Azure Front Door and Web Application Firewall (WAF)

What is Azure?

Azure is a cloud computing platform and an online portal to access, manage resources and services which actually means that building, testing, deploying, and managing applications are provided by Microsoft. Azure support multiple programming languages like C#, Node.JS, Java etc and frameworks including both Microsoft and 3rd party softwares.

Azure Front Door Service

 

 

Azure Front Door Service started on April 4th, 2019. It is compared with Azure Traffic Manager. This additionally gives worldwide HTTP load adjusting to circulate traffic across various Azure regions, cloud suppliers or even with your on-premises. When compared to traffic manager, Azure AzureFront door service provides instant failover and better performance because it uses Anycast, which provides lower latency.

Users experience preferred high performance over traffic manager in light of the fact that AFD utilizes Anycast, which gives lower latency and in this way giving better performance. You can change your global customers and enterprises applications into powerful API high-performance modern applications using AFD.

Azure Front Door provides a wide range of backend health monitoring choices and traffic-routing methods to suit distinctive application needs and automatic failover models.

Differences between Front Door and Traffic Manager

 

Front Door Features

  • Accelerate application performance

Front door uses split TCP-based anycast protocol and it makes sure that the end users quickly connect to the closest Front Door Point of Presence.

  • Increase application availability with smart health probes

Front Door delivers high accessibility for your basic applications utilising its smart health probes, monitoring your backends for both latency and accessibility and delivering instant automatic failover when a backend goes down. In this way, planned maintenance operations can be run on your applications without any downtime. Front Door guides traffic to alternative backends during an ongoing maintenance.

You can run scheduled maintenance operations on the applications without any downtime. Because AFD provides high availability for the critical applications using its smart health probes, it monitors your backends for both latency and availability and provides instant automatic failover when a backend goes down.

  • URL-based routing

URL Path Based Routing permits you to course traffic to backend pools dependent on URL path of the solicitation.

  • Multiple-site hosting

Multiple site hosting allows you to configure more than one website on the same configuration.

  • Session affinity

It is useful when you want to keep a user session on the same application backend. It is significant in situations where session state is saved locally on the backend for a user session.

  • Application layer security

It allows you to write custom Web Application Firewall (WAF) rules for access control to protect the HTTP/HTTPS workload from misuse on client IP addresses, country code, and http parameters. It also enables you to create rate limiting rules to battle malicious bot traffic.

  • URL redirection

Web applications automatically redirect any HTTP traffic to HTTPS. It will promise that all communication between the user and the application happens over an encrypted path.

 

Azure Web Application Firewall

Azure Web Application Firewall (WAF) on Azure Front Door brings together assurance to your web applications. WAF on Front Door is a worldwide and centralized solution. It’s deployed on Azure network edge locations around the world. WAF enables web applications review on every incoming request conveyed by Front Door at the network edge. 

WAF protects from malicious attacks close to the attack sources, before they make entry into your virtual network. You get worldwide protection at scale without sacrificing performance. A WAF strategy effectively links to any Front Door profile in your subscription. New rules can be conveyed in practically no time, so you can react rapidly to changing threat patterns. 

It prevents malicious attacks close to the attack sources, before they enter the virtual network. A WAF policy simply links to any Front door profile. Also, new rules can be created within minutes. 

 

 

WAF policy and rules

A WAF policy could be built which could be associated to one or more Front Door front-ends for protection. There are two types of security rules: 

  • Custom rules that are configured by the customer. 
  • Managed rule sets that are a collection of Azure-managed pre-configured set of rules. 

If both rules are present, first the custom rule is processed before processing the rules in a managed rule set. A rule is made of a priority, match condition and an action. We can create fully customized policies which meet our application requirements. 

Rules are refined in a priority order. Precedence is a unique integer that defines the order of rules to process. Smaller integer values represent a higher priority and those rules are evaluated before rules with a higher integer value. Once a rule is matched, the corresponding action that was specified in the rule is put into the request. When such a match is handled, rules with lower needs aren’t processed further. 

WAF modes 

WAF policy can be designed to run in the accompanying two modes:

Detection mode: When run in detection mode, WAF doesn’t take some other activities other than monitoring and logs the request and its coordinated WAF rule to WAF logs. You could turn on logging diagnostics for Front Door. While making use of the portal, switch to the Diagnostics section. 

Prevention mode: In prevention mode, the specified action would be taken by WAF if a request matches a rule. If a match is detected, no further rules with lower priority are evaluated. The WAF logs records any matched requests too.

 

WAF Benefits

  • Protection

Protect the web applications from web vulnerabilities and attacks without modifying the back-end code. 

Able to create custom WAF policies for different sites behind the same WAF. 

At a time we can protect multiple web applications.

Able to protect the web applications from malicious bots. 

 

 

  • Monitoring 

We can easily monitor the attacks against the web application by using a real-time WAF log. This log is integrated with Azure Monitor tool to track WAF alerts and easily monitor trends.

 

 

  ● Customization

We can customize WAF rules and rule groups to suit your application requirements and eliminate false positives. 

Associate a WAF Policy for each site behind the WAF to allow for site-specific configuration. 

Create custom rules to suit the needs of the application. 

Conclusion

So, here you got the idea of what is Azure Front door and Azure Web Application Firewall. It is an important milestone in Azure. 

We have a dedicated support team for Azure and offer a wide range of services. We can assist you in implementing both these powerful Azure Tools in your ecommerce websites, video streaming sites and other content management systems.

Leave a Reply