App Gateway does not use OWASP 3.x rules Affecting Network service in Azure

Snyk CCSS

Network / Settings

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

Snyk ID SNYK-CC-00486
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Out-of-date OWASP rules might not protect as effectively as more recent rule sets.

How to fix?

Set properties.webApplicationFirewallConfiguration.ruleSetType to OWASP and properties.webApplicationFirewallConfiguration.ruleSetVersion to 3.2.

ARM

applicationgateways

Terraform

Resource: azurerm_application_gateway

References

What is Azure Web Application Firewall on Azure Application Gateway?
Microsoft.Network applicationGateways

App Gateway does not use OWASP 3.x rules Affecting Network service in Azure

Severity

Description

How to fix?

ARM

Terraform

References