![]() ![]() so we're going to setup a basic load balancer and then enable the WAF functionaility. So here's the thing, the WAF is part of the Azure Application Gateway product, which is actually a load balancer. ![]() If you don't have one already, you need somewhere to send the logs. Make no changes to Advanced Settings, skip the tags and hit create. We want the networking type to be Private as we're protecting this behind the WAF I'm going to create a new vNet to meet my planning above, you are welcome to accept the defaults if you like. We're going to pull an image vulnerables/web-dvwa from the public docker hub based on linux. The build takes a little while, so kick that off first. if you want to by-pass the WAF and access the App directly, plan yourself a 3rd network for a Virtual Windows box. Two networks will be needed, one for the Security Gateway and one for the Docker Web App, we'll then peer them together. Something like that should do the trick! Networking I still want to follow the region followed by a primary identifier approach. Here's a gotcha for Naming Conventions, in my last post I used hyphens, but container instances not allow that, so I'll have to plan a new way. Here's a basic picture of what we want to achieve.įor the Web Server, we're going to run Damn Vulnerable Web Application (DVWA) in an Azure Container Instance.Įverything will be deployed into a single resource group to make cleanup/delete easier at the end. I quite enjoyed my recent foray into setting up an example Azure Firewall, so he's a sequel! □Īs before, the post will be screenshot heavy but not all screenshots, the plan is to deploy a vulnerable web application behind the WAF in blocking mode so we can see basic exploits being blocked. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |