Azure Front Door WAF Disabled
- Query id: 835a4f2f-df43-437d-9943-545ccfc55961
- Query name: Azure Front Door WAF Disabled
- Platform: Terraform
- Severity: Low
- Category: Networking and Firewall
- CWE: 693
- URL: Github
Description¶
Azure Front Door WAF should be enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_frontdoor" "positive" {
name = "example-FrontDoor"
resource_group_name = azurerm_resource_group.example.name
enforce_backend_pools_certificate_name_check = false
routing_rule {
name = "exampleRoutingRule1"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["exampleFrontendEndpoint1"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "exampleBackendBing"
}
}
backend_pool_load_balancing {
name = "exampleLoadBalancingSettings1"
}
backend_pool_health_probe {
name = "exampleHealthProbeSetting1"
}
backend_pool {
name = "exampleBackendBing"
backend {
host_header = "www.bing.com"
address = "www.bing.com"
http_port = 80
https_port = 443
}
load_balancing_name = "exampleLoadBalancingSettings1"
health_probe_name = "exampleHealthProbeSetting1"
}
frontend_endpoint {
name = "exampleFrontendEndpoint1"
host_name = "example-FrontDoor.azurefd.net"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_frontdoor" "negative" {
name = "example-FrontDoor"
resource_group_name = azurerm_resource_group.example.name
enforce_backend_pools_certificate_name_check = false
routing_rule {
name = "exampleRoutingRule1"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["exampleFrontendEndpoint1"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "exampleBackendBing"
}
}
backend_pool_load_balancing {
name = "exampleLoadBalancingSettings1"
}
backend_pool_health_probe {
name = "exampleHealthProbeSetting1"
}
backend_pool {
name = "exampleBackendBing"
backend {
host_header = "www.bing.com"
address = "www.bing.com"
http_port = 80
https_port = 443
}
load_balancing_name = "exampleLoadBalancingSettings1"
health_probe_name = "exampleHealthProbeSetting1"
}
frontend_endpoint {
name = "exampleFrontendEndpoint1"
host_name = "example-FrontDoor.azurefd.net"
web_application_firewall_policy_link_id = "id"
}
}