Bot Protection Available in Azure Web App Firewall – E Hacking News


Microsoft recently announced that WAF (Web Application Firewall) bot safety tool
has attained general availability status on Azure Application Gateway from this
week. Azure WAF is a cloud based feature built to safeguard client web
applications from bot attacks, general web vulnerabilities and common exploits,
including SQL injection, cross site scripting, security misconfigurations, and
broken authority and more. Azure WAF can be planted within minutes with Azure
Application gateway, Azure Content Delivery Network (CDN) and Azure front door.
Microsoft on Friday said that it is announcing the general availability of the
Web Application Firewall (WAF) bot protection feature on Application Gateway. 

The feature lets customers to control bot protection rule set for WAF to log
requests or restrict them from known harmful IP addresses. “Roughly 20% of all
Internet traffic comes from bad bots. They do things like scraping, scanning,
and looking for vulnerabilities in your web application. When these bots are
stopped at the Web Application Firewall (WAF), they can’t attack you. They also
can’t use up your resources and services, such as your backends and other
underlying infrastructure,” reports Microsoft.

The new bot protection rule can
be used with OWASP CRS (Core Rules Set) to give extra safety for web
applications. Because of this new rule that blocks bad bots, criminals can usi
ot for different malicious tasks which are resource consuming like scanning,
scraping, and looking out for exploits in web apps. When the bot protection rule
is implemented on Azure WAF via Application Gateway, bots that use known
malicious IPs retrieved from Microsoft Threat Intelligence feed are get
automatically restricted from accessing customer server resources or verifying
them on potential vulnerability gaps. “The bot mitigation ruleset list of known
bad IP addresses updates multiple times per day from the Microsoft Threat
Intelligence feed to stay in sync with the bots,” Microsoft said. 

“Your web applications are continuously protected even as the bot attack vectors
change,” reports Bleeping Computers. You can get more information on WAF on
Microsoft’s Azure Product Website. Bleeping Computers reports “the steps
required to configure a bot protection rule set include: Creating a basic WAF
policy for Application Gateway by following the instructions described in Create
Web Application Firewall policies for Application Gateway. In the Basic policy
page that you created previously, under Settings, select Rules. On the details
page, under the Manage rules section, from the drop-down menu, select the check
box for the bot Protection rule, and then select Save.”



Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *