Ensure Azure application gateway has WAF enabled

Error: Azure application gateway does not have WAF enabled

Bridgecrew Policy ID: BC_AZR_NETWORKING_37
Checkov Check ID: CKV_AZURE_120
Severity: LOW

Azure application gateway does not have WAF enabled


WAF is a security feature that provides protection for web applications by inspecting incoming traffic and blocking malicious requests before they reach the application. When WAF is enabled on an Azure application gateway, it analyzes incoming traffic to the gateway and blocks requests that are determined to be malicious based on a set of rules. This can help to protect your application from a variety of threats, such as SQL injection attacks, cross-site scripting (XSS) attacks, and other types of attacks.

Fix - Buildtime


  • Resource: azurerm_application_gateway
  • Argument: waf_configuration.enabled
resource "azurerm_application_gateway" "network" {
+             waf_configuration {
+               enabled = true