Microsoft is constantly adding new features to its Azure platform to become more competitive with the likes of Amazon Web Services and Google Cloud. It recently rolled out Azure Analysis Services in eastern Japan and southern UK, and now the company has announced the general availability of the Web Application Firewall for protection from common types of web attacks.
With the Web Application Firewall Gateway, users can protect up to 20 web sites or applications from the following attacks:
- SQL injection
- Cross site scripting
- Common attacks such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion attack
- HTTP protocol violations
- HTTP protocol anomalies
- Bots, crawlers, and scanners
- Common application misconfigurations (e.g. Apache, IIS, etc.)
- HTTP Denial of Service
The key benefit of the gateway is of course, the minimal configuration to get a standard penetration proof gateway based on OWASP ModSecurity Core Rule Set, that can be managed using a REST API or through the Azure Portal with predefined rules. It is also easy to monitor the gateway using logs provided by the Azure Monitor.
Azure admins can convert their standard gateways to the Web Application Firewall Gateway from the Azure Portal, or they can try it out before subscribing. The plans and further details are available on Microsoft's official site.
Source: Microsoft Azure Blog