0
0
Azurecloud~10 mins

WAF with Application Gateway in Azure - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - WAF with Application Gateway
Client sends HTTP request
Application Gateway receives request
WAF inspects request
Threat?
Block/Alert
Backend processes request
Response sent back to Client
The Application Gateway receives client requests, the WAF inspects them for threats, blocks or alerts if threats are found, otherwise forwards to backend servers.
Execution Sample
Azure
1. Client sends HTTP request
2. Application Gateway with WAF inspects request
3. If threat detected, block request
4. Else, forward request to backend
5. Backend sends response
This flow shows how a request passes through the Application Gateway with WAF inspecting and deciding to block or forward.
Process Table
StepActionRequest ContentWAF DecisionResult
1Receive requestNormal HTTP GET /homeNo threat detectedForward to backend
2Backend processesRequest forwardedN/AResponse generated
3Send responseResponse from backendN/AResponse sent to client
4Receive requestHTTP POST with SQL injectionThreat detectedRequest blocked
5Block requestBlocked by WAFN/AClient receives block message
💡 Execution stops when request is either forwarded to backend or blocked by WAF.
Status Tracker
VariableStartAfter Step 1After Step 4Final
Request ContentNoneNormal HTTP GET /homeHTTP POST with SQL injectionBlocked or forwarded
WAF DecisionNoneNo threat detectedThreat detectedBlock or forward
ResultNoneForward to backendRequest blockedResponse sent or block message
Key Moments - 2 Insights
Why does the WAF block some requests but not others?
The WAF inspects the request content for threats like SQL injection. If it detects a threat (see execution_table step 4), it blocks the request; otherwise, it forwards it (step 1).
What happens to the request after the WAF forwards it?
After forwarding, the backend processes the request and generates a response (execution_table step 2), which is then sent back to the client (step 3).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the WAF decision at step 1?
AThreat detected
BRequest blocked
CNo threat detected
DResponse generated
💡 Hint
Check the 'WAF Decision' column for step 1 in the execution_table.
At which step does the WAF block the request?
AStep 3
BStep 4
CStep 2
DStep 1
💡 Hint
Look for 'Threat detected' and 'Request blocked' in the execution_table rows.
If the request content changes to a safe GET request, how does the WAF decision change?
AIt forwards the request
BIt blocks the request
CIt alerts but forwards
DIt ignores the request
💡 Hint
Refer to the WAF decision for normal HTTP GET in the execution_table step 1.
Concept Snapshot
WAF with Application Gateway inspects incoming web requests.
If a threat is detected, it blocks or alerts.
Safe requests are forwarded to backend servers.
This protects web apps from attacks like SQL injection.
WAF runs as part of the Application Gateway service.
Full Transcript
This visual execution shows how an Application Gateway with WAF works. When a client sends a web request, the Application Gateway receives it. The WAF inspects the request content for threats. If it finds a threat, like SQL injection, it blocks the request and sends a block message to the client. If no threat is found, the request is forwarded to the backend server. The backend processes the request and sends a response back through the gateway to the client. This protects web applications by filtering harmful requests before they reach the backend.