Share via

Action Plan WAF azure Detection Mode to Prevention Mode

Azuriste Azuriste 45 Reputation points
2023-05-06T15:02:53.02+00:00

Hello ,

i have a project to shift from Azure WAF Detection mode to Prevention mode .
My question : what i should plan before do this shift because some impacts maybe will be happen after this .

Regards

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,563 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,217 questions
Azure Web Application Firewall
Microsoft Security | Microsoft Sentinel
0 comments
Accepted answer
  1. JimmySalian-2011 42,526 Reputation points
    2023-05-06T16:32:59.3+00:00

    Hi,

    I will suggest you to review the firewall logs and check all the app ports are open and allowed access as per the requirements, also you will need to setup custom and any exceptions before you change it to Prevention mode. This can help reduce the occurrence of unexpected blocked traffic.

    I will suggest you to carry out this change out of hours and over weekend to reduce the impact to live users, this is as per personal experience.

    Please don't forget to upvote and Accept as answer if the reply is helpful

    If this answer helped you please mark it as "Verified" so other users can reference it.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Azuriste Azuriste 45 Reputation points
    2023-05-06T16:40:25.3933333+00:00

    could you help to follow any video or document or any support to help me ?

    Thanks

    0 comments
  2. Konstantinos Passadis 19,596 Reputation points MVP
    2023-05-06T16:50:17.0033333+00:00

    Hello @Azuriste Azuriste

    In addition to @JimmySalian-2011

    Read the Docs

    https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/best-practices

    Review your existing WAF rules and configurations:

Take a look at your existing WAF policies and ensure they are up-to-date and optimized for the latest threats. Consider disabling any rules that are not being used or are not applicable to your application.

Plan the migration:

Create a detailed migration plan that outlines the steps involved in switching from detection to prevention mode. This plan should include a timeline, testing procedures, and a rollback plan.

Test the migration:

Before moving to prevention mode, conduct thorough testing of your application to ensure that the WAF policies are working as expected. Test various scenarios to identify any potential issues that may arise.

Monitor the application after the migration:

After the migration, monitor your application's performance closely to identify any issues that may arise. Set up monitoring tools to keep an eye on application performance, traffic patterns, and potential attacks.

Train your team:

Provide training to your team members on the new prevention mode and its features. Make sure they understand how to configure and manage the new policies, and how to identify and respond to potential attacks.

Have a rollback plan:

In case of any issues, have a well-defined rollback plan to switch back to detection mode.

    I hope this helps!

    The answer or portions of it may have been assisted by AI Source: ChatGPT Subscription

    Kindly mark the answer as Accepted and Upvote in case it helped or post your feedback to help !

    Regards

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.