If you are using Application Gateway, with WAF enabled, this article is for you. We will see how to deploy and use a WAF Policy.

This feature will help you to manage rules, policy and custom rules for an Application Gateway or a specific listener or a route path.

To start, deploy a new WAF Policy, choose the Regional WAF as policy:

WAF Policy

Select the OWASP rule set:

Select the OWASP rule set

Customize Policy settings if you need it:

Customize Policy settings

If you need custom rule, select it here:

Сustom rule

Finally, associate the WAF policy with you App Gateway:

Associate the WAF policy with you App Gateway

It is now associated:

Associated

Here, if we modify something is this rule, it will be applied to all listeners on this App Gateway. If you need to do some exceptions, for an OWASP rule, or to allow a specific public IP to access a webpage for example, you can create an additional WAF Policy, and associate it to a specific listener. Let’s do that. I’ll create a new policy, to deny my public ip to access the website starwind.cloudyjourney.fr:

Create s WAF Policy

Let’s associate it with my listener that hosts my website:

Associate it with listener that hosts the website

When the policy is applied and if I navigate to the website, I will have a forbidden message:

Forbidden message

VSAN from StarWind is software-defined storage (SDS) solution created with restricted budgets and maximum output in mind. It pulls close to 100% of IOPS from existing hardware, ensures high uptime and fault tolerance starting with just two nodes. StarWind VSAN is hypervisor and hardware agnostic, allowing you to forget about hardware restrictions and crazy expensive physical shared storage.

Build your infrastructure with off-the-shelf hardware, scale however you like, increase return on investment (ROI) and enjoy Enterprise-grade virtualization features and benefits at SMB price today!

If I change the rule to allow my public ip now, I can browse the URL:

Browse the URL

As you can see, with WAF Policy, you can customize rules for a specific listener (website) without impacting others.

Views All Time
3
Views Today
12
Back to blog
The following two tabs change content below.
Florent Appointaire
Florent Appointaire is Microsoft Engineer with 5 years of experience, specialized in Cloud Technologies (Public/Hybrid/Private). He is a freelance consultant in Belgium from the beginning of 2017. He is MVP Cloud and Datacentre Management. He is MCSE Private Cloud and Hyper-V certified. His favorite products are SCVMM, SCOM, Windows Azure pack/Azure Stack and Microsoft Azure.