Brute force attack protection by managed rules of Azure WAF

WinTechie 281 Reputation points
2022-10-05T15:07:16.14+00:00

Hi,

I am trying to determine if there is any managed ruleset from OWASP 3.2 which can detect brute force attack (random dictionary inputs) and protect backend applications accordingly.
I do have IIS based site behind App GW with WAF2 (listener specific waf policy in prevention mode), I tried sending some request with commonly used username and password (this authentication pop-up was presented by windows IIS)

When I queried Application gateway firewall logs using KQL, I did not find anything logged.

Azure DDos Protection
Azure DDos Protection
An Azure service that provides defense against distributed denial-of-service (DDoS) attacks.
63 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
957 questions
Azure Web Application Firewall
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 47,416 Reputation points Microsoft Employee
    2022-10-06T12:56:37.827+00:00

    Hello @WinTechie ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know if there is any Azure WAF managed ruleset from OWASP 3.2 which can detect brute force attack.

    There is no separate ruleset specifically designed for brute force attack. However, there is a managed bot protection ruleset that you can enable to block or logs requests from known malicious IP addresses. The IP addresses are sourced from the Microsoft Threat Intelligence feed. Intelligent Security Graph powers Microsoft threat intelligence and is used by multiple services including Microsoft Defender for Cloud.
    Refer : https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/bot-protection-overview

    You can use the Bot Protection ruleset alongside any of the OWASP rulesets with the Application Gateway WAF v2 SKU. Only one OWASP ruleset can be used at any given time.

    Azure WAF also provides a rate limiting option but it is only available with Azure Front Door WAF. You can set a rate limit rule for Azure Front Door using WAF rate limit rule that controls the number of requests allowed from clients to a web application. Please be aware that rate limits are applied for each client IP address. If you have multiple clients accessing your Front Door from different IP addresses, they will have their own rate limits applied.
    Refer : https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments