Azure Security Series (3) -Application Gateway in the Web Application Firewall

Web application firewall (Web Application Firewall, usually referred WAF) is provided by performing a series for HTTP / HTTPS security policy specifically for Web application protection of a product.

Azure Application Gateway has WAF functionality, content on Application Gateway, see the " Azure web design specifically for the Application Gateway- Layer 7 load balancing (Application Gateway) "

What does Azure Application Gateway in the WAF?

SQL injection protection.
Cross-site scripting protection.
Other common Web attack protection, such as command injection, HTTP request smuggling, HTTP response splitting and remote file inclusion.
Prevent HTTP protocol violations.
HTTP protocol to prevent abnormal behavior (e.g., acceptance and lack of host user agent header).
Prevention crawler and scanner.
Common Application Error detection configuration (such as Apache and IIS, etc.).
Having lower and upper limits may be configured to limit the size of a request.
Exclusion List allows you to ignore some of the requests properties WAF assessment. A common example is Active Directory inserted tokens, these tokens for authentication or password field.
Create custom rules based on the specific needs of the application.

How to configure WAF functionality of Azure Application Gateway?

Use Application Gateway in the web firewall, WAF is automatically updated to include protection against new vulnerabilities, without the need for additional configuration.

Azure Application Gateway What are the rules?

WAF on the application gateway (OWASP) based on Open Web Application Security Project Core Rule Set (CRS) 3.1,3.0 or 2.2.9, you can create custom policies.