Web Application Firewall
The presented resiliency recommendations in this guidance include Web Application Firewall and dependent resources and settings.
Summary of Recommendations
| Recommendation | Category | Impact | State | ARG Query Available |
|---|---|---|---|---|
| WAF-1 - Review logs for Web Application Firewall on Azure Front Door for legitimate requests that are blocked | Monitoring | Medium | Preview | No |
| WAF-2 - Review logs for Web Application Firewall on Azure Application Gateway for legitimate requests that are blocked | Monitoring | Medium | Preview | No |
| WAF-3 - Monitor Web Application Firewall | Monitoring | Medium | Preview | No |
Recommendations Details
WAF-1 - Review logs for Web Application Firewall on Azure Front Door for legitimate requests that are blocked
Category: Monitoring
Impact: Medium
Guidance
WAF could block a legitimate request that it shouldn’t (a false positive). You can identify requests that have been blocked within the last 24 hours through Log Analytics.
Resources
- Azure Web Application Firewall monitoring and logging - Access Log
- Understanding WAF logs
- Web Application Firewall exclusion lists
- Fixing a false positive
Resource Graph Query
// cannot-be-validated-with-arg
WAF-2 - Review logs for Web Application Firewall on Azure Application Gateway for legitimate requests that are blocked
Category: Monitoring
Impact: Medium
Guidance
WAF could block a legitimate request that it shouldn’t (a false positive). You can identify requests that have been blocked within the last 24 hours through Log Analytics.
Resources
Resource Graph Query
// cannot-be-validated-with-arg
WAF-3 - Monitor Web Application Firewall
Category: Monitoring
Impact: Medium
Guidance
Monitoring the health of your WAF and the applications that it protects is important. Health monitoring is supported by integration with Microsoft Defender for Cloud, Azure Monitor, and Azure Monitor logs.
Resources
Resource Graph Query
// cannot-be-validated-with-arg