WAF custom rules for SAP

Question

Hi Experts,

Can you please suggest azure gateway WAF rules for internet facing SAP flori and Solman applications.

Answer 1

Hello @Vishu

Welcome to Microsoft Q&A Platform,

Azure WAF protects against the following web vulnerabilities:

SQL-injection attacks
Cross-site scripting attacks
Other common attacks, such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion
HTTP protocol violations
HTTP protocol anomalies, such as missing host user-agent and accept headers
Bots, crawlers, and scanners
Common application misconfigurations (for example, Apache and IIS)

More information:
https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules?tabs=owasp32

This is done through rules that are defined based on the OWASP core rule sets 3.2, 3.1, 3.0, or 2.2.9. WAF provides the capability to customize rules or create exclusions based on your needs. For that you'll have to perform some tests to avoid false positives and make sure that the potential threats are blocked successfully:
https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-configuration?tabs=portal
https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-portal

I hope this helps!

----------

Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.