Azure WAF
19 TopicsNew Blog Post | Navigating Azure WAF Exclusions
BySaleem Bseeu Introduction Exclusions in Azure WAF (Web Application Firewall) are a critical feature that allows administrators to fine-tune security rules by specifying elements that should not be evaluated by WAF rules. This capability is essential for reducing false positives and ensuring that legitimate traffic flows unimpeded. Exclusions are designed to fine-tune the WAF’s sensitivity, allowing legitimate traffic to pass through while maintaining robust security measures. They are particularly useful in scenarios where certain request attributes, such as specific cookie values or query strings, are known to be safe but might trigger WAF rules due to their content or structure. Azure WAF Exclusions: A Closer Look Azure WAF exclusions can be applied to a rule, set of rules, rule group, or globally for the entire ruleset. This flexibility is crucial for meeting application-specific requirements and reducing false positives.For instance, exclusions introduced with CRS 3.2 on regional WAF with Application Gateway now allow attribute exclusions definitions by name or value of header, cookies, and arguments. Attributes for WAF exclusions Attributes that can be excluded include: Request headers Request cookies Query strings Post args JSON entity (only for AFD WAF) Operators for exclusions include: Equals: For exact matches. Starts with: Matches fields starting with a specific selector value. Ends with: Matches fields ending with a specified selector value. Contains: Matches fields containing a specific selector value. Equals any: Matches all request fields (useful when exact values are unknown). Note:The “Equals Any” condition automatically converts any value you enter in the selector field to an asterisk (*) by the backend when creating an exclusion. This feature is especially valuable when handling unknown or random values. Exclusions can be applied on: Rule Rule set Rule group Global Read the full post here:Navigating Azure WAF Exclusions627Views0likes0CommentsNew Blog | Best Practices for Upgrading Azure WAF Ruleset
In today’s digital landscape, web applications are the lifeblood of businesses. They enable seamless communication, transactions, and interactions with customers. However, this increased reliance on web apps also makes them prime targets for cyberattacks. To safeguard your applications and protect sensitive data, implementing a robust Web Application Firewall (WAF) is essential. Read the full blog here:Best Practices for Upgrading Azure WAF Ruleset - Microsoft Community Hub422Views1like0CommentsAdjust permitted content types in Front Door Premium WAF
Hi, I am tuning a Front Door Premium WAF policy for a web app which has just been deployed. I am seeing multiple hits on rule PROTOCOL-ENFORCEMENT-920420 due to a context type of text/html being received. Matching traffic I have reviewed so far is all legitimate and should not be blocked. How can I adjust the permitted content types? cheers, Michael474Views0likes0CommentsNew Blog | Enhancing Cybersecurity: Geomatch Custom Rules in Azure WAF
This blog post will introduce you to the geomatch custom rules feature of Azure Web Application Firewall and show you how to create and manage them using the Azure portal, Bicep and PowerShell. Read the full blog post here:Enhancing Cybersecurity: Geomatch Custom Rules in Azure WAF - Microsoft Community Hub510Views1like1CommentSEP 26, 2023 | Ask-Me-Anything | Azure Firewall, Azure WAF and Azure DDoS
UPDATED, post-AMA: Here is the AMA recording in case you missed the live session. ************************************************************* Please join us in this Ask Me Anything session with the Azure Network Security CxE PM team. During this session, the Azure Network Security SME (Subject Matter Experts), will answer your questions on Azure Firewall, Azure Firewall Manager, Azure Web Application Firewall and Azure DDoS. This will be a great forum for our Public Community members to learn, interact and have their feedback listened to by the Azure Network Security team. Feel free to post your questions about Azure Network Security solution areas anytime in the comments before the event starts.The team will be answering questions during the live session, with priority given to the pre-submitted questions from the comments below. If you are new to Microsoft Tech-Community, please follow the sign-in instructions. To register for the upcoming live AMA Sep 26, 2023, visit aka.ms/SecurityCommunity. Mohit_KumarandrewmathuSaleemBseeu davidfrazeeShabazShaiktobiotoloringusmodena7.6KViews0likes21CommentsNew Blog Post | Threat Detection Queries for Azure WAF
Web applications face frequent malicious attacks that exploit well-known vulnerabilities, such as Code Injection and Path Traversal Attacks. These attacks are hard to prevent in the application code, as they require constant maintenance, patching, and monitoring at multiple levels of the application architecture. A WAF solution can provide faster and centralized security by patching a known vulnerability for all web applications, rather than securing each one individually. Azure Web Application Firewall (WAF) is a cloud-native service that protects web apps from common web-hacking techniques. It can be deployed quickly to gain full visibility into the web application traffic and block malicious web attacks. Read the full blog: Threat Detection Queries for Azure WAF - Microsoft Community Hub889Views0likes0CommentsNew blog post | Azure Web Application Firewall- Bot Manager Scenarios
The continuous integration of bots to simulate human engagement, especially for unethical activities in web applications lead to both security incidents and diversion of engagement with web resources. The advent of new AI projects and LLMs (Large Language Models) have also opened more avenues for vulnerabilities including prompt injections, data leakage, training data poisoning, unauthorized code execution etc. Azure Web Application Firewall- Bot Manager Scenarios - Microsoft Community Hub733Views0likes0CommentsNew Blog Post | Enhancements to Azure WAF for Application Gateway now in General Availability
Enhancements to Azure WAF for Application Gateway now in General Availability - Microsoft Community Hub Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection for your web applications against common vulnerabilities and exploits. Web applications are increasingly targeted by malicious attacks thatvulnerabilities. SQL Injection (SQLi) and Cross-Site Scripting (XSS) are examples of some well-known attacks. Preventing such attacks in application code can be challenging and may require rigorous maintenance, patching, and monitoring at many layers of the application topology. A centralized web application firewall helps make security management much simpler and gives better assurance to application developers and security teams against threats or intrusions. The Azure Web Application Firewall (WAF) engine is the component that inspects traffic and determines whether a web-request represents a potential attack, then takes appropriate action depending on the configuration. Previously, when you used the Azure WAF with Application Gateway, there were certain limitations in the way you could configure and monitor your WAF deployments. We are happy to announce several enhancements to the configurations and monitoring capabilities of Azure WAF when used with Azure Application Gateway going forward.48KViews0likes0CommentsI don't understand the two WAF Mode
I have read the documentation on the two types of Waf (Detection and Prevention). Detection mode: Monitor and log all threat alerts. Enable logging diagnostics for Application Gateway in the Diagnostics section. You must also ensure that WAF logging is selected and enabled. The Web Application Firewall does not block incoming requests when operating in Detect mode. Prevention mode: Blocks intrusions and attacks that are detected by the rules. The attacker receives a "403 unauthorized access" exception and the connection is closed. Prevention mode logs these attacks in the WAF logs. But then in Owasp Rules we have the ability to assign WAF actions that Allow, Block, Log, Anomaly Score. I don't understand, because if I create a WAF police in prevention mode, I think it is not necessary to change the WAF actions, right? How do you see when an anomaly score is detected and where do you see this internal score, is this seen in the logs? This for me is very confusing, and I need help. Thanks!1.1KViews0likes1Comment