Implement Custom Rules in Azure Web Application Firewall(WAF)
Automate Azure WAF creation with TerraForm
4 min readMay 26, 2021
Web Application Firewall commonly known as WAF is one of the first lines of defense in protecting your web application from malicious attacks.There are 2 types of rules that are supported by Azure WAF.
- Managed Rules — These rules are managed by Azure and provide a set of pre-defined firewall rules to be implemented on your WAF. These have been identified as common rules to prevent attacks and battle tested by many of experts in the field. These rules include protection for SQL injections, XSS attacks etc. You can choose which rules you need and enable them on your WAF
- Custom Rules — If you are serious about your security, you won’t get satisfied with a set of pre-defined rules, you will need your own rules as well and that’s where custom rules come into play. Custom rules allow the user to define his own rules to protect the application and that’s what we’ll talk about today.
Prerequisites
Please note that you need a valid Azure subscription and resource group created to try this out. If you wanna try and test this out, you’ll need a working Azure FrontDoor as well
