Skip to content

Azure application gateway does not have WAF enabled

Description

WAF is a security feature that provides protection for web applications by inspecting incoming traffic and blocking malicious requests before they reach the application. When WAF is enabled on an Azure application gateway, it analyzes incoming traffic to the gateway and blocks requests that are determined to be malicious based on a set of rules. This can help to protect your application from a variety of threats, such as SQL injection attacks, cross-site scripting (XSS) attacks, and other types of attacks.

Fix - Buildtime

Terraform

  • Resource: azurerm_application_gateway
  • Argument: waf_configuration.enabled
resource "azurerm_application_gateway" "network" {
              ...
+             waf_configuration {
+               enabled = true
              }
            }