Microsoft Azure Managed WAF IaaS Manual Installation

Manual installation of Managed WAF requires you to: :

  1. Deploy the Managed WAF appliance
  2. Activate the Managed WAF appliance

After you install Managed WAF, you will need to contact Alert Logic Onboarding for additional set up assistance.

After you activate the appliance, perform the following procedures to enable Managed WAF to protect your online assets.

  1. Identify websites to be protected.
  2. Test the website proxy.
  3. Route traffic through Managed WAF.

Deploy the Managed WAF appliance

  1. Log in to the Azure portal.
  2. Click Virtual Machines.
  3. Click + Add.
  4. In the search field, type Alert Logic Web Security Manager - BYOL, and then click the entry when it appears.
  5. Under Select a deployment model, select Resource Manager, if not already selected.
  6. Click Create.
  7. Enter the following:
    • Name: A name for the virtual machine
    • VM disk type: HDD
    • User Name: Create a valid user name
    • Authentication type: Password
    • Password: Create a valid password
    • Resource group: Either create a new one or use an existing one
Though Azure requires you to complete the User Name and Password fields, Alert Logic does not use this information.
  1. Click OK.
  2. Select one of the recommended sizes for the virtual machine.
  3. Click Select.
  4. Review the settings, scroll down to Monitoring, and then select Disable for both Boot diagnostics and Guest OS diagnostics.
  5. Click OK.
  6. Review the summary, and then click OK.
  7. Review the Offer details and then click Purchase.

The deployment process takes 15 to 20 minutes to complete. Deployment is successful when the screen refreshes and the deployed virtual machine appears.

Activate the Managed WAF appliance

  1. Copy the Public IP address of the Managed WAF virtual machine.
  2. Open a new browser window, and navigate to https://[Public IP address]:4849.
  3. When the warning window appears, click Advanced, and then click Proceed to [Public IP address].
The details of this step vary, depending on the browser you use, but you must navigate past the warning to the public IP address.
  1. On the Managed WAF Activation screen, copy and paste in your License key and the [Public IP address] for the virtual machine.
Type only the public IP address for this virtual machine. If you type the wrong IP address, or no IP address, this procedure cannot complete, and you must call Alert Logic Technical Support to correct the issue.
Each Public IP address may be licensed only once. If you must repeat this process, you must use a new, unique public IP address.
  1. Click Activate.
  2. On the Managed WAF license agreement page, click I agree to the above license terms.
If you are not automatically redirected to the Alert Logic console, type the URL into your browser and log in.
  1. In the Alert Logic console, click CONFIGURATION, click WAF, and then click Appliances.
  2. In the list, scroll down to [Public IP address], and then click Manage Appliance for [Public IP address].
  3. Contact Alert Logic Onboarding to schedule a Service Orientation.
If you set up a second or later Managed WAF in the same data center, the appliance should be in the same subnet as the original deployment.

Identify websites for protection

After you deploy Managed WAF, you must identify the websites to protect. To identify website, you must perform the following steps:

  1. Access the Add Website page
  2. Modify the virtual web server section
  3. Modify the real web servers section
  4. Modify the Initial configuration section

Step 1: Access the Add Website page

To access the Add Website page: 

  1. In the Alert Logic console, click CONFIGURATION, click WAF, and then click Appliances.
  2. Find the virtual appliance to which you want to add the website, and then click Manage Appliance.
  3. In the navigation pane, under Services, click Websites.
  4. On the Websites page, click Add Website.

Step 2: Modify the virtual web server section

Use the Add Website page to add the website(s) you want to protect. Managed WAF deploys in reverse proxy mode. In reverse proxy mode, Managed WAF terminates requests, and proxies the requests to the backend web server.

