Application gateway does not use WAF in Detection or Prevention modes
Description
WAF has two modes: Detection and Prevention. In Detection mode, WAF analyzes incoming traffic to the application gateway and logs any requests that are determined to be malicious based on a set of rules. This can help you to identify potential security threats and take appropriate action to protect your application. In Prevention mode, WAF analyzes incoming traffic to the application gateway and blocks any requests that are determined to be malicious based on a set of rules. This can help to prevent malicious requests from reaching your application and potentially causing damage.
Code Example
go
resource "azurerm_web_application_firewall_policy" "example" {
...
policy_settings {
+ mode = "Prevention"
request_body_check = true
file_upload_limit_in_mb = 100
max_request_body_size_in_kb = 128
}Remediation
Terraform
- Resource: azurerm_web_application_firewall_policy
- Arguments: policy_settings.enabled + policy_settings.mode
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0629 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_122 |