Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

Web Application Firewall

Introduction

  • Azure has a web application firewall integrated with two services: Azure Front Door and Azure Application Gateway.
  • A WAF is a security feature that protects web applications from common web vulnerabilities.

Rule Sets

  • OWASP Core Rule Set (CRS):
    • Can only be applied to Application Gateway WAF and not Front Door WAF
  • Microsoft Rule Set:
    • Can be applied to both Application Gateway WAF and Front Door WAF
    • Contains rules authored by the Microsoft Threat Intelligence Team, in addition to the OWASP CRS rules
    • Can only be applied to the Azure Front Door Premium SKU
  • Microsoft Bot Manager Rule Set:
    • Can be applied to both Application Gateway WAF and Front Door Premium (not Standard) WAF
    • Contains rules to protect against bot traffic, authored by the Microsoft Threat Intelligence Team