使用 Azure 应用程序网关阻止所有 http/https 流量的 WAF 规则

Question

When configuring WAFs I'm used to configuring the lowest priority rule to block all inbound http/https traffic. I then add higher priority allow rules to open up the access I require.

I cant see how I can create a "block all" rule in the Azure Application Gateway's WAF custom rules?

Answer 1

So.. this is how you can do this (apologies the config is in terraform format)

custom_rules { name = "blockAllPaths" priority = 90 rule_type = "MatchRule"

match_conditions {
  match_variables {
    variable_name = "RequestUri"
  }
  operator           = "BeginsWith"
  negation_condition = false
  match_values       = ["/"]
}

action = "Block"

}

Answer 2

There is no way to "block all traffic" rule in Azure Application Gateway's WAF,because its helps your web to safe from some common threats only

Azure WAF is a web application firewall that helps protect your web applications from common threats such as SQL injection, cross-site scripting, and other web exploits. You can define a WAF policy consisting of a combination of custom and managed rules to control access to your web applications.

Azure Application Gateway Web Application Firewall (WAF) v2 comes with a pre-configured, platform-managed ruleset that offers protection from many different types of attacks. If you're a WAF admin, you may want to write your own rules to augment the core rule set (CRS) rules. Your rules can either block or allow requested traffic based on matching criteria.

Plese refer this document for what are the rule currently available for WAF. In the Document there is no rule for block all traffic.

Please refer this document for more information about custome rule. Custome rule is just help you use more than one rule based on different condition (which provided in above document only).These rules hold a higher priority than the rest of the rules in the managed rule sets