You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/frontdoor/front-door-waf.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ Many web applications have experienced rapid increase of traffic in recent weeks
19
19
20
20
We will be using Azure CLI to set up the WAF in this tutorial, but all these steps are also fully supported in Azure portal, Azure PowerShell, Azure ARM, and Azure REST APIs.
21
21
22
-
###Prerequisites
22
+
## Prerequisites
23
23
24
24
If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
25
25
@@ -35,7 +35,7 @@ az extension add --name front-door
35
35
36
36
Note: For more details of the commands listed below, refer to the [Azure CLI reference for Front Door](https://docs.microsoft.com/cli/azure/ext/front-door/?view=azure-cli-latest).
37
37
38
-
###Step 1: Create an Azure Front Door (AFD) resource
38
+
## Step 1: Create an Azure Front Door (AFD) resource
In the response you get from successfully executing this command, look for the key "hostName" and note down its value to be used in a later step. The hostName is the DNS name of the AFD resource you had created
54
54
55
-
###Step 2: Create an Azure WAF profile to use with Azure Front Door resources
55
+
## Step 2: Create an Azure WAF profile to use with Azure Front Door resources
@@ -70,7 +70,7 @@ In the response you get from successfully executing this command, look for the k
70
70
71
71
/subscriptions/**subscription id**/resourcegroups/**resource group name**/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/**WAF policy name**
72
72
73
-
###Step 3: Add managed rulesets to this WAF policy
73
+
## Step 3: Add managed rulesets to this WAF policy
74
74
75
75
In a WAF policy, you can add managed rulesets that are a set of rules built and managed by Microsoft and gives out of the box protection against entire classes of threats. In this example, we are adding two such rulesets (1) Default ruleset that protects against common web threats and (2) Bot protection ruleset, which protects against malicious bots
--resource-group The resource group you had placed this WAF resource in.
92
92
93
-
###Step 4: Associate the WAF policy with the AFD resource
93
+
## Step 4: Associate the WAF policy with the AFD resource
94
94
95
95
In this step, we will be associating the WAF policy we have built with the AFD resource that is in front of your web application.
96
96
@@ -108,7 +108,7 @@ Note: the above example is for the case where you are not using a custom domain,
108
108
109
109
If you are not using any custom domains to access your web applications, you can skip step #5. In that case, you will be providing to your end users the hostname you obtained in step #1 to navigate to your web application
110
110
111
-
###Step 5: Configure custom domain for your web application
111
+
## Step 5: Configure custom domain for your web application
112
112
113
113
Initially the custom domain name of your web application (the one that customers use to refer to your application, for example, www.contoso.com) was pointing towards the place where you had it running before AFD was introduced. After this change of architecture adding AFD+WAF to front the application, the DNS entry corresponding to that custom domain should now point to this AFD resource. This can be done by remapping this entry in your DNS server to the AFD hostname you had noted in step #1.
114
114
@@ -120,6 +120,6 @@ In addition, you also need to update your AFD configuration to [add this custom
120
120
121
121
Finally, if you are using a custom domain to reach your web application and want to enable the HTTPS protocol, you need to have the [certificates for your custom domain setup in AFD](https://docs.microsoft.com/azure/frontdoor/front-door-custom-domain-https).
122
122
123
-
###Step 6: Lock down your web application
123
+
## Step 6: Lock down your web application
124
124
125
125
One optional best practice to follow is to ensure that only AFD edges can communicate with your web application. This action will ensure that no one can bypass the AFD protections and access your applications directly. You can accomplish this lock down by visiting the [FAQ section of AFD](https://docs.microsoft.com/azure/frontdoor/front-door-faq) and referring to the question regarding locking down backends for access only by AFD.
0 commit comments