Azure application gateway does not have WAF enabled

Description

WAF is a security feature that provides protection for web applications by inspecting incoming traffic and blocking malicious requests before they reach the application. When WAF is enabled on an Azure application gateway, it analyzes incoming traffic to the gateway and blocks requests that are determined to be malicious based on a set of rules. This can help to protect your application from a variety of threats, such as SQL injection attacks, cross-site scripting (XSS) attacks, and other types of attacks.

Code Example

resource "azurerm_application_gateway" "network" {
              ...
+             waf_configuration {
+               enabled = true
              }
            }

Remediation

Terraform

Resource: azurerm_application_gateway
Arguments: waf_configuration.enabled

Rule Details

Field	Value
ID	IAC-0627
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform,
Checkov ID	CKV_AZURE_120

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Azure application gateway does not have WAF enabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Azure application gateway does not have WAF enabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Azure application gateway does not have WAF enabled

Description

Code Example

Remediation

Rule Details

References