WAF

Implementing Web Application Firewall (WAF) on Azure Application Gateway:

Implementing a Web Application Firewall (WAF) on Azure Application Gateway is a strategic approach to securing our web applications hosted on Microsoft Azure. This integration combines the benefits of Application Gateway's load balancing capabilities with WAF's threat protection features. By implementing a WAF on our Application Gateway, we gain the following benefits:

Enhanced Security: WAF acts as a protective shield, safeguarding our web applications from a wide range of online threats, such as SQL injection, cross-site scripting (XSS), and more.
Protection Against OWASP Top 10: WAF helps mitigate the most critical security risks listed in the OWASP Top 10, reducing vulnerabilities and enhancing your application's resilience.
IP Whitelisting: We can establish IP whitelists, allowing only trusted sources to access our applications, further reducing the attack surface.
Traffic Management: Application Gateway provides load balancing, ensuring high availability and improved performance by distributing traffic across multiple backend servers.
Scalability and Reliability: The combination of Application Gateway and WAF allows for automatic scaling to accommodate increased traffic loads and enhances the reliability of our web applications.

In this section, we will explore the steps that ios use to set up and configure a WAF on our Azure Application Gateway using terraform, providing an added layer of security and reliability.

Provisioning using Terraform

This repo shared-infra contain the code to provision application gateway.

Terraform file contains:

WAF resource: Provisioning of WAF is in prevention mode that contains custom rules for allow ip and deny ip and OWASP managed rules also been added to WAF.
Variables: Allowed IP addresses are added on respective environment tfvars folder tfvars/*