🔥 The FREE Azure Developer Guide eBook is now available!.
💡 Learn more : Azure Front Door WAF overview.
📺 Watch the video : How to use WAF to protect your web applications with Azure Front Door.
When you run an application on the web, it is going to be attacked. Your website will be attacked with SQL Injection attacks, Cross-site scripting attacks and every other attack in the OWASP top 10 and beyond. You need to protect your application from these attacks and you can do that with Azure Web Application Firewall and Azure Front Door.
In Azure Tip 192, you have learned how to make your website more available and performant with Azure Front Door. In this post, we'll add a Web Application Firewall to protect Azure Front Door and the websites that it serves.
If you want to follow along, you'll need the following:
Before we create the Web Application Firewall (WAF), I want to show you what an attack could look like. Suppose that my website takes a querystring parameter and does something meaningful with it, like store it in the database. I could create an URL like this to inject a malicious script:
https://frontdoortipsandtricks.azurefd.net/?<script>alert('do something evil')</script>
When I try this on the website that Front Door is serving, without the WAF, the request will go through to the server, which serves the webpage, like normal. Although now, the malicious script is stored in my database.
(Attack not blocked)
Web Application Firewall (WAF) can protect your web application against attacks. Let's create one for our Azure Front Door to protect our web application.
Go to the Azure portal
Click the Create a resource button (the plus-sign in the top left corner)
Search for Web Application Firewall and click on the result to start creating a Web Application Firewall.
(Create a WAF policy Basics)
(Create a WAF policy Managed Rules)
(Create a WAF policy Association)
That's it! The web application is now protected by the Web Application Firewall. Try the URL with the malicious script again. The request will be blocked like in the image below.
(Attack blocked by WAF)
If you look closely, you see that the title of the web page has changed into Microsoft. The attack doesn't reach your web application. It is blocked at the edge of the Azure cloud, before it can do any harm.
Protecting your web application with Azure Web Application Firewall in front of Azure Front Door is really powerful. Out-of-the-box, you are protected against hundreds of different common attacks. You can also enable rules to protect your application against bots. And you can also create your own, custom, protection rules ranging from IP filters to rate limits. Go check it out!
On a side note - If you like Azure Tips and Tricks, then you might enjoy another project that I'm working on for live streaming. Check out my channel below and hit the follow button to know when I'm live.Watch live video from mbcrump on www.twitch.tv