24.5 C
Dubai
Tuesday, December 6, 2022

Implementing Application Gateway with Web Application Firewall

Let’s implement Web Application Gateway with Web Application Firewall, Assuming the backend is an App Service which is my case, the Custom domain is added to the in-app service with SNI SSL. See Restricting App Service through Application Gateway

The following Naming Convention is used as per Microsoft’s Recommendations, You can always make it flexible in the way you interpret and understand it better.

az – Denotes Azure
vp – Project Reference
uaen – UAE North
appgw – Application Gateway

  • az-vp-np-uaen-appgw
  • az-vp-np-uaen-appgw-be (Backend )
  • az-vp-np-uaen-appgw-rule
  • az-vp-np-uaen-appgw-listener
  • az-vp-np-uaen-appgw-be-settings
  • az-vp-np-uaen-appgw-hb (Health Probe)
  • az-vp-np-uaen-appgw-ssl-profile


Let’s create an Application Gateway – Using a Dedicated Subnet for my Application Gateway

Associate a Public IP from a Public IP Prefix

Add a backed Pool

Add Backend pool

Add a routing rule attaching a pfx file (Ideally from Key Vault)

Choose backend Targets – Use Well know CA Certificate

Frontends – Routing Rules and Backend Pools are configured now

Create the Application Gateway

Add Custom Health Probe – Apply Host with backend custom domain

Now the site is up using Application Gateway – The A Record is pointing to Application Gateway. As to have better HA ( High Availability ) you need to use traffic manager or Azure Front Door with CDN for different scenarios. Azure Front door is peace of mind as SSL can be managed and renewed automatically.

Enable WAF V2 – Prevention

OWASP 3.0 is used in this case

Create SSL Profile with TLS 1.3

Update SSL profile in Listener (The one we created above)

Now you can see the CIPHERS are hardened.

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Specialized in Microsoft Azure - Office 365 / Microsoft Exchange; conducted numerous projects worldwide in designing, supporting, and implementing messaging and virtualization infrastructure for medium-sized and large enterprises. Further, I am a Cloud Architect and Technical Advisor for various start-ups.

Related Articles

2 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

× How can I help you?