To modify the virtual web server section:

  1. On the Add Website page, from the Web Server Protocol list, select one of the following:
    • HTTP: This option creates a website proxy that responds to HTTP requests.
    • HTTPS: This option creates a website proxy that responds to HTTPS requests. Selection generates a temporary SSL certificate.
    • Both: This option creates a website proxy that responds to HTTP and HTTPS requests. Selection generates a temporary SSL certificate.
  2. In Web server domain name, type the URL of the website you want to protect.
  3. In HTTP(S) listen port, type the port. The default ports are:
    • HTTP: 80
    • HTTPS: 443
If you selected Both from the Web Server Protocol list, both the HTTP and HTTPS boxes are available under HTTP(S) listen port.
  1. Select Default Host for listen IP.
When you enable this option, the virtual host responds to all requests for the virtual host not configured as the primary host name or as a virtual host for other proxies listening to the same IP address. The How to test your website proxy process assumes you selected this option. This behavior is convenient for testing, since it sends any request that is not a policy violation to the backend web server.

Step 3: Modify the real web servers section

Use the Real web servers section to identify any backend web server you want Managed WAF to protect.

To modify the Real web servers section:

  1. From the Real server protocol list, select the connection protocol you want Managed WAF to use for a backend web server.
    • If you want traffic to a backend web server(s) to be encrypted, select https or both.
    • If traffic does not require encryption, select http.
  2. Select Validate real servers if you want Managed WAF to send an HTTP request to the backend web server to verify it responds to HTTP requests.
Clear the check box if the backend web server is not yet running.
  1. In Real server IP or public domain name, type the private IP address or DNS name on which the web server is listening.
  2. In Port, type the port to which the web server is listening. The default ports are:
    • HTTP: 80
    • HTTPS: 443
  3. From the Role list, select one of the following:
    • Active: Managed WAF forwards requests to the backend web server.
    • Backup: Managed WAF forwards requests to the backend web server only if no other servers are active.
    • Down: Managed WAF does not forward requests to the backend web server.

Step 4: Modify the Initial configuration section

To modify the initial configuration section:

  1. Under Initial configuration, select WAF Default, if not already selected..
You can return to this option if you need to make changes.
  1. Click Save Configuration, and then click Apply changes.

Test your website proxy

You must test your website proxy to verify Managed WAF can connect to the backend web server.

Before you start this procedure, you must configure your website to be used as the default virtual host for the listen IP, and your website proxy must be in Detect mode.

To test your website proxy, complete the following steps:

  1. Edit the local hosts file.
  2. Test for initial connectivity.
  3. Test in Detect mode.
  4. Test in Protect mode.

Step 1: Edit the local hosts file

Edit the local hosts file to test traffic routed from the host provider through Managed WAF. This step simulates reconfiguring NAT rules or making a host provider DNS change on the local computer, and allows you to test Managed WAF prior to making a permanent NAT or DNS change.

To edit your local hosts file:

  1. Locate your hosts file. The host file can typically be found in the following locations:
    • For Windows computers: %SystemRoot%\system32\drivers\etc\hosts
    • For Unix, Linux, or MacOS computers: /etc/hosts
  2. Copy your original hosts file, and save it to another location.
  3. Edit the hosts file and route the host provider (www.example.com) through the Managed WAF web application firewall (WAF) listen IP address (192.0.43.11).
  4. Save the hosts file.
After you complete testing, replace the edited hosts file with the original hosts file.

Step 2: Test for initial connectivity

To test for initial connectivity: 

  1. Open your web browser and navigate to [Public IP address].
  2. Press Enter.

Though the browser opens the default website for your real web server, the test will not affect production traffic.

Step 3: Test in Detect mode

To test in Detect mode: 

  1. Open your web browser and navigate to [Public IP address]/?x=a%00.
  2. Press Enter.

The browser opens the default website for your real web server, and the simulated DOS attack should be registered on the Deny log as a DOS attempt.

  1. On the Websites page, in the main menu, point to Log, and click Deny Log.
To view details of a Deny log entry, click the Details icon.

Step 4: Test in Protect mode

To test Protect mode:

  1. Open the Websites page.
  2. Select Protect in the Mode list for the website you want to test.
  3. Open your web browser and navigate to [Public IP address]/?x=a%00.
  4. Press Enter.

The browser displays a 404 error message, and an attack registers in the Deny log as a DOS attempt.

After you complete testing, replace the edited hosts file with the original hosts file.

Route traffic through Managed WAF

After you test your website proxy, reconfigure NAT rules or make a host provider DNS change to route traffic to Managed WAF permanently. DNS changes may take several days to propagate properly through the Internet domain servers.

Related topics