{"id":5933,"date":"2021-03-11T11:59:29","date_gmt":"2021-03-11T16:29:29","guid":{"rendered":"https:\/\/www.apps4rent.com\/blog\/?p=5933"},"modified":"2023-01-19T07:23:30","modified_gmt":"2023-01-19T11:53:30","slug":"configure-web-application-firewall-with-azure-application-gateway","status":"publish","type":"post","link":"https:\/\/www.apps4rent.com\/blog\/configure-web-application-firewall-with-azure-application-gateway\/","title":{"rendered":"How to Configure Web Application Firewall (WAF) with Azure Application Gateway?"},"content":{"rendered":"<p>Many widely used web development platforms, including PHP and ASP, as well as database engines used by applications at the back end have known security flaws that attackers use to exploit the application. Most attacks can be prevented at the code level. But this requires high maintenance, patching, and monitoring at multiple layers of the application. Deploying a web application firewall (WAF) in front of the server is a much simpler solution to block common attacks.<\/p>\n<p>Azure Web Application Firewall on Azure Application Gateway is a cloud-native service that provides centralized protection to web applications from common attacks and web vulnerabilities, including SQL injection and cross-site scripting. Let us explore how to configure Web Application Firewall (WAF) with Azure Application Gateway and understand its features and benefits.<\/p>\n<h2 style=\"font-size: 24px;\">Why Use Azure Web Application Firewall?<\/h2>\n<p>Azure Application Gateway is a web traffic load balancer that provides an IP address (front-end) to application users and routes requests to the appropriate back end in the backend pool that could include app services, virtual machines (VM), virtual machine scale sets, or even other IP addresses. Deploying Azure Web Application Firewall (WAF)with Azure Application Gateway improves protection for web applications against common vulnerabilities and simplifies management with an easy-to-configure central location. Here are the benefits of using WAF on the Application Gateway.<\/p>\n<ul>\n<li style=\"margin-bottom: 10px;\">A single Azure Web Application Firewall can protect up to 40 websites hosted on the Application Gateway.<\/li>\n<li style=\"margin-bottom: 10px;\">WAF Policy having custom rules can be associated with individual sites to protect applications without modifying the back-end code for any application.<\/li>\n<li style=\"margin-bottom: 10px;\">It protects from a wide range of attacks, including malicious bots, and can be monitored in real-time using Azure Monitor.<\/li>\n<li style=\"margin-bottom: 10px;\">It can be configured, deployed, and managed using the Azure Portal, REST APIs, PowerShell, and CLI, and is integrated with Azure Security Center that provides a central view of the security state of all Azure resources.<\/li>\n<\/ul>\n<h2 style=\"font-size: 24px;\">What Are the Features of the Azure Web Application Firewall?<\/h2>\n<p>Here are some of the features of the Azure Web Application Firewall.<\/p>\n<ul>\n<li style=\"margin-bottom: 10px;\">Protects against crawlers and scanners, SQL and command injection, cross-site scripting, HTTP protocol violations, and anomalies, and other common web attacks.<\/li>\n<li style=\"margin-bottom: 10px;\">Detects application misconfigurations.<\/li>\n<li style=\"margin-bottom: 10px;\">Supports configurable request size limits and custom rules, exclusion lists, and geo-filtration of traffic.<\/li>\n<li style=\"margin-bottom: 10px;\">Inspects JSON and XML in the request body.<\/li>\n<\/ul>\n<h2 style=\"font-size: 24px;\">How to Deploy Azure Web Application Firewall (WAF) with Azure Application Gateway?<\/h2>\n<p>Creating an application gateway with Azure Web Application Firewall involves assigning listeners to ports, creating rules, and adding resources to a backend pool. Here is the procedure for using Azure WAF in a simple setup with a public front-end IP, a listener to host a single site on the application gateway, two VMs in the backend pool, and a basic request routing rule.<\/p>\n<ul>\n<li style=\"margin-bottom: 10px;\">Create a resource for the Application Gateway in Azure Portal.