Azurecloud~30 mins

WAF with Application Gateway in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

WAF with Application Gateway

📖 Scenario: You are setting up a secure web application in Azure. To protect it from common web attacks, you will configure a Web Application Firewall (WAF) using Azure Application Gateway.This project guides you through creating the necessary resources step-by-step.

🎯 Goal: Build an Azure Application Gateway with WAF enabled to protect your web app from threats.

📋 What You'll Learn

Create a resource group named MyResourceGroup

Create a virtual network named MyVNet with a subnet AppGatewaySubnet

Create an Application Gateway named MyAppGateway with WAF enabled

Configure the Application Gateway with a frontend IP, backend pool, HTTP settings, and listener

💡 Why This Matters

🌍 Real World

Web applications need protection from attacks like SQL injection and cross-site scripting. Azure Application Gateway with WAF helps secure apps by filtering malicious traffic.

💼 Career

Cloud engineers and security specialists use Application Gateway and WAF to build secure, scalable web infrastructures in Azure.

Progress0 / 4 steps

Create Resource Group and Virtual Network

Write Azure CLI commands to create a resource group called MyResourceGroup in eastus and a virtual network called MyVNet with address prefix 10.0.0.0/16 and a subnet named AppGatewaySubnet with address prefix 10.0.1.0/24.

Azure

# Your Azure CLI commands here to create resource group and virtual network

Need a hint?

Use az group create to make the resource group and az network vnet create to make the virtual network with subnet.

Create Public IP for Application Gateway

Write an Azure CLI command to create a public IP address named MyAppGatewayPublicIP in the resource group MyResourceGroup with SKU Standard and allocation method Static.

Azure

az group create --name MyResourceGroup --location eastus
az network vnet create --resource-group MyResourceGroup --name MyVNet --address-prefix 10.0.0.0/16 --subnet-name AppGatewaySubnet --subnet-prefix 10.0.1.0/24
# Your Azure CLI command here to create public IP

Need a hint?

Use az network public-ip create with the correct name, SKU, and allocation method.

Create Application Gateway with WAF Enabled

Write an Azure CLI command to create an Application Gateway named MyAppGateway in resource group MyResourceGroup with WAF_v2 SKU, WAF enabled, using the subnet AppGatewaySubnet in virtual network MyVNet, and the public IP MyAppGatewayPublicIP. Use capacity 2 and HTTP settings with port 80.

Azure

az group create --name MyResourceGroup --location eastus
az network vnet create --resource-group MyResourceGroup --name MyVNet --address-prefix 10.0.0.0/16 --subnet-name AppGatewaySubnet --subnet-prefix 10.0.1.0/24
az network public-ip create --resource-group MyResourceGroup --name MyAppGatewayPublicIP --sku Standard --allocation-method Static
# Your Azure CLI command here to create Application Gateway with WAF enabled

Need a hint?

Use az network application-gateway create with WAF_v2 SKU and enable WAF in prevention mode.

Configure Listener and Routing Rules

Write Azure CLI commands to create a listener named appGatewayHttpListener on frontend IP appGatewayFrontendIP and frontend port 80, and create a routing rule named rule1 that connects the listener to the backend pool appGatewayBackendPool with backend HTTP settings appGatewayBackendHttpSettings.

Azure

az group create --name MyResourceGroup --location eastus
az network vnet create --resource-group MyResourceGroup --name MyVNet --address-prefix 10.0.0.0/16 --subnet-name AppGatewaySubnet --subnet-prefix 10.0.1.0/24
az network public-ip create --resource-group MyResourceGroup --name MyAppGatewayPublicIP --sku Standard --allocation-method Static
az network application-gateway create --name MyAppGateway --location eastus --resource-group MyResourceGroup --sku WAF_v2 --capacity 2 --vnet-name MyVNet --subnet AppGatewaySubnet --public-ip-address MyAppGatewayPublicIP --http-settings-port 80 --http-settings-protocol Http --frontend-port 80 --frontend-ip-name appGatewayFrontendIP --backend-pool-name appGatewayBackendPool --backend-http-settings-name appGatewayBackendHttpSettings --waf-config-enabled true --waf-config-firewall-mode Prevention
# Your Azure CLI commands here to create listener and routing rule

Need a hint?

Use az network application-gateway http-listener create and az network application-gateway rule create to set up listener and routing rule.