Microsoft has announced that the Web Application Firewall (WAF) bot protection feature has reached general availability on Azure Application Gateway starting this week.
Azure web application firewall (WAF) is a cloud-native service designed to protect customer web applications from bot attacks, common exploits, and common web vulnerabilities, including cross-site scripting, SQL injection, broken authentication, security misconfigurations, and more.
Azure WAF can be deployed with a single click in minutes with Microsoft’s Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network (CDN) service.
“We are announcing the general availability of the Web Application Firewall (WAF) bot protection feature in Application Gateway”, Microsoft saying on Friday.
“This feature allows users to enable a set of managed bot protection rules for their WAF to block or log requests from known malicious IP addresses.”
The newly added bot protection rule set can also be used in conjunction with the OWASP Core Rule Sets (CRS) to provide additional protection for your web applications.
Threat agents can use malicious bots blocked with this new set of managed bot protection rules for various malicious or resource-consuming tasks, such as scraping, scanning, and searching for vulnerabilities in web applications.
Once the bot protection rule is configured in Azure WAF through Application Gateway, bots using known malicious IP addresses from the Microsoft Threat Intelligence source are automatically blocked from using their servers’ resources or resources. check for exploitable security gaps.
“The list of known bad IP bot mitigation rules is updated multiple times a day from Microsoft’s threat intelligence feed to stay in sync with bots,” Microsoft explains. “Your web applications are continuously protected even as bot attack vectors change.”
Additional information on how to configure bot protection for Web Application Firewall is available at Microsoft Azure Product Documentation Website.
The steps required to configure a set of bot protection rules include:
- Create a basic WAF policy for Application Gateway by following the instructions in Create web application firewall policies for Application Gateway.
- In the basic policy page you created earlier, at Settings, Select Rules.
- On the details page, under the Manage rules section, from the drop-down menu, select the bot protection rule checkbox and then select Save.