<\/li>\n<li style=\"margin-bottom: 10px;\">Ensure that you select WAF V2 in the &#8220;Tier&#8221; dropdown on the Basics tab.<\/li>\n<li style=\"margin-bottom: 10px;\">Create two subnets, one for the application gateway instance, and another for the backend servers (virtual machines) in an Azure Virtual Network.<\/li>\n<li style=\"margin-bottom: 10px;\">Leave the default values for the other settings and then proceed to the Frontends tab.<\/li>\n<li style=\"margin-bottom: 10px;\">Provide a public IP address name for the application gateway and switch to the Backends tab.<\/li>\n<li style=\"margin-bottom: 10px;\">Create a backend pool with no targets as they will be created after creating the application gateway.<\/li>\n<li style=\"margin-bottom: 10px;\">Add a routing rule in the configuration tab to connect the frontend and backend pool.<\/li>\n<li style=\"margin-bottom: 10px;\">Complete the deployment by clicking on Create in the Review + create tab.<\/li>\n<li style=\"margin-bottom: 10px;\">Create two virtual machines in the same Resource Group that will be used for deploying the WAF. Install IIS on them to verify that Azure has successfully created the application gateway.<\/li>\n<li style=\"margin-bottom: 10px;\">Switch to the Backend pool and add the two newly created virtual machines in the Targets dropdown.<\/li>\n<li style=\"margin-bottom: 10px;\">Create your WAF Policy as a separate object and associate it with the Application Gateway from the Associated Application Gateways tab.<\/li>\n<li style=\"margin-bottom: 10px;\">To test whether Azure successfully created the application gateway, copy the public IP address, and paste it on a browser. A valid response should be returned to confirm that the application gateway connects with the backend.<\/li>\n<\/ul>\n<h3 style=\"font-size: 23x;\">Apps4Rent Can Help in Hosting and Securing Web Applications on Azure<\/h3>\n<p>While using Web Application Firewall (WAF) with Azure Application Gateway is one of the simplest and most robust solutions to protect web applications from malicious attacks, there are other services such as Azure Firewall, Azure ExpressRoute, and Azure Network Security Group that have overlapping capabilities. The choice of Azure service to be used depends on the workload to be protected.<\/p>\n<p><strong>As a Tier 1 Microsoft CSP<\/strong>, Apps4Rent provides <span style=\"color: #007fac;\"><a style=\"color: #007fac;\" href=\"https:\/\/www.apps4rent.com\/managed-azure.html\">managed Azure services<\/a><\/span> for modernizing applications. Contact our Microsoft certified experts, available 24\/7 via phone, chat, and email for consultations.<\/p>\n<style>{#ddexitpopwrapper.open .ddexitpop {display: block;}#ddexitpopwrapper.open .ddexitpop{max-width:1000px;width:1000px;}}@media only screen and (min-width:99px) and (max-width:767px){#ddexitpopwrapper.open .ddexitpop {display: none;}}<\/style>\r\n<link rel=\"stylesheet\" type=\"text\/css\" href=\"https:\/\/www.apps4rent.com\/blog\/wp-content\/themes\/apps4rentoffice\/popup\/exitpopup\/ddexitpop.css\"\/><script src=\"https:\/\/www.apps4rent.com\/blog\/wp-content\/themes\/apps4rentoffice\/popup\/exitpopup\/ddexitpop.js\"><\/script>\r\n<div id=\"ddexitpop1\" class=\"ddexitpop\" style=\"z-index:1000;box-shadow: #00000085 -20px -5px 1200px 1000px;max-width:1000px;width:1000px;left:50%;top: 5px;margin-left: -500px;\">\r\n<div style=\"background: #fff;color: white;height:615px;\">\r\n<div class=\"col-md-6 popup1\" style=\"color:white;height:auto;padding-left: 0px;padding-right: 0px;background:none;\"><img decoding=\"async\" src=\"https:\/\/www.apps4rent.com\/blog\/wp-content\/uploads\/2020\/11\/apps4rent-manage-azure-services.png\" alt=\"Manage Azure\" style=\"height: inherit;\"\/><\/div>\r\n<div class=\"col-md-6\" style=\"background: white;\">\r\n<div style=\"margin-right: -15px;\"><span style=\"cursor: pointer;position: relative; top: 0px;left: 0px;float: right;font-family: Arial;font-size: 17px;background-color: #d1d1d1;color: #4c4c4c; padding-left: 10px;padding-right: 10px;text-decoration: none;right: -40px;\" onclick=\"myFunction()\">X<\/span><\/div>\r\n<p style=\"padding-top: 7px;color: #30508c;margin-bottom: 10px;margin-top: 30px;text-align: center;line-height: 35px;font-size:30px;font-weight: 500; font-family:roboto !important;\">Looking for help with Azure?