last sync: 2021-May-14 16:08:20 UTC

Azure Policy definition

Web Application Firewall (WAF) should be enabled for Application Gateway

Name Web Application Firewall (WAF) should be enabled for Application Gateway
Azure Portal
Id 564feb30-bf6a-4854-b4bb-0d2d2d1e6c66
Version 1.0.1
details on versioning
Category Network
Microsoft docs
Description Deploy Azure Web Application Firewall (WAF) in front of public facing web applications for additional inspection of incoming traffic. Web Application Firewall (WAF) provides centralized protection of your web applications from common exploits and vulnerabilities such as SQL injections, Cross-Site Scripting, local and remote file executions. You can also restrict access to your web applications by countries, IP address ranges, and other http(s) parameters via custom rules.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-12-11 15:42:52 change Patch (1.0.0 > 1.0.1) *changes on text case sensitivity are not tracked
2020-07-08 14:28:08 add 564feb30-bf6a-4854-b4bb-0d2d2d1e6c66
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Deprecated
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
[Preview]: New Zealand ISM Restricted d1a462af-7e6d-4901-98ac-61570b4ed22a Regulatory Compliance Preview
Azure Security Benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA
JSON Changes

JSON
{
  "properties": {
    "displayName": "Web Application Firewall (WAF) should be enabled for Application Gateway",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Deploy Azure Web Application Firewall (WAF) in front of public facing web applications for additional inspection of incoming traffic. Web Application Firewall (WAF) provides centralized protection of your web applications from common exploits and vulnerabilities such as SQL injections, Cross-Site Scripting, local and remote file executions. You can also restrict access to your web applications by countries, IP address ranges, and other http(s) parameters via custom rules.",
    "metadata": {
      "version": "1.0.1",
      "category": "Network"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Network/applicationGateways"
          },
          {
            "field": "Microsoft.Network/applicationGateways/webApplicationFirewallConfiguration",
            "exists": "false"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "564feb30-bf6a-4854-b4bb-0d2d2d1e6c66"
}