Ensure Azure Web Application Firewall Policy is enabled

MEDIUM

Description

Azure Web Application Firewall Policy is disabled. This may leave applications open to security threats.

Remediation

In Azure Console -

Open the Azure Portal and go to Web Application Firewall policies.
Select the WAF policy that you wish to edit.
Under Settings, select Policy Settings.
Set Inspect request body to On.

In Terraform -

In the azurerm_web_application_firewall_policy, set policy_settings.enabled to true.

References:
https://learn.microsoft.com/en-us/azure/web-application-firewall/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/web_application_firewall_policy#policy_settings

Policy Details

Rule Reference ID: AC_AZURE_0351

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_web_application_firewall_policy

Resource Category: Virtual Network

Resource Type: Security Group

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2