<br \/>\r\nOur Azure experts can help you.<\/p>\r\n<p>\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f7298-o1\" lang=\"en-US\" dir=\"ltr\" data-wpcf7-id=\"7298\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/blog\/wp-json\/wp\/v2\/posts\/5933#wpcf7-f7298-o1\" method=\"post\" class=\"wpcf7-form init\" aria-label=\"Contact form\" novalidate=\"novalidate\" data-status=\"init\">\n<fieldset class=\"hidden-fields-container\"><input type=\"hidden\" name=\"_wpcf7\" value=\"7298\" \/><input type=\"hidden\" name=\"_wpcf7_version\" value=\"6.1.5\" \/><input type=\"hidden\" name=\"_wpcf7_locale\" value=\"en_US\" \/><input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f7298-o1\" \/><input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/><input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/><input type=\"hidden\" name=\"_wpcf7cf_hidden_group_fields\" value=\"[]\" \/><input type=\"hidden\" name=\"_wpcf7cf_hidden_groups\" value=\"[]\" \/><input type=\"hidden\" name=\"_wpcf7cf_visible_groups\" value=\"[]\" \/><input type=\"hidden\" name=\"_wpcf7cf_repeaters\" value=\"[]\" \/><input type=\"hidden\" name=\"_wpcf7cf_steps\" value=\"{}\" \/><input type=\"hidden\" name=\"_wpcf7cf_options\" value=\"{&quot;form_id&quot;:7298,&quot;conditions&quot;:[{&quot;then_field&quot;:&quot;apoint&quot;,&quot;and_rules&quot;:[{&quot;if_field&quot;:&quot;meeting&quot;,&quot;operator&quot;:&quot;equals&quot;,&quot;if_value&quot;:&quot;Yes&quot;}]}],&quot;settings&quot;:{&quot;animation&quot;:&quot;yes&quot;,&quot;animation_intime&quot;:200,&quot;animation_outtime&quot;:200,&quot;conditions_ui&quot;:&quot;normal&quot;,&quot;notice_dismissed&quot;:false,&quot;notice_dismissed_rollback-cf7-5.9.5&quot;:true}}\" \/>\n<\/fieldset>\n<style>.wpcf7 form .wpcf7-response-output{margin: 0.5em 0.5em 0.5em;}.first{width:60px;color: #2A363F;text-align: left;}.wpcf7-list-item-label{color: #2A363F;text-align: left;font-size: 20px 'Roboto';font-weight:400;font-style: normal;}.inputf{font: 16px 'Roboto !important';font-weight: normal;font-style: normal;line-height: 25px;color: #2A363F;padding: 5px 10px;font-size: 16px;border: #9d9fa0 1px solid !important;margin-bottom:20px !important;box-sizing: border-box;border-radius: 3px !important;width: 100%;}\n.cf7-style div.wpcf7-response-output{width:fit-content;margin: 0px;padding: 5px !important;}.button4 {padding: 15px 20px;font-size: 18px !important;background: #375181;font-family: sans-serif;color: #fff;border: #9dbfff 2px solid;box-shadow: none;font-weight: bold;margin-bottom:0px !important;width: 100% !important;}.wpcf7 form.invalid .wpcf7-response-output, .wpcf7 form.unaccepted .wpcf7-response-output, .wpcf7 form.payment-required .wpcf7-response-output{width: max-content;margin: 0px;}\n<\/style>\n<style>@media only screen and (min-width:99px) and (max-width:767px){#content{margin-left:0px auto;}.sec {width:100% !important;float: none !important;}.html input[type=\"button\"], input[type=\"reset\"], input[type=\"submit\"]{font-size:16px !important;}}\n<\/style>\n<div style=\"padding-left: 15px;padding-right: 15px;padding-top: 15px;padding-bottom: 0px;\">\n\t<div style=\"float: left;width: 100%;margin-right: 15px;\" class=\"sec\">\n\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"Name\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required inputf\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Name*\" value=\"\" type=\"text\" name=\"Name\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n\t<div style=\"float: left;width: 100%;margin-right: 15px;\" class=\"sec\">\n\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"contact\"><input size=\"40\" maxlength=\"10\" minlength=\"6\" class=\"wpcf7-form-control wpcf7-tel wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-tel inputf\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Contact Number*\" value=\"\" type=\"tel\" name=\"contact\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n\t<div style=\"float: left;width: 100%;\" class=\"sec\">\n\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"email\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email inputf\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Email ID*\" value=\"\" type=\"email\" name=\"email\" \/><\/span>\n\t\t<\/p>\n\t\t<p style=\"font-size: 20px 'Roboto';font-weight:400;font-style: normal;color: #2A363F;text-align: left;margin-bottom: 10px;\">Schedule a meeting?