Make Application Gateway WAF services available for non-ASE App Service plans
The Application Gateway and specifically WAF are useful even for simpler apps because of the OWASP and general security protections afforded.
App Service Environments are extremely costly compared to a loaded Standard S1 or Premium P1 App Service plan and the Application Gateway/WAF cannot be used without the ASE.
While there are WAF solutions provided by 3rd parties it would be great if the Azure solution used for ASE's was also available for standard App Service plans.
Thank you for voting on this ticket and providing all the feedback. Application Gateway can now be used with multi-tenant App Service. Also, you can now use Service Endpoints to further restrict access to your multi-tenant App Services. Please see the documentation below for more information.
Further to @KWilson's post, you can set up an AGW/WAF in a separate RG to your Web Apps and route them all through the WAF. There is a limit of 20 (I think?) listeners so you can use the one AGW/WAF with multiple WebApps to reduce cost.
@Peter, any update when the new features for security will be released for webapps(Non-ASE)?
FYI the Application Gateway WAF can support regular APP Service Plans: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-overview.
Adam Caulkett commented
Just adding a vote for this :)
We would like to have the protections provided by the WAF (eg. monitoring of request according to rules) for Web Apps directly. Is this a planned feature?
Setting up an Application Gateway for only the WAF is quite expensive.
Sean G. Wright commented
Thanks! I looked over the documentation you linked when it was first made available. My company is looking forward to using this approach for some of our clients.
Are the additional improvements related to exposing this configuration through the portal?
Rune Synnevåg commented
Is is a requirement that the web app is App Service Environment to use the application gateway?