Network misconfigurations

Azure Application Gateway without Web Application Firewall

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications, offering various Layer 7 load-balancing capabilities. Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities, like SQL injections, Cross-Site Scripting, malware uploads, and DDoS attacks. The Azure Application Gateway - {AzureApplicationGateway} is configured without Azure Web Application Firewall, which leaves the Azure Application Gateway`s backend instances not secured.

  • Recommended Mitigation

    It is recommended to review the Azure Application Gateway configuration and if needed enable and configure WAF on the relevant Azure Application Gateway. For more information - section 1.3 - <a href="https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/application-gateway-security-baseline" target="_blank" rel="noopener noreferrer">https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/application-gateway-security-baseline</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.