Add a Firewall to Your Microsoft Azure Web Site

Microsoft has just announced that you can enable a web application firewall to your Azure web site.

Using ModSecurity, you can enable firewall rules to filter inbound and outbound HTTP/HTTPS requests.  This enables you to filter out unwanted traffic.

Enabling the new feature is easy – you just update your web.config.

<configuration>
<system.webServer>
<ModSecurity enabled=”true” configFile=”D:homesitewwwrootsecrules.conf” />
</system.webServer>
</configuration>

You can then supply a ModSecurity configuration file that prescribes your firewall rules.

Currently, ModSecurity module is available for all categories of Azure Websites including the free tier. The important thing to note however is that the module runs within your IIS worker process on Azure websites; so any throttles and restrictions that apply to your worker process are also applicable to ModSecurity. So for the free tier, there is a cap on CPU minutes per day consumption for your site, and these would apply to ModSecurity running in the worker process as well.