<br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"meeting\"><span class=\"wpcf7-form-control wpcf7-checkbox wpcf7-validates-as-required wpcf7-exclusive-checkbox meeting\"><span class=\"wpcf7-list-item first\"><label><input type=\"checkbox\" name=\"meeting\" value=\"Yes\" \/><span class=\"wpcf7-list-item-label\">Yes<\/span><\/label><\/span><span class=\"wpcf7-list-item last\"><label><input type=\"checkbox\" name=\"meeting\" value=\"No\" \/><span class=\"wpcf7-list-item-label\">No<\/span><\/label><\/span><\/span><\/span>\n\t\t<\/p>\n\t\t<div data-id=\"apoint\" data-orig_data_id=\"apoint\"  class=\"\" data-class=\"wpcf7cf_group\">\n\t\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"time\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text inputf\" aria-invalid=\"false\" placeholder=\"Preferred Callback Time* (E.g. Monday, 4 PM EST, NJ, USA)\" value=\"\" type=\"text\" name=\"time\" \/><\/span>\n\t\t\t<\/p>\n\t\t<\/div>\n\t<\/div>\n\t<div style=\"float: left;width: 100%;\" class=\"sec\">\n\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"msg\"><textarea cols=\"40\" rows=\"5\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea inputf\" aria-invalid=\"false\" placeholder=\"Message\" name=\"msg\"><\/textarea><\/span>\n\t\t<\/p>\n\t<\/div>\n\t<div>\n\t\t<p><input class=\"wpcf7-form-control wpcf7-submit has-spinner button4\" type=\"submit\" value=\"SUBMIT REQUEST\" \/>\n\t\t<\/p>\n\t<\/div>\n<\/div><p style=\"display: none !important;\" class=\"akismet-fields-container\" data-prefix=\"_wpcf7_ak_\"><label>&#916;<textarea name=\"_wpcf7_ak_hp_textarea\" cols=\"45\" rows=\"8\" maxlength=\"100\"><\/textarea><\/label><input type=\"hidden\" id=\"ak_js_1\" name=\"_wpcf7_ak_js\" value=\"112\"\/><script>document.getElementById( \"ak_js_1\" ).setAttribute( \"value\", ( new Date() ).getTime() );<\/script><\/p><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<\/form>\n<\/div>\n<\/p>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<p><script>jQuery(function(){ddexitpop.init({contentsource: ['id', 'ddexitpop1'],fxclass: 'random',hideaftershow: true,displayfreq: 'always',onddexitpop: function($popup){console.log('Exit Pop Animation Class Name: ' + ddexitpop.settings.fxclass)}})})<\/script><script>function myFunction(){document.getElementById(\"ddexitpop1\").style.display = \"none\";}<\/script><\/p>\r\n\n","protected":false},"excerpt":{"rendered":"<p>Many widely used web development platforms, including PHP and ASP, as well as database engines used by applications at the back end have known security flaws that attackers use to exploit the application. Most attacks can be prevented at the code level. But this requires high maintenance, patching, and monitoring at multiple layers of the [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[545],"tags":[],"class_list":["post-5933","post","type-post","status-publish","format-standard","hentry","category-azure"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.apps4rent.com\/blog\/wp-json\/wp\/v2\/posts\/5933","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.apps4rent.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.apps4rent.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.apps4rent.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.apps4rent.com\/blog\/wp-json\/wp\/v2\/comments?post=5933"}],"version-history":[{"count":4,"href":"https:\/\/www.apps4rent.com\/blog\/wp-json\/wp\/v2\/posts\/5933\/revisions"}],"predecessor-version":[{"id":7340,"href":"https:\/\/www.apps4rent.com\/blog\/wp-json\/wp\/v2\/posts\/5933\/revisions\/7340"}],"wp:attachment":[{"href":"https:\/\/www.apps4rent.com\/blog\/wp-json\/wp\/v2\/media?parent=5933"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.apps4rent.com\/blog\/wp-json\/wp\/v2\/categories?post=5933"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.apps4rent.com\/blog\/wp-json\/wp\/v2\/tags?post=5933"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}