Homepage
About Snyk

Security Center default policy setting 'Monitor Web Application Firewall' should be enabled Affecting Security Center service in Azure

0.0
medium
0
10
    Severity Framework Snyk CCSS
    Rule category Monitoring / Operating System

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    CIS-Azure HIPAA SOC-2
  • Snyk ID SNYK-CC-00669
  • credit Snyk Research Team
Report a new misconfiguration Found a mistake?

Description

Security Center default policy setting 'Monitor Web Application Firewall' should be enabled. When this setting is enabled, it recommends that a web application firewall is provisioned on virtual machines when instance-level public IP is used and the inbound security rules for the associated network security group are configured to allow access to port 80/443, or when load-balanced IP is used and the associated load balancing and inbound network address translation rules are configured to allow access to port 80/443.

How to fix?

Set policyDefinitionId to /providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c, and set enforcementMode to Default or remove the attribute.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.Authorization/policyAssignments",
            "apiVersion": "2019-09-01",
            "name": "endpoint_669_allow",
            "properties": {
                "displayName": "Azure Web Application Firewall should be enabled for Azure Front Door entry-points",
                "description": "Deploy Azure Web Application Firewall (WAF) in front of public facing web applications for additional inspection of incoming traffic. Web Application Firewall (WAF) provides centralized protection of your web applications from common exploits and vulnerabilities such as SQL injections, Cross-Site Scripting, local and remote file executions. You can also restrict access to your web applications by countries, IP address ranges, and other http(s) parameters via custom rules.",
                "enforcementMode": "Default",
                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c"
            }
        }
    ]
}