Ensure Azure Application Gateway Web application firewall (WAF) is enabled

Description

Ensure Azure Application Gateway Web application firewall (WAF) is enabled. Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities.

Portal Remediation Steps

Enable Application Gateway WAF configuration:

  • Navigate to your Application Gateway

  • Under Settings, select Web application firewall

  • Under the Configure tab:

    • Ensure Tier is set to WAF

    • Ensure Firewall status is set to Enabled

    • Select the appropriate Firewall mode to your requirements

  • Under the Rules tab:

    • Select the appropriate Rule set according to your requirements

  • Click Save

Azure CLI Remediation Steps

  • Update an existing Application Gateway to enable WAF configuration:

    • az network application-gateway update --resource-group <resource-group-name> --name <application-gateway-name> --sku <WAF_Large|WAF_Medium|WAF_v2>

    • az network application-gateway waf-config set --resource-group <resource-group-name> --gateway-name <application-gateway-name> --enabled true --firewall-mode <Detection|Prevention> --rule-set-version 3.0