Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: Azure Firewall Manager Brant_Boyd Hello Brant, that is an excellent question and I'd be happy to clarify this for you. Azure Firewall Manager itself is not a deployable resource and does not have a location that it references, it is purely a centralized security management service for your Azure Firewall Policies, Web Application Firewall Policies, DDoS Protection Plans, and Security Partner Providers. The resource that gets deployed to a specific region is the Azure Firewall Policy, but this is still considered to be a global resource. You can think of the Azure Firewall Policy as a construct, or image, that will be replicated and available throughout all of the Azure datacenters. To clarify your scenario, if the Azure Firewall Policy is deployed to West US, and you use this to manage Azure Firewalls in East US, Central US, etc., and there happens to be an outage at the West US datacenter, the Azure Firewall Policy will continue to service the Azure Firewall's globally with no impact. Re: Azure WAF - Resources for understanding policies chilberto Hello Jeffrey, here are some resources that provide excellent guidance on how to understand WAF actions and logs for both Azure Application Gateway and Azure Front Door. The OWASP signature IDs use a set of regex pattern matching. For a particular rule ID, you can look through the glossary and see what the parameter combination the regex is looking for. For example, SQLi rule 942120 looks for a combination of is+not in a string. This regex looks for it as you can see in line 538 here SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?i:(?:(?:^|\W)in[+\s]*\([\s\d\"]+[^()]*\)|\b(?:r(?:egexp|like)|isnull|xor)\b|<(?:>(?:\s+binary)?|=>?|<)|r(?:egexp|like)\s+binary|not\s+between\s+0\s+and|(?:like|is)\s+null|>[=>]|\|\||!=|&&))" \ By enabling Diagnostic settings on the Application Gateway and Front Door resources, we're able to send WAF specific logs to a log analytics workspace that allows you to consume and identify why certain requests have been blocked due to specific regex patterns identified. OWASP: owasp-modsecurity-crs/rules at v3.1/dev · SpiderLabs/owasp-modsecurity-crs (github.com) Application Gateway: CRS rule groups and rules - Azure Web Application Firewall | Microsoft Docs Monitoring metrics for Azure Application Gateway Web Application Firewall metrics | Microsoft Docs Troubleshoot - Azure Web Application Firewall | Microsoft Docs Front Door: Azure Web Application Firewall on Azure Front Door DRS rule groups and rules | Microsoft Docs Azure Web Application Firewall monitoring and logging | Microsoft Docs
Recent Blog ArticlesNewest TopicsMost LikesTagged:TagIPv6 Adoption: Enhancing Azure WAF on Front Door Learn how Azure WAF on Azure Front Door will allow for enterprise corporations to seamlessly integrate IPv6. Getting Started with Azure DDoS Protection REST API: A Step-by-Step Guide Learn how to create, update, and delete Azure DDoS Protection for your internet facing applications. We'll cover how to create an Azure DDoS Network Protection plan to safeguard entire virtual ...Getting Started with Azure WAF REST API for Azure Front Door: A Step-by-Step Guide Learn how to create, update, and delete Azure WAF Policies for Azure Front Door using REST API. We'll cover how to build and apply different configurations to customize an Azure WAF Policy to ...Azure WAF Public Preview: JavaScript Challenge Announcing Public Preview for JavaScript Challenge on Azure WAF for Application Gateway and Azure Front Door. Getting Started with Azure WAF REST API for Application Gateway: A Step-by-Step Guide Learn how to create, update, and delete Azure WAF Policies for Application Gateway using REST API. We'll cover how to build and apply different configurations to customize an Azure WAF Policy ...A Closer Look at Azure WAF’s Data Masking Capabilities for Azure Front Door Learn how to use Azure WAF's log scrubbing tool to mask sensitive data from your WAF logs. Mitigate against PII and sensitive data leakage from potential malicious actors. Enhancing Cybersecurity: Geomatch Custom Rules in Azure WAF If you are looking for a way to customize your Azure Web Application Firewall (WAF) rules to match your specific needs, you might want to check out geomatch custom rules. Geomatch custom rules...Azure Firewall's Auto Learn SNAT Routes: A Guide to Dynamic Routing and SNAT Configuration Do you want to learn how to use Azure Firewall's Auto-learn SNAT routes feature? This feature can help you optimize your network configuration in Azure by automatically learning the out-of-network ad...Understanding Azure DDoS Protection: A Closer Look Ever felt confused by the offerings of Azure DDoS Protection? This blog post breaks down this robust security feature in an easy-to-understand manner. We guide you through its intricacies, explain it...Azure WAF Post Deployment Check - Best Practices Post-deployment actions are always necessary to ensure security practices are in place and that environments adhere to strict security controls and standards. This blog covers best practic...
MicrosoftMicrosoftMicrosoftMicrosoft
