their fields.

Love What You Read? Stay Updated!

Join our community for insights, tips, and more.