Zoomtutorials
  • Cloud
    • Cloud Hosting
      • AWS
      • Azure
      • GCP
      • Oracle Cloud
      • Alibaba Cloud
      • IBM Cloud
      • DigitalOcean
      • Linode
  • DevOps
    • DevOps Tools
      • Terraform
      • Git
      • GitHub
      • Jenkins
      • Docker
      • Kubernetes
      • Ansible
      • Python
      • Monitoring
    • Azure DevOps
      • Azure Boards
      • Azure Repos
      • Azure Pipelines
      • Azure Test Plans
      • Azure Artifacts
      • Extensions Marketplace
    • AWS DevOps
      • CodeStar
      • CodeCommit
      • CodeBuild
      • CodeDeploy
      • CodePipeline
      • CodeArtifact
  • Programming
    • Application
      • Magento 2
      • Magento
      • WordPress
      • PHP
      • .Net
      • .Net Core
      • NodeJS
      • JAVA
    • Database
      • Microsoft SQL Server
      • MySQL
      • MariaDB
      • Amazon Aurora
      • SQL Proxy
    • Web Server
      • IIS
      • Apache
      • NGINX
      • Tomcat
      • NodeJS
    • Microsoft Dynamics ERP
      • Dynamics 365
        • D365 FnO
        • D365 BC
      • Dynamics AX
      • Dynamics NAV
      • Dynamics GP
      • Dynamics CRM
  • HowTos
    • Linux OS
      • RHEL
      • Ubuntu
      • CentOS
      • Fedora
      • Debian
    • Linux Tips
      • Linux Commands
      • Linux Tricks
      • Linux Cheatsheet
    • Windows OS
      • Server 2019
      • Server 2016
      • Server 2012
      • Server 2008
      • Windows 11
      • Windows 10
      • Windows 8
      • Windows 7
    • Windows Tips
      • Windows Commands
      • Windows Shortcuts
    • Microsoft
      • Office 365
      • Microsoft 365
      • SharePoint
      • MS Dynamics ERP
  • Tools
    • Monitoring
      • New Relic
      • ELK Stack
      • Loggly
      • DataDog
      • Papertrial
      • Graylog
      • UptimeRobot
    • Security
      • Firewall
      • Internet Security
      • Antivirus
    • Backup
      • SQL Backup
      • Iperius Backup
  • Hire Us
  • Courses
  • Submit Tutorials
  • More…
    • …
      • Services
      • News
      • Write For Us
      • Community
      • Donate ❤️
      • Contact Us
Facebook Twitter Instagram
Zoomtutorials
  • Cloud
    • Cloud Hosting
      • AWS
      • Azure
      • GCP
      • Oracle Cloud
      • Alibaba Cloud
      • IBM Cloud
      • DigitalOcean
      • Linode
  • DevOps
    • DevOps Tools
      • Terraform
      • Git
      • GitHub
      • Jenkins
      • Docker
      • Kubernetes
      • Ansible
      • Python
      • Monitoring
    • Azure DevOps
      • Azure Boards
      • Azure Repos
      • Azure Pipelines
      • Azure Test Plans
      • Azure Artifacts
      • Extensions Marketplace
    • AWS DevOps
      • CodeStar
      • CodeCommit
      • CodeBuild
      • CodeDeploy
      • CodePipeline
      • CodeArtifact
  • Programming
    • Application
      • Magento 2
      • Magento
      • WordPress
      • PHP
      • .Net
      • .Net Core
      • NodeJS
      • JAVA
    • Database
      • Microsoft SQL Server
      • MySQL
      • MariaDB
      • Amazon Aurora
      • SQL Proxy
    • Web Server
      • IIS
      • Apache
      • NGINX
      • Tomcat
      • NodeJS
    • Microsoft Dynamics ERP
      • Dynamics 365
        • D365 FnO
        • D365 BC
      • Dynamics AX
      • Dynamics NAV
      • Dynamics GP
      • Dynamics CRM
  • HowTos
    • Linux OS
      • RHEL
      • Ubuntu
      • CentOS
      • Fedora
      • Debian
    • Linux Tips
      • Linux Commands
      • Linux Tricks
      • Linux Cheatsheet
    • Windows OS
      • Server 2019
      • Server 2016
      • Server 2012
      • Server 2008
      • Windows 11
      • Windows 10
      • Windows 8
      • Windows 7
    • Windows Tips
      • Windows Commands
      • Windows Shortcuts
    • Microsoft
      • Office 365
      • Microsoft 365
      • SharePoint
      • MS Dynamics ERP
  • Tools
    • Monitoring
      • New Relic
      • ELK Stack
      • Loggly
      • DataDog
      • Papertrial
      • Graylog
      • UptimeRobot
    • Security
      • Firewall
      • Internet Security
      • Antivirus
    • Backup
      • SQL Backup
      • Iperius Backup
  • Hire Us
  • Courses
  • Submit Tutorials
  • More…
    • …
      • Services
      • News
      • Write For Us
      • Community
      • Donate ❤️
      • Contact Us
Facebook Twitter Instagram YouTube LinkedIn
Zoomtutorials
Azure

Azure Web Application Firewall (WAF) Use Cases

ZT Senior EditorBy ZT Senior EditorApril 15, 2020Updated:September 14, 2020No Comments4 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest Email

Why we need a WAF?

