0

I understand that one can develop an App Service Environment, and put a WAF within it to protect an AppService.

What I'd like to know is:

  • whether there is a default WAF provided by Microsoft -- even if rudimentary -- in front of App Services that are not within an ASE.
  • if there wasn't one, or one wanted to put another one, can one actually put a WAF in front of a non-ASE AS (doesn't the AppService have a public IP that would always be available?)

Thank you!

PS: Any link to documentation that than can be referenced either way would be greatly appreciated.

user9314395
  • 407
  • 1
  • 4
  • 13
  • Just a general comment. Azure web app doesn't have a WAF defaultly. But Azure networking has its own protection system. That means, if you want to use WAF by yourself, you need to create ASE or use Application gateway to achieve it. – Wayne Yang Jun 11 '18 at 02:45
  • Thanks Wayne. Just confirming: so this article is for ASE, not AS? https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-powershell – user9314395 Jun 11 '18 at 03:22
  • Sorry wayne, just notice your had already covered this when you said "**or** use application gateway to achieve it". – user9314395 Jun 11 '18 at 03:50
  • If you use ASE, you can use NSG to associate with the VNET, if you don't use ASE, you can use Application gateway. Application gateway has WAF feature.:-) – Wayne Yang Jun 11 '18 at 04:27
  • Thanks Wayne. Do you know if the App Services has *some* form of protection without Application Gateway, or App Services is really more focused on providing an Isolated Web Instance and less about Protecting the app -- and you really need another Service (ie Gateway) for dealing with protecting the site? – user9314395 Jun 11 '18 at 04:51
  • More info on AG/WAF: https://stackoverflow.com/a/45603053/9314395 – user9314395 Jun 12 '18 at 22:27

0 Answers0