Azure Front Door and WAF
Hi i have created two Azure Web Apps using Azure App Service then i have configured. then i have configured Azure Front Door services, then i have created WAF rule to block access through my Public IP. that WAF rule does not process and i am still able to access that websites and WAF is enabled where should i start troubleshooting and Any guessed root causes..?
Azure waf policy terraform checkov scan is failing
Hello All / __| '_ \ / _ \/ __| |/ / _ \ \ / / | (__| | | | __/ (__| < (_) \ V / \___|_| |_|\___|\___|_|\_\___/ \_/ By bridgecrew.io | version: 2.4.39 Update available 2.4.39 -> 2.4.48 Run pip3 install -U checkov to update terraform scan results: Passed checks: 1, Failed checks: 1, Skipped checks: 0 Check: CKV_AZURE_122: "Ensure that Application Gateway uses WAF in "Detection" or "Prevention" modes" PASSED for resource: azurerm_web_application_firewall_policy.main File: \main.tf:1-65 Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-application-gateway-uses-waf-in-detection-or-prevention-modes.html Check: CKV_AZURE_135: "Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell" FAILED for resource: azurerm_web_application_firewall_policy.main File: \main.tf:1-65 Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-application-gateway-waf-prevents-message-lookup-in-log4j2.html Code lines for this resource are too many. Please use IDE of your choice to review the file. log4j scan is failing resource "azurerm_web_application_firewall_policy" "main" { name = var.name resource_group_name = var.resource_group_name location = var.location tags = var.tags policy_settings { enabled = var.waf_enabled file_upload_limit_in_mb = var.file_upload_limit_mb max_request_body_size_in_kb = var.max_request_body_size_kb mode = var.firewall_mode } dynamic "custom_rules" { for_each = var.custom_policies content { name = custom_rules.value.name priority = custom_rules.value.priority rule_type = custom_rules.value.rule_type action = custom_rules.value.action dynamic "match_conditions" { for_each = var.match_conditions content { dynamic "match_variables" { for_each = var.match_variables content { variable_name = match_variables.value.match_variable selector = match_variables.value.selector } } operator = match_conditions.value.operator negation_condition = match_conditions.value.negation_condition match_values = match_conditions.value.match_values } } } } managed_rules { managed_rule_set { type = var.rule_set_type version = var.rule_set_version dynamic "rule_group_override" { for_each = var.managed_policies_override content { rule_group_name = rule_group_override.value.rule_group_name disabled_rules = rule_group_override.value.disabled_rules } } } dynamic "exclusion" { for_each = var.managed_policies_exclusions content { match_variable = exclusion.value.match_variable selector = exclusion.value.selector selector_match_operator = exclusion.value.selector_match_operator } } } }
