如何将 WAF 策略应用到 Front Door?

huangapple go评论77阅读模式
英文:

How to apply WAF policy to Front door?

问题

我在Azure门户中创建了以下资源:

  1. 函数应用(用于从BD读取数据并获取响应的API)
  2. API管理服务(用于处理基本API安全性)
  3. Front Door和CDN配置文件(用于增强API安全性)
  4. Front Door WAF策略(用于应用特定安全规则)

问题是如何将创建的WAF策略(项目4)应用到Front Door(项目3),因为在Front Door->Front Door和CDN配置文件中无法选择WAF策略?它显示'当前订阅中没有现有策略'。

请参见以下两个屏幕截图:

如何将 WAF 策略应用到 Front Door?

如何将 WAF 策略应用到 Front Door?

我尝试在不同的设置/套餐中创建Front Door,但没有成功。

英文:

I have created the following resources in Azure portal:

  1. Function App (API to read data from BD and retrieves responses)
  2. API Management service (to handle basic API security)
  3. Front Door and CDN profiles (to make API security better)
  4. Front Door WAF policy (to apply specific security rules)

Question is how to apply created own WAF policy (item 4) into Front door (item 3) as WAF policy cannot be selected in Front door->Front Door and CDN profiles? It says 'No existing policies in the current subscription'.

Pease see two print screens:

如何将 WAF 策略应用到 Front Door?

如何将 WAF 策略应用到 Front Door?

I tried to create Front Door in different settings/offerings but no success.

答案1

得分: 0

借助Azure支持团队的帮助,已找到以下解决方案。在Azure中创建Web应用程序防火墙资源时,需要应用以下设置:

  • 基本选项卡:
    • Policy for: Classic !!!非常重要!!!
    • Policy name: 选择一个名称
    • Policy mode: Prevention
  • 管理规则:选择您首选的默认规则集
  • 关联:
    • 单击关联前端门户配置文件,选择您之前创建的FD,即some-name.azurefd.net

这将将WAF策略应用于前台。

英文:

With help of Azure support team, the following solution has been found. When creating Web Application Firewall resource in Azure, the following settings needs to be applied:

  • Basic tab:
    • policy for: Classic !!!VERY IMPORTANT!!!
    • policy name: choose some name
    • policy mode: Prevention
  • Managed rules: select your preferred Default rule set
  • Association:
    • click Associate a Front Door profile and select FD you created earlier i.e. some-name.azurefd.net

That should apply WAF policy to Front desk.

答案2

得分: -1

检查您选择的层级,以添加现有的WAF策略,这些策略是否也创建在相同的层级(标准或高级)中。

我已创建了4个不同层级和类型的WAF策略:
3个策略属于前端门,并分别是经典、标准和高级全局策略。
1个策略属于区域(应用网关)WAF策略。

  • 经典全局WAF策略仅在Azure前端门(经典)资源创建中可见。
  • 根据您的层级选择,标准和高级全局WAF策略仅在Azure FD配置文件中可见。

更新的答案:

  • 在高级层级下创建了APIM服务,作为FD配置文件的主机来源。

标准FD和标准WAF策略

高级FD配置文件与高级WAF策略

使用Azure赞助订阅:

【图片链接】

【图片链接】

【图片链接】

英文:

Check the tier you have selected to add existing WAF Policies are also created in same tier (standard or premium)

如何将 WAF 策略应用到 Front Door?

I have created 4 WAF Policies of different tiers and types:
如何将 WAF 策略应用到 Front Door?
3 Policies belongs to Front Door and are of Classic, Standard and Premium Global Policies.
1 Policy belongs to Regional (Application Gateway) WAF Policy.

  • Classic Global WAF Policy is visible only in Azure Front Door (Classic) Resource creation.
  • Standard and Premium Global WAF Policies are visible only in Azure FD profiles based on your Tier Selection.

Updated Answer:

  • Created APIM Service in Premium Tier as a host origin to the FD Profile.

如何将 WAF 策略应用到 Front Door?
Standard FD & Standard WAF Policy:

如何将 WAF 策略应用到 Front Door?

Premium FD Profile with Premium WAF Policy:

如何将 WAF 策略应用到 Front Door?

Using Azure Sponsorship Subscription:

如何将 WAF 策略应用到 Front Door?

如何将 WAF 策略应用到 Front Door?

如何将 WAF 策略应用到 Front Door?

huangapple
  • 本文由 发表于 2023年3月3日 21:07:56
  • 转载请务必保留本文链接:https://go.coder-hub.com/75627466.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定