Use Application Gateway WAF policy in prevention mode

Security · Application Gateway · Rule · 2022_09 · Critical

Use protection mode in Application Gateway Web Application Firewall (WAF) policies to protect back end resources.

Description

Application Gateway WAF policies support two modes of operation, detection and prevention. By default, prevention is configured.

• Detection - monitors and logs all requests which match a WAF rule. In this mode, the WAF doesn't take action against incoming requests. To log requests, diagnostics on the Application Gateway instance must be configured.
• Protection - log and takes action against requests which match a WAF rule. The action to perform is configurable for each WAF rule.

Recommendation

Consider setting Application Gateway WAF policy to use protection mode.

Links

• Best practices for endpoint security on Azure
• Securing PaaS deployments
• Web Application Firewall best practices

Comments