37 C
Monday, July 22, 2024

Implementing Application Gateway with Web Application Firewall

Let’s implement Web Application Gateway with Web Application Firewall, Assuming the backend is an App Service which is my case, the Custom domain is added to the in-app service with SNI SSL. See Restricting App Service through Application Gateway

The following Naming Convention is used as per Microsoft’s Recommendations, You can always make it flexible in the way you interpret and understand it better.

az – Denotes Azure
vp – Project Reference
uaen – UAE North
appgw – Application Gateway

  • az-vp-np-uaen-appgw
  • az-vp-np-uaen-appgw-be (Backend )
  • az-vp-np-uaen-appgw-rule
  • az-vp-np-uaen-appgw-listener
  • az-vp-np-uaen-appgw-be-settings
  • az-vp-np-uaen-appgw-hb (Health Probe)
  • az-vp-np-uaen-appgw-ssl-profile

Let’s create an Application Gateway – Using a Dedicated Subnet for my Application Gateway

Associate a Public IP from a Public IP Prefix

Add a backed Pool

Add Backend pool

Add a routing rule attaching a pfx file (Ideally from Key Vault)

Choose backend Targets – Use Well know CA Certificate

Frontends – Routing Rules and Backend Pools are configured now

Create the Application Gateway

Add Custom Health Probe – Apply Host with backend custom domain

Now the site is up using Application Gateway – The A Record is pointing to Application Gateway. As to have better HA ( High Availability ) you need to use traffic manager or Azure Front Door with CDN for different scenarios. Azure Front door is peace of mind as SSL can be managed and renewed automatically.

Enable WAF V2 – Prevention

OWASP 3.0 is used in this case

Create SSL Profile with TLS 1.3

Update SSL profile in Listener (The one we created above)

Now you can see the CIPHERS are hardened.

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles



Please enter your comment!
Please enter your name here

× How can I help you?