Shulou(Shulou.com)06/03 Report--

Web Application Firewall (Web Application Firewall, usually referred to as WAF) is a product that specifically protects Web applications by implementing a series of security policies for HTTP/HTTPS.

What is the function of WAF in Azure Application Gateway?

SQL injection protection.

Cross-site scripting protection.

Other common Web * * protection, such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion.

Prevent HTTP protocol violations.

Prevent HTTP protocol abnormal behavior (such as lack of host user agent and accept headers).

Prevent crawlers and scanners.

Detect common application misconfigurations (such as Apache and IIS).

A configurable request size limit with a lower and upper limit.

The exclusion list allows you to ignore certain request attributes in the WAF evaluation. Common examples are tokens inserted by Active Directory, which are used for authentication or password fields.

Create custom rules based on the specific needs of the application.

How to configure the use of the WAF feature in Azure Application Gateway?

Using the web firewall in Application Gateway, WAF is automatically updated to include protection against new vulnerabilities without additional configuration.

What are the rules of Azure Application Gateway?

WAF on the application gateway is based on the core rule set (CRS) 3.1,3.0, or 2.2.9 in the Open Web Application Security Project (OWASP), and custom policies can also be created.

What are the advantages of WAF in Azure Application Gateway? Protection

You do not need to modify the back-end code to protect Web applications from Web vulnerabilities and threats.

Protect multiple Web applications simultaneously. An instance of an application gateway can host up to 40 Web sites protected by a Web application firewall.

Create custom WAF policies for different sites behind the same WAF

Monitor

Use real-time WAF logs to monitor the exposure of Web applications. This log is integrated with Azure Monitor so that you can track WAF alerts and easily monitor trends.

The application gateway WAF has been integrated with the Azure Security Center. The Security Center can centrally view the security status of all Azure resources.

Custom Rul

Customize WAF rules and rule groups according to the requirements of the application and eliminate false positives.

Associate WAF policies for each site after the WAF to allow site-specific configuration

Create custom rules according to the requirements of the application

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.