Description
This policy identifies Azure Application Gateways whose Web Application Firewall is not configured with a Bot Manager Rule Set. Enable bot protection on the Web Application Firewall to block or log requests from known malicious IP addresses identified through the Microsoft Threat Intelligence feed.
Rationaleβ
Internet traffic from bots can scrape, scan, and search for application vulnerabilities. Enabling bot protection stops requests from known malicious IP addresses and enhances the overall security of your application by reducing exposure to automated attacks.
Impactβ
May require monitoring to identify false positives.
Auditβ
This policy flags an Azure Application Gateway as INCOMPLIANT if:
- it has no WAF Policy configured, or
- the WAF Policy has no managed rule set with the ruleSetType of Microsoft_BotManagerRuleSet, or
- the Microsoft_BotManagerRuleSet has ruleGroupOverrides for the KnownBadBots ruleGroupName in Disabled state.
Default Valueβ
Bot protection is disabled by default on Azure Application Gateways with Web Application Firewall.
Referencesβ
- https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection-overview
- https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection
- https://learn.microsoft.com/en-us/cli/azure/network/application-gateway
- https://learn.microsoft.com/en-us/cli/azure/network/application-gateway/waf-policy
- https://learn.microsoft.com/en-us/cli/azure/network/application-gateway/waf-policy/managed-rule/rule-set