Request a web application firewall for Managed Cloud

Abstract

Learn about the benefits of using a web application firewall with Managed Cloud.

As a Managed Cloud customer, you can use a web application firewall (WAF) to securely use all the features of Azure Application Gateway. This means that after you have set up WAF, the Continuous Deployment Azure Web App will only accept incoming traffic from Public IP (PIP) addresses and will no longer be available by direct URL. However, you can change the default rule or add new rules to restrict or redirect incoming traffic based on an IP or URL.

If you are a Managed Cloud customer, interested in setting up WAF, you must work through the following process:

  1. Refer to the Managed Cloud Standard Service Catalog for on-demand requests.

  2. Use the Sitecore Support Portal to request that Sitecore set up WAF for your solution.

  3. Provide a valid SSL certificate to Sitecore Cloud Operations (SCO).

    • SCO creates a virtual network in a resource group in Azure.

    • SCO deploys a Continuous Deployment Azure Web App in the virtual network.

    • SCO creates an application gateway and a PIP.

    • SCO implements a rule in Application Gateway that only allows traffic to the Continuous Deployment Azure Web App from a PIP.

  4. If you have a canonical name record (CNAME) associated with the Continuous Deployment Azure Web App, then you must also associate the CNAME with the PIP.

Note

Consider both the benefits and limitations of a WAF deployment when you are using Application Gateway to secure your Content Delivery (CD) server, specifically:

  • WAF requires a valid SSL certificate, otherwise when you visit the CD server URL you will receive the following error, Certificate Error: "Untrusted certificate".

  • WAF introduces additional costs to your Managed Cloud subscription.