1. Is there any way of configuring FrontDoor/WAF to stop brute-attacks with Global Rate Limit or some other way?
2. If we can not stop brute-attacks via FrontDoor/WAF, then what is Microsoft's offer to apply those logic, configurations?
- Azure Application Gateway?
- DNS provider DDoS configurations?
- Any other way?
and more details about the questions above;
I've successfully set up FD (classic) for one of our Azure web-app. (1) and added a custom domain (2), also enabled the WAF for the web-app protection (3). I can confirm the process with those steps (please correct me if my confirmation process is wrong);
nslookupfor the CNAME for the custom domain that connects us to the Azure web app and it points out the FrontDoor default host/endpoint.
I do request to domain and I can see the request count on FrontDoor (classic) metrics.
Similarly, I can see the same request count on the Azure web-app metrics! Which is the question of this post!
So, as I've explained above, interestingly I can see all requests goes from FrontDoor on the metrics of my web app. Basically, we need the FrontDoor to avoid any brute-attack on the custom domain which connects us to the Azure web app. I had researched how to configure WAF with
Prevention policy mode and custom rules more in deep (4) and applied all samples also some individual configurations from my own.
I had keep tried some basic brute-attacks by myself to the web-app service and all the requests were passing through Frondoor and then received by the web app. Below you'll find some metrics screenshot which shows the same requests on both FrontDoor metrics page and Web-app Application Insight metrics.
Meanwhile, I had keep searching for how to setup WAF in a better way and find out two articles from Azure customer/users which says "There is no any Global Rate Limit" configuration for the Azure WAF and FrontDoor. Article writers say the information comes from the Azure support team. (5)
Thus, I wanted to ask the two questions above to you, so you can clear the situation and show the correct path to us/customers/users about WAF and Global Rate Limits or stopping the brute-attacks.
Thanks for your time and answers.
(1) I've followed this article to setup FrontDoor (classic)
(2) I've followed this article to add a custom domain on FrontDoor (classic)
(3) I've followed those articles to configure WAF on FrontDoor (classic)
(4) I've followed those articles to configure custom rules for WAF
(5) The articles that mentions about there is no any Global Rate Limit on WAF