WAF custom rule for bock others cookie and permit only a specific cookie name and value
Hello all, I need to create a custom WAF rule that only allows traffic for a specific request URI (/example-path) if it contains a particular cookie, Cookie=abc123, and blocks all other requests. Additionally, could someone clarify the difference between configuring the policy this way: RequestHeaders['Cookie'], Operator=DoesNotEqual, Values="Cookie=abc123" RequestCookie, Values="CookieName", Operator=Equal, valueOfTheCookie="abc123" I hope I explained myself clearly. Thanks in advance for your responses!
New Blog Post | Enhancements to Azure WAF for Application Gateway now in General Availability
Enhancements to Azure WAF for Application Gateway now in General Availability - Microsoft Community Hub Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection for your web applications against common vulnerabilities and exploits. Web applications are increasingly targeted by malicious attacks that vulnerabilities. SQL Injection (SQLi) and Cross-Site Scripting (XSS) are examples of some well-known attacks. Preventing such attacks in application code can be challenging and may require rigorous maintenance, patching, and monitoring at many layers of the application topology. A centralized web application firewall helps make security management much simpler and gives better assurance to application developers and security teams against threats or intrusions. The Azure Web Application Firewall (WAF) engine is the component that inspects traffic and determines whether a web-request represents a potential attack, then takes appropriate action depending on the configuration. Previously, when you used the Azure WAF with Application Gateway, there were certain limitations in the way you could configure and monitor your WAF deployments. We are happy to announce several enhancements to the configurations and monitoring capabilities of Azure WAF when used with Azure Application Gateway going forward. Original Post: New Blog Post | Enhancements to Azure WAF for Application Gateway now in General Availability - Microsoft Community HubNew Blog Post | Azure WAF Protection for Third Party Cloud Applications (AWS)
Azure WAF Protection for Third Party Cloud Applications (AWS) - Microsoft Tech Community There are differing reasons for cross cloud connectivity such as cost implications, ease of management, vendor lock in, regional availability etc. Azure Network Security tools may be applicable for resources domiciled in a non-Azure cloud environment. Azure Application Gateway and WAF may be used to publish and secure non azure applications (on-prem or other third-party clouds). You can also do a redirection (HTTP to HTTPS) to ensure all communications between the application and its users occur over a secured path. In this blog, we'll show you how to do this with an app in AWS.New Blog Post | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 – Microsoft Security Response Center Microsoft continues our analysis of the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec 2021. As we and the industry at large continue to gain a deeper understanding of the impact of this threat, we will publish technical information to help customers detect, investigate, and mitigate attacks, as well as guidance for using Microsoft security solutions to increase resilience against related attacks. We will update this blog with information and protection details as they become available. In addition to monitoring the threat landscape for attacks and developing customer protections, our security teams have been analyzing our products and services to understand where Apache Log4j may be used and are taking expedited steps to mitigate any instances. If we identify any customer impact, we will notify the affected party. Our investigation to date has identified mitigation steps customers could take in their environments as well as on our services.
New Blog Post | Detecting who is changing Alert Suppression rules in Azure Defender
Detecting who is changing Alert Suppression rules in Azure Defender - Microsoft Tech Community There are some scenarios in which the alert that you are receiving in Azure Defender could be a false positive for your environment. If you want to avoid receiving that specific alert, you can create an alert suppression rule. Although the alert suppression is a feature that can be used to optimize your experience, it can also be used with malicious intent in case a user wants to evade detection. To create or delete alert suppression rules, you need to be Security admin or Subscription Owner. If you just need to view the rules, you need to be Security reader or Reader.Az Application Gateway WAF Policy - Custom Rule exclusions can't be created for specific WAF Rules?
Hi, Have been playing with the AAG Web Application Firewall for some time now and found what I believe to be some rather major flaws in functionality. Mainly, the lack of ability to exclude a specific URI from certain WAF rule checks , instead it very much seems like when you add an exception via an Application Gateway WAF Policy, that it exlcudes the URI from the WAF entirely. Anyone have any info, clues, tips or ways I have not found to exclude a certain URI from specific rule checks?
