问题
I have a VNET with two App Services and one Windows VM in Azure. They are in the same VNET using VPN point-to-site.
I want to protect this environment with a WAF and have read that I can use Application Gateway WAF instead of the very expensive setup with App Service Environment and Barracuda.
Could anyone please explain how I can achieve this? The closest I have found is https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-application-firewall-portal .
回答1:
In case someone has the same question, starting from July 2017, the Azure Application Gateway with Web Application Firewall supports App Services deployed in the multi-tenant environment. As described here.
More information on how to configure it here.
回答2:
Support for Azure Web Apps as backend pool member is not currently supported on Application Gateway. However for App Service Environment (ASE) there is a workaround possible. Refer to this blog post - http://sabbour.me/how-to-run-an-app-service-behind-a-waf-enabled-application-gateway/
回答3:
You can use a NSG to lockdown the Internet calls and only allow calls from the AG to the ASE.
来源:https://stackoverflow.com/questions/42256501/configure-waf-application-gateway-in-front-of-app-services