The Schwartz Report

Blog archive

Microsoft Adds Web Application Firewall to Azure Application Gateway

Looking to protect sites running in its public cloud from malicious attacks, Microsoft this week released its new Web Application Firewall (WAF) option for its Azure Application Gateway and HTTP load-balancing service.

Microsoft said its new centralized WAF service, announced last fall at Microsoft's Ignite conference, will protect Web apps running with the Azure Application Gateway from common exploits such as SQL injections and cross-site scripting attacks.

Preventing Layer-7 app-level attacks is difficult, requiring laborious maintenance, patching and monitoring throughout the application tiers, according to Yousef Khalidi, Microsoft corporate VP for Azure Networking. "A centralized Web application firewall (WAF) protects against Web attacks and simplifies security management without requiring any application changes," Khalidi said in a blog post this week announcing the release of the Azure WAF service. "Application and compliance administrators get better assurance against threats and intrusions."

Microsoft's Azure Application Gateway is the company's Application Delivery Controller (ADC) Layer-7 network service, which includes SSL termination, load distribution and URL path-based routing and can host multiple sites, according to Khalidi. The new ADC service in Azure also offers SSL policy control and end-to-end SSL encryption and logging.

"Web Application Firewall integrated with Application Gateway's core offerings further strengthens the security portfolio and posture of applications protecting them from many of the most common Web vulnerabilities, as identified by Open Web Application Security Project's (OWASP) top 10 vulnerabilities," Khalidi noted. The WAF comes with OWASP ModSecurity Core Rule Set (3.0 or 2.2.9), designed to protect against these common threats, he added.

Besides SQL injection and cross-site scripting, Khalidi noted the WAF offering protects against command injection, HTTP request smuggling, HTTP response splitting and remote file inclusion attacks. It also addresses HTTP protocol violations, bots, crawlers,  scanners and common misconfiguration of application infrastructures, notably in IIS and Apache.

As one would expect from a WAF, Microsoft's new services is designed to fend off denial-of-service attacks occurring simultaneously against multiple Web apps. Microsoft Azure Application Gateway can currently host up to 20 sites behind each gateway, all of which can defend against such attacks. The service is offered with the medium and large Azure Application Gateway types. It costs $94 and $333 per month, respectively.

Microsoft said it intends to add the new WAF service through its Azure Security Service, which scans cloud-based subscriptions for vulnerabilities and recommends ways to remediate issues that are discovered. That service currently didn't include protection of Web apps that aren't scanned by a WAF, though the service does offer third-party firewalls from Barracuda Networks Inc., Check Point Software Technologies Inc., Cisco, CloudFlare, F5, Fortinet Inc., Imperva Inc. and Trend Micro, among others.

Posted by Jeffrey Schwartz on 03/31/2017 at 11:48 AM


  • AI, IoT and Machine Learning To Challenge Traditional Networking

    The next phase of networking will depend on IT learning to wrangle modern technologies in ways that simplify operations and help humans make decisions, according to a new report by Cisco.

  • Coming in 2020: .NET 5, The Next Phase of Microsoft's .NET Framework

    .NET 5 (no "Core" and no "Framework") will mark the transition from the aging, proprietary, Windows-only .NET Framework to a modern, open source, cross-platform .NET.

  • What Computing Will Look Like in 2030: Top 5 Tech Predictions for the Next Decade

    For better or worse, the next 10 years will bring more intelligent devices to more areas of our daily lives. From the proliferation of AI to what that means for user privacy, here are Brien's tech predictions for 2020 and beyond.

  • Azure Arc: A Deeper Look at Microsoft's Multicloud Play

    Arguably one of Microsoft's biggest announcements this year was the introduction of Azure Arc at Ignite. But is this really a game-changer or is Microsoft just falling for the multicloud buzz?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.