Azure – Networking – Part 34 – Azure Front Door 3 – Configure Web Application Firewall (WAF) policy





Hello Friends,

Hope you all are doing good. In our last article we have continued with Azure Front Door and saw how priority based routing works in Azure Front Door. Today in this article we will continue with Azure Front Door and will see how to configure WAF policy for Azure Front Door.

Tool Installation Articles :

  1. Configure Azure Command Line Interface ( Azure CLI) On Windows
  2. Configure PowerShell For Microsoft Azure Az Module On Windows

Previous Azure Series :

  1. Learn Basics Of Azure Networking In 100 Hours
  2. Learn Basics Of Microsoft Azure Storage services
  3. Learn Basic Of Azure Active Directory And Azure Identity And Access Management
  4. Azure DevOps – Learn at one place
  5. Learn Basics Of Lift-And-Shift Migration To Azure

If you have missed our previous articles on Azure Networking, please check it in following links.

Part 1 – Basics of Azure Networking

  • *
  • *
  • *

Part 23 – Azure Load Balancer -Configure Basic Load Balancer – 1

Part 24 – Azure Load Balancer – Configure Basic Load Balancer – 2

Part 25 – Azure Load Balancer – Configure Basic Load Balancer -3

Part 26 – Azure Load Balancer – Outbound Connectivity

Part 27 – Azure Load Balancer – Outbound Rule – Lab Exercise

Part 28 – Azure Virtual Network NAT (Network Address Translation)

Part 29 – Azure Virtual Network NAT Gateway

Part 30 – Configure Azure Virtual Network NAT Gateway In Azure Portal

Part 31 – Azure Front Door

Part 32 – Azure Front Door 1 – Create And Configure Azure Front Door

Part 33 – Azure Front Door 2 – Priority Routing

Next Article : Part 35 – Azure Front Door 4 – Configure Custom Domain Name

Web Application Firewall (WAF)

A Web Application Firewall (WAF) protects web applications from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others. Attacks to apps are the leading cause of breaches—they are the gateway to our valuable data.

As we discussed Azure Front Door is a highly scalable, globally distributed application and content delivery network. Azure WAF, when integrated with Front Door, stops denial-of-service and targeted application attacks at the Azure network edge, close to attack sources before they enter your virtual network, offers protection without sacrificing performance.

Lab Exercise

In our previous article we have configured Azure Front Door. Today in this article we will see how to configure Web Application Firewall (WAF) for our newly configured Azure Front Door (ADF). Let’s start with the configuration.

Step 1 : Log in to Azure portal and try to find WAF as showing in the following figure and click on Web Application Firewall policies (WAF)

Figure 1 : Azure Networking – Azure Front Door Web Application Firewall

Step 2 : Create Front door WAF policy by clicking the highlighted button.

Figure 2 : Azure Networking – Azure Front Door Web Application Firewall

Step 3 : It will lunch Create WAF policy window, where we can provide required information as per our requirement. In the following figures, In the Basics tab of the Create a WAF policy page, we can see different options or Policy for field and we choose we are creating for Global WAF (Front door) and for Front Door SKU , I choose Front door (basic) among Front Door, Front Door standard and Front Door premium SKU.

Figure 3 : Azure Networking – Azure Front Door Web Application Firewall
Figure 4 : Azure Networking – Azure Front Door Web Application Firewall

Step 4 : After providing the information about Subscription, Resource group and Name, one more important property is Policy mode. Here we have two option one is Prevention and the other one is Detection. Both the options are self described. Here I have chooses Prevention , it means if the traffic does not fulfill the policy, it will block the traffic.

Figure 5 : Azure Networking – Azure Front Door Web Application Firewall

Step 5 : I have skipped Managed rules and Policy settings Tabs and now on Custom Rule because I don’t want to use out of box managed rules. On Add custom rule window, In Match type, if we select Geo location then we have to select country or region to support this property as showing in the above figure.

In the following figure we can see that, here I have choose the IP address as Match type and now I have to provide the the IP addresses or the Range of the IP address, from which I want to block accesses. In this exercise I am providing my IP address as showing in the following figure.

Figure 6 : Azure Networking – Azure Front Door Web Application Firewall

To get my IP address I have used the following site as showing in the following figure.

Figure 7 : Azure Networking – Azure Front Door Web Application Firewall

Step 6 : In the Association tab of the Create a WAF policy page, select + Add Frontend host, enter the following information, and then select Add as showing in the following figure.

First select the Frontend for which we are preparing the WAF and then select the Frontend Host. Here it is ManasAFD.azurefd.net .

Step 7 : Once we associate the AFD, the next step is to review and create the WAF policy as showing in the following figures.

Figure 8 : Azure Networking – Azure Front Door Web Application Firewall
Figure 9 : Azure Networking – Azure Front Door Web Application Firewall
Figure 10 : Azure Networking – Azure Front Door Web Application Firewall

Step 8 : Now we are done with our configuration of WAF policy for our Azure Front Door. Let’s now browse our home page from our laptop and the traffic will be examine by our WAF policy. As it is showing in the following figure, it is now blocking the traffic.

Figure 11 : Azure Networking – Azure Front Door Web Application Firewall

It is blocking the traffic rom our laptop because we have provided my laptop’s IP address when configured our WAF policy.

With the above information, I am concluding this article. I hope this is informative to you. Please let me know if I missed anything important or if my understanding is not up to the mark.

Next Article : Part 35 – Azure Front Door 4 – Configure Custom Domain Name

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles.

Thanks for reading 🙂

Manas Ranjan Moharana

Around 11+ years of total IT experience and since last 10 years working on almost on all version of SharePoint .Interested in learning and sharing something new to be helthy.

You may also like...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: