Azure WAf
PutraPribumi4
156 views
19 slides
Jul 31, 2023
Slide 1 of 19
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
About This Presentation
Using Azure Web Application Firewall to protect your web applications and APIs
Slide Content
Using Azure Web Application Firewall to protect your web applications and APIs Teresa Yao, Principal Program Manager, Azure Networking BRK3171
E-Commerce websites Mobile applications Simple websites & web portals Increasing attack surfaces API gateway Custom apps & LOB apps
Web application attack landscape DDoS attacks Brute force attacks that saturate network links and resources Example attacks TCP Syn Flood, UDP Reflection, Amplification, Http(s) flood Web application attacks Exploit web application vulnerabilities Example attacks OWASP TOP 10: SQL injection, Cross Site Scripting, OS command injection, Remote File Inclusion Malicious bots Target both infrastructure and web applications to gain competitive advantage Example attacks Content and Price Scrapers, credential stuffing
Azure WAF Protect web applications in Azure or elsewhere Platform managed, ease of use Highly available, scalable, performant Meet enterprise compliance standards Azure Global WAF (Front Door ) Azure Regional WAF (Application Gateway ) Integrated with Application Gateway, dedicated protection for both public and private web sites Incoming requests Other Cloud On-premises Azure regions Valid requests Integrated with Azure Front Door at network edge, combine application acceleration, caching, and protection Network Edge Locations 2 1 1 2
Azure WAF Key Features Incoming requests logs monitor metrics Powerful custom rules engine Geo-filtering IP restriction http parameters filtering size restriction Conditional rate limiting at Azure network edge Preconfigured OWASP top 10 Bot protection integration with Microsoft Threat Intelligence Easy configuration: Portal, API, PS, Cli , Terraform Azure regions Azure Global WAF (Front Door ) Azure Regional WAF (Application Gateway ) WAF policy OWASP rules Bot management Custom rules Coming soon: exclusion list for WAF at edge
Azure WAF Bot Manager(Preview) Signature based bot classification (NEW) Good bots: Allow Bad bots: Block Unknown bots: Log IP reputation-based bots integrated with Microsoft threat intelligence
Demo Configuration: Unified WAF portal Managed ruleset Bot protection Geo-filtering rule Rate-limiting
WAF protecting public web sites hosted on Azure App Service Enable WAF at network edge with Front Door Latency optimization Lock down Web App to allow only Front Door outbound addresses Use case 1 www.contoso.com Lockdown: IP restriction + XFH rules Region 1 origin1.contoso.com Azure Global WAF (Front Door ) Network Edge location
WAF protecting public web sites hosted on Azure App Service Latency optimization Global load balancing Central WAF policy: No configuration change when adding a second region Use case 1 www.contoso.com Lockdown backends: IP restriction, XFH Region 1 Region 2 origin1.contoso.com origin2.contoso.com Azure Global WAF (Front Door )
internal.contoso.com WAF protecting private websites in Vnet Dedicated WAF in Vnet Load balancing between VMs Internal users access application via VPN Use case 2 VPN On-Premises Azure Regional WAF (Application Gateway ) Private Link Network Service Group
WAF protecting public and private access of LOB WAF at network edge, custom filtering rules Rate limiting Geo filtering http parameters filtering Azure Region Use case 3 origin.contoso.com AKS www.contoso.com VPN On-Premises WAF in region: managed rulesets deny direct internet access to origin IP restriction and XFH rules in region allows access from AFD only
Integration with other Azure services Other examples Service endpoint Azure Firewall Internal load balancer or Application Gateway Application Gateway Azure Global WAF (Front Door ) Private Link origin.app1.contoso.com app2.contoso.com 2 1 Example 1: Azure Firewall for inbound/outbound protection and public IP to private IP mapping Example 2: DDoS protection standard + Application Gateway at app1.contoso.com
WAF at public entry point WAF choices https://docs.microsoft.com/en-us/ azure/architecture/guide/technology-choices/load-balancing-overview
Demo Monitoring, Metrics and Performance Public Internet Web App ( USWest ) https://wafdemofrontdoorwebapp.azurefd.net https://wafdemowebappuswest.azurewebsites.net Azure WAN
userVoice Every Web/API/Mobile application should have WAF protection enabled WAF at edge can protect multiple regions at the same time WAF in region can protect internet as well as ILB/Hybrid scenarios Complete your defense in depth security with Azure DDoS protection, Azure Firewall, Private Link and NSG/ASG Key takeaways https://feedback.azure.com/forums/217313 -networking?category_id=368350
Please evaluate this session Your feedback is important to us! Please evaluate this session through MyEvaluations on the mobile app or website. Download the app: https://aka.ms/ignite.mobileapp Go to the website: https://myignite.techcommunity.microsoft.com/evaluations
Visit aka.ms/MicrosoftIgnite2019/BRK3171 Download slides and resources Access session recordings in 48 hours Ask questions & continue the conversation Find this session in Microsoft Tech Community
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 156
- Slides 19
- Age 853 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views