If you’ve enabled Web Application Firewall support for your Azure Application Gateway, then WAF will automatically block malicious traffic that matches rules implemented by Azure. Blue Matador watches the BlockedCount metric and creates events when WAF rules are triggered.
WAF protects against the following web vulnerabilities:
- SQL-injection attacks
- Cross-site scripting attacks
- Other common attacks, such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion
- HTTP protocol violations
- HTTP protocol anomalies, such as missing host user-agent and accept headers
- Bots, crawlers, and scanners
- Common application misconfigurations (for example, Apache and IIS)
When malicious traffic is blocked by WAF, typically no further action is required. However, consider checking Azure Security Center for details on the attack or checking your Application Gateway logs in Azure Monitor.
