Control: 7.14 Ensure request body inspection is enabled in Azure Web Application Firewall policy on Azure Application Gateway
Description
Enable request body inspection so that the Web Application Firewall evaluates the contents of HTTP message bodies for potential threats.
Enabling request body inspection strengthens security by allowing the Web Application Firewall to detect common attacks, such as SQL injection and cross-site scripting.
Remediation
Remediate from Azure Portal
- Go to
Application gateways. - Click the name of an application gateway.
- Under
Settings, clickWeb application firewall. - Under
Associated web application firewall policy, click the policy name. - Under
Settings, clickPolicy settings. - Check the box next to
Enforce request body inspection. - Click
Save. - Repeat steps 1-7 for each application gateway and firewall policy requiring remediation.
Remediate from Azure CLI
For each firewall policy requiring remediation, run the following command to enable request body inspection:
az network application-gateway waf-policy update --ids <firewall-policy> --policy-settings request-body-check=true
Default Value
Request body inspection is enabled by default on Azure Application Gateways with Web Application Firewall.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v500_7_14Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v500_7_14 --shareSQL
This control uses a named query:
select p.id as resource, case when (policy_settings -> 'requestBodyCheck')::bool then 'ok' else 'alarm' end as status, case when (policy_settings -> 'requestBodyCheck')::bool then p.name || ' request body inspection is enabled.' else p.name || ' request body inspection is disabled.' end as reason , p.resource_group as resource_group , sub.display_name as subscriptionfrom azure_web_application_firewall_policy as p left join azure_subscription sub on sub.subscription_id = p.subscription_id;