11.4. Application Gateway WAF
The Application Gateway Web Application Firewall (WAF) is a service that provides centralized, inbound protection for your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks. The Azure Application Gateway WAF is designed to protect web applications from these vulnerabilities through a set of security rules that are automatically updated to ensure that you always have the latest protection against threats.
Understanding Web Application Firewalls
Before delving into Azure’s Application Gateway WAF, it’s crucial to understand what a Web Application Firewall (WAF) is and its role in maintaining the security posture of web applications. A WAF is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. Unlike traditional firewalls that safeguard traffic between servers, a WAF is a layer 7 defense, meaning it inspects the content of the traffic to prevent attacks spawned by malicious HTTP requests.
Azure Application Gateway WAF
Azure’s Application Gateway WAF is based on the OWASP (Open Web Application Security Project) core rule sets. OWASP is an open-source project with the goal of improving the security of software. By deploying the WAF configured with OWASP core rule sets, you protect your applications against a variety of attacks, including:
● SQL injection: These attacks exploit vulnerabilities in a web application’s database layer by injecting malicious SQL commands into a database query.
● Cross-site scripting (XSS): This attack occurs when an attacker uses a web application to send malicious scripts to different end users.
● Session hijacking: In this attack, the attacker exploits the web session control mechanism to steal legitimate users’ session cookies.
● Security misconfigurations: This happens when security settings are defined, implemented, and maintained as defaults or are incomplete or misconfigured.
● Insecure direct object references: A type of attack that occurs when an application provides direct access to objects based on user-supplied input.
● Cross-site request forgery (CSRF): An attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.
Features of Application Gateway WAF
Azure Application Gateway WAF offers several features that enhance the security of your applications:
● Customizable Rules: You can tailor the rules to fit the specific profile of your application to reduce false positives and adapt the rules to your application’s traffic patterns.
● Protection at Scale: The service can handle high traffic loads, applying WAF rules to multiple HTTP applications behind a single gateway.
● Real-time Threat Intelligence: It incorporates real-time threat intelligence to update its rule set to respond to the latest security vulnerabilities and exploits.
● Integrated Logging: Azure’s WAF logs can be integrated into Azure Monitor, allowing for detailed analysis and reporting.
● Rule Stacking: Allows the application of multiple rules to a request to ensure that it is inspected and validated at various levels before it reaches the web application.
● Geo-filtering: This feature restricts or allows traffic from specific geographic regions, which can be critical in enforcing regional compliance or reducing the attack surface area.