Ensure Azure front door has WAF enabled

Error: Azure front door does not have WAF enabled

Bridgecrew Policy ID: BC_AZR_NETWORKING_38
Checkov Check ID: CKV_AZURE_121
Severity: MEDIUM

Azure front door does not have WAF enabled

Description

WAF is a security feature that provides protection for web applications by inspecting incoming traffic and blocking malicious requests before they reach the application. When WAF is enabled on an Azure Front Door, it analyzes incoming traffic to the front door and blocks requests that are determined to be malicious based on a set of rules. This can help to protect your application from a variety of threats, such as SQL injection attacks, cross-site scripting (XSS) attacks, and other types of attacks.

Fix - Buildtime

Terraform

  • Resource: azurerm_frontdoor
  • Argument: web_application_firewall_policy_link_id
resource "azurerm_frontdoor" "example" {
              ...
+             web_application_firewall_policy_link_id = "this_is_id"
              ...
            }