Just as an online retail customer can interact with an online retail site, hackers can conduct malicious interactions as well.  These attacks predominantly occur as SQL injections, cross-site scripting and malicious file executions.  A modern day WAF is designed to protect against these and other OWASP Top Ten application risks.  Azure WAF is able to discern fraudulent interactions from legitimate traffic.  This is a highly complex task as hackers today weave their attack code within safe-looking website traffic.  A WAF accomplishes this by intercepting and analyzing each and every HTTP request before they reach the web application.

WAF is also designed to perform SSL termination.  Much of today’s web traffic is encrypted in order to protect the data being transferred within the web session.  HTTPS works both ways however, in that it also protects malicious hacking code from being scrutinized as well.  Many hackers take advantage of this, using HTTPS as a camouflage to avoid detection.

Because a WAF stands between the public and the web application, it is able to decouple the traffic between the web server and the internet.  SSL certificates are hosted on the WAF, thus terminating the encrypted connection.

azure waf
Image: Azure Web Application Firewall

Use Cases:

1: Protect websites and applications

The primary function of a WAF is to protect applications that communicate over HTTP, including websites, API endpoints, and server less functions.

WAFs are the first layer of defence for the web. They can detect and block known and unknown attacks, lock down insecure systems, prevent data leaks, control access to URLs and ports, and mitigate the risk of inadequately configured servers.

A WAF provides all the benefits of a regular network firewall and more. It can detect advanced attacks such as the ones described in the OWASP Top 10 Threats list, enforce security policies, and ensure SSL security mechanisms.

2: Comply with security and regulatory standards

While threat prevention is the primary use case for a WAF, it’s not by any means the only one. Any website that processes or stores credit card data must comply with the Payment Card Industry Data Security Standard (PCI-DSS). Non-compliance can have grave consequences; breaches or credit card frauds in uncertified systems are heavily fined.

PCI-DSS mandates that websites must pass a security assessment (Requirement 6.6). The requirement can be fulfilled either by a code review—which can be expensive—or by setting up a WAF. Adopting a WAF can be the quickest and most efficient way to comply with regulatory requirements.

3: Control bots and prevent DDoS attacks

Bots are taking over. A third way in which WAFs can help us is by controlling their access to our systems.

On the Internet, there are good bots and bad bots. The good ones are fundamental for keeping things working. The bad ones will try to scrape content from websites, send spam, steal information, install malware, abuse APIs, brute force passwords, or initiate a DDoS attack.

Bots can cause damage by amplifying the effect of exploits or by over-utilizing resources and causing unexpected costs.  WAF can block repeated access from bots with fine-grained rate limits and CAPTCHA rules.

4: Patch vulnerabilities

No code is perfect. Despite the best efforts to secure an application, there will always be some chance of vulnerabilities sneaking into production. When that happens, it can take some time until a solution is found and a patch is released.

The situation is even worse when a third party owns the code. Some vendors can take several days or weeks to release a patch. For instance, WordPress, the most popular CMS platform in the world (and the most hacked), releases security patches on a monthly schedule. Some of its plugins can have even more infrequent release schedules.

Unmaintained code is another problem altogether. When the source is no longer available, there is no way to patch it. In such cases where there is no suitable alternative, a WAF can be the only way of securing and locking down these systems.

5: Detect intrusions in real-time

Administrators and security teams have to keep track of traffic in real-time to detect attacks and act accordingly. On distributed systems, this is difficult because logs are scattered among many heterogeneous interfaces. Oftentimes intrusions are only detected hours or days after taking place.

A WAF acts as a central point of logging and metrics collection, with a particular focus on security. Administrators can monitor traffic, detect attacks in real-time, and take appropriate actions. WAF logs are also vital for diagnosing and assessing previous attack attempts.

azure waf
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Avatar photo
ZT Senior Editor
  • Website

The editor is the founder and chief editor of ZoomTutorials Blog, a leading tutorials and technology blogging site specializing in DevOps, SysAdmin and Cloud Technologies to help IT professionals in their day to day work. He is a Senior Cloud and DevOps Solutions Engineer at a leading eCommerce development Company and has more than 11+ years of Cloud, DevOps and SysAdmin experience working with Fortune 500 companies to solve their most important IT backbones. He lives in Hyderabad with his wife, a son and a daughter.

Related Posts

Open Web Application Security (OWASP) Rules

April 9, 2020

How to implement multi-website on single Azure Application Gateway WAF

April 9, 2020

How to Create and Deploy Azure Firewall

March 28, 2020

Leave A Reply Cancel Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Buy Me a Coffee Plz...

Get our latest tutorials
Recent Posts
  • Install Latest Git 2.x on CentOS/RHEL
  • How to Use the slmgr Command in Windows
  • How To Extend Windows Server Evaluation after Trial Period Expiry
  • List of Useful Magento 2 Commands
  • Magento 2 Commands and the Use Cases
  • MySQL and MariaDB Performance Tuning and Optimization
  • Microsoft Dynamics AX End of Support/Life
  • Magento Community read/write splitting with Database Proxy
  • Git Commands for developers and sysadmins
  • Install the git credential-oskeychain
December 2022
M T W T F S S
 1234
567891011
12131415161718
19202122232425
262728293031  
« Aug    
Archives
Facebook Twitter Instagram YouTube LinkedIn
  • Donation ❤️
  • About
  • Services
  • Submit Tutorials
  • Contact Us
  • Privacy Policy
  • Terms of Use
Copyright © 2023 by ZT Consulting. Designed with ❤️ by CloudSols.com. Hosting Partner Contabo.com. SSL Partner SSL.com. Monitoring Partner UptimeRobot.com

Type above and press Enter to search. Press Esc to cancel.