Use Front Door WAF policy in prevention mode

Security · Front Door · Rule · 2020_06 · Critical

Use protection mode in Front Door Web Application Firewall (WAF) policies to protect back end resources.

Description

Front Door WAF policies support two modes of operation, detection and prevention. By default, prevention is configured.

• Detection - monitors and logs all requests which match a WAF rule. In this mode, the WAF doesn't take action against incoming requests. To log requests, diagnostics on the Front Door instance must be configured.
• Protection - log and takes action against requests which match a WAF rule. The action to perform is configurable for each WAF rule.

Recommendation

Consider setting Front Door WAF policy to use protection mode.

Links

• SE:06 Network controls
• Securing PaaS deployments
• Policy settings for Web Application Firewall on Azure Front Door
• Azure deployment reference

Comments