Skip to content

Application gateway does not use WAF in Detection or Prevention modes

Description

WAF has two modes: Detection and Prevention. In Detection mode, WAF analyzes incoming traffic to the application gateway and logs any requests that are determined to be malicious based on a set of rules. This can help you to identify potential security threats and take appropriate action to protect your application.

In Prevention mode, WAF analyzes incoming traffic to the application gateway and blocks any requests that are determined to be malicious based on a set of rules. This can help to prevent malicious requests from reaching your application and potentially causing damage.

Fix - Buildtime

Terraform

  • Resource: azurerm_web_application_firewall_policy
  • Argument: policy_settings.enabled + policy_settings.mode
resource "azurerm_web_application_firewall_policy" "example" {
                                            ...
                      policy_settings {
+                       mode                        = "Prevention"
                        request_body_check          = true
                        file_upload_limit_in_mb     = 100
                        max_request_body_size_in_kb = 128
                    }