Azure Application Gateway without Web Application Firewall

Network misconfigurations

Azure Application Gateway without Web Application Firewall

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Description

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications, offering various Layer 7 load-balancing capabilities. Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities, like SQL injections, Cross-Site Scripting, malware uploads, and DDoS attacks. The Azure Application Gateway - {AzureApplicationGateway} is configured without Azure Web Application Firewall, which leaves the Azure Application Gateway`s backend instances not secured.

Recommended Mitigation

It is recommended to review the Azure Application Gateway configuration and if needed enable and configure WAF on the relevant Azure Application Gateway. For more information - section 1.3 - https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/application-gateway-security-baseline

Azure Application Gateway without Web Application Firewall

Description

Need help?