1. In this part of the demo, we are going to create a Web Application Firewall on top of our Azure Front Door that we have created for two of our web applications. This is in continuation to part one of this demo. You can find part one by going to this link:
  • In this demo, we are going to learn about the web application firewall with Azure Front Door.
  • Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities.
  • Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks.
  • You can read more about the WAF on the official Microsoft Docs.
  • For now, let’s head into the demo.

Right now our application is running behind this front door. We can put a Web Application Firewall in front of the Front Door.

Click Create a resource and search for Web Application Firewall. Click Create.

We are creating the policy for Front Door. Choose the resource group. Then give the name policy a name and go to the policy settings.

In this setting, you can select what happens when a request is blocked. We are going to choose prevention. Prevention blocks the attack while detection just logs them.

Next is a list of rules that the WAF protects us against. The list is quite comprehensive. If you scroll down, you will find that there are rules for Cross Site Scripting, SQL injection, Bot protection and many more. You can scroll down and check by yourself.

Next, you can configure custom rules. It can things like IP filters, filters on geo location, also on the type and size of the request. Click Next.

Here we are going to add our frontend host. Select the front door and choose the host. Finally, click review + create.

  • Wait for the firewall to get created.

Now when you try to run the URL, your request will get blocked.

The page title will also change. This request isn’t even reaching the application. It has been blocked at the edge of Azure by Web Application Firewall before it can do any harm.

  • This is how you can protect your web application using WAF and Front Door.
  • Go to Azure and try for yourself.