Implement Custom Rules in Azure Web Application Firewall(WAF)

Automate Azure WAF creation with TerraForm

Kalana Wijethunga
4 min readMay 26, 2021
Image from https://securitytoday.com/Articles/2015/02/01/Firewall-Protection.aspx

Web Application Firewall commonly known as WAF is one of the first lines of defense in protecting your web application from malicious attacks.There are 2 types of rules that are supported by Azure WAF.

  1. Managed Rules — These rules are managed by Azure and provide a set of pre-defined firewall rules to be implemented on your WAF. These have been identified as common rules to prevent attacks and battle tested by many of experts in the field. These rules include protection for SQL injections, XSS attacks etc. You can choose which rules you need and enable them on your WAF
  2. Custom Rules — If you are serious about your security, you won’t get satisfied with a set of pre-defined rules, you will need your own rules as well and that’s where custom rules come into play. Custom rules allow the user to define his own rules to protect the application and that’s what we’ll talk about today.

Prerequisites

Please note that you need a valid Azure subscription and resource group created to try this out. If you wanna try and test this out, you’ll need a working Azure FrontDoor as well

Custom Rule Field Explanation

--

--

Kalana Wijethunga
Kalana Wijethunga

Written by Kalana Wijethunga

Software Engineer @WSO2 @CERN| GSoC Participant | @UOM Grad| Computer Science and Engineering

No responses yet