Microsoft Azure Web Application Firewall (WAF) Generally Available

You can try Application Gateway Web Application Firewall today using portal or ARM templates.

Share online:

Microsoft on Thursday bolstering up protection of applications from web vulnerabilities and attacks made the Web Application Firewall (WAF) general available.

The availability builds on plans announced last September to add WAF to the layer 7 Azure Application Gateway, which is an Application Delivery Controller (ADC) layer 7 network service offering capabilities including SSL termination, true round robin load distribution, cookie-based session affinity, multi-site hosting, and URL path based routing, says Yousef Khalidi.

Application Gateway can host up to 20 websites behind a single gateway, and can protect multiple web apps simultaneously. It provides SSL policy control and end to end SSL encryption to provide better application security hardening.

Azure Web Application Firewall
Azure Web Application Firewall

Following core benefits are provided by WAF:

  • WAF addresses various attack categories including:
  • SQL injection
  • Cross site scripting
  • Common attacks such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion attack
  • HTTP protocol violations
  • HTTP protocol anomalies
  • Bots, crawlers, and scanners
  • Common application misconfigurations (e.g. Apache, IIS, etc.)
  • HTTP Denial of Service
  • Application Gateway WAF is simple to configure, deploy, and manage via the Azure Portal and REST APIs. PowerShell and CLI will soon be available.
  • Administrators can centrally manage WAF rules.
  • Existing Application Gateways can be simply upgraded to include WAF. WAF retains all standard Application Gateway features in addition to Web Application Firewall.
  • Application Gateway WAF provides ability to monitor web apps against attacks using a real-time WAF log integrated with Azure Monitor to track WAF alerts and easily monitor trends.
  • Application Gateway WAF will shortly be integrated with Azure Security Center for a centralized security view of all Azure resources.
  • Application Gateway WAF can be run in detection or prevention mode.
  • Application Gateway WAF uses one of the most popular WAF deployments – OWASP ModSecurity Core Rule Set to protect against the most common web vulnerabilities, explains Khalidi.
  • Citrix XenDesktop Essentials, the promised Citrix Cloud service which allows to run Windows 10 Enterprise desktops virtually on Microsoft Azure is available now for purchase for a $12 per user per month costing.

    Another virtualization offering from Citrix called "XenApp Essentials" (formerly XenApp Express) meant to replace Microsoft's Azure RemoteApp, is also available in the Azure Marketplace as on today.

    While XenDesktop Essentials allows users to run Windows 10 desktops virtually, the XenApp Essentials service lets them have business apps delivered remotely from Azure. "XenApp Essentials is the fastest and easiest way to securely deliver Windows apps from Microsoft Azure to any Device," reads the Marketplace listing.

    "Citrix and Microsoft deliver an integrated experience that simplifies onboarding for XenApp Essentials and Azure IaaS (Infrastructure as a Service), providing a single interface to design, deploy and deliver virtualized Windows apps from Azure."

    citrix xendesktop and xenapp essentials pricing chart

    Microsoft has also released Update 1703 for Configuration Manager Technical Preview Branch with following new preview features included:

    • Windows Analytics Commercial ID and Windows telemetry levels can be specify along with commercial data, and Internet Explorer data collection settings in Client Settings for use with Upgrade Analytics.
    • UEFI conversion tool can now be include while customizing a Windows 10 in-place upgrade task sequence.
    • Groups in the task sequence editor can be collapsed or expanded.
    • Azure Services wizard provides a common configuration for the cloud Azure services you use with ConfigMgr.
    • Direct links to applications in Software Center – means users no longer must open Software Center and search for an application before they can install it.
    • Import PFX certificate feature for ConfigMgr clients running on Windows 10 desktops.

    This release additionally also includes following improvement for customers using System Center Configuration Manager connected with Microsoft Intune to manage mobile devices:

    "Apple Volume Purchase Program (VPP) enhancements – Support has been added to tag education vs business volume purchase program tokens, device licensing, and adding multiple volume purchase program tokens."