🛡️ Azure Application Gateway Web Application Firewall is not enabled🟢

Contextual name: 🛡️ Application Gateway Web Application Firewall is not enabled🟢
ID: /ce/ca/azure/application-gateway/web-application-firewall
Tags:
- 🟢 Policy with categories
- 🟢 Policy with type
- 🟢 Production policy
Policy Type: COMPLIANCE_POLICY
Policy Categories: SECURITY

Logic

🧠 prod.logic.yaml🟢
- 📗 Azure Application Gateway
- 🔌 Azure Application Gateway - object.extracts.yaml
- 🧪 test-data.json

Description

Description

This policy identifies Azure Application Gateways that do not have a Web Application Firewall Policy. Azure WAF helps protect applications from common exploits and attacks by inspecting and filtering incoming traffic.

Rationale

Using Azure Web Application Firewall with Azure Application Gateway reduces exposure to external threats by mitigating attacks on public facing applications.

Impact

The WAF V2 tier for Azure Application Gateways costs more than the Basic and Standard V2 tiers. Pricing includes a fixed hourly charge plus a charge per capacity-unit hour. Refer to https://azure.microsoft.com/en-gb/pricing/details/application-gateway/ for details.

Audit

This policy flags an Azure Application Gateway as INCOMPLIANT if its WAF Policy is not Enabled.

Default Value

Azure Web Application Firewall is enabled by default for the WAF V2 tier of Azure Application Gateway. It is not available in the Basic tier. Application gateways deployed using the Standard V2 tier can be upgraded to the WAF V2 tier to enable Azure Web Application Firewall.

... see more

Remediation

Open File

Remediation

Note: Basic tier application gateways cannot be upgraded to the WAF V2 tier. Create a new WAF V2 tier application gateway to replace a Basic tier application gateway.

From Azure Portal

To remediate a Standard V2 tier application gateway:

Go to Application gateways.

Click Add filter.

From the Filter drop-down menu, select SKU size.

Check the box next to Standard_v2 only.

Click Apply.

Click the name of an application gateway.

Under Settings, click Web application firewall.

Under Configure, next to Tier, click WAF V2.

Select an existing or create a new WAF policy.

Click Save.

Repeat steps 1-10 for each Standard V2 tier application gateway requiring remediation.

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v5.0.0 → 💼 7.10 Ensure Azure Web Application Firewall (WAF) is enabled on Azure Application Gateway (Automated)			1		no data
💼 Cloudaware Framework → 💼 Threat Protection			48		no data

Logic​

Description​

Description​

Rationale​

Impact​

Audit​

Default Value​

Remediation​

Remediation​

From Azure Portal​

policy.yaml​

Linked Framework Sections​

Logic

Description

Description

Rationale

Impact

Audit

Default Value

Remediation

Remediation

From Azure Portal

policy.yaml

Linked Framework Sections