How to Configure Azure Virtual Server for a WAF to Use Appdome MobileBOT™ Defense
Introduction
Web Application Firewalls (WAFs) play a crucial role in protecting web applications from a wide range of cyber threats. When combined with Appdome’s MobileBOT™ Defense solution, businesses can achieve an unparalleled level of protection for their mobile applications. This article will guide you on configuring your Azure Virtual Server to connect to a WAF so it can work seamlessly with Appdome MobileBOT™ Defense.
Before delving into the steps, let’s understand some of the terms used:
MTLS (Mutual Transport Layer Security): Mutual TLS (mTLS) is a method for mutual authentication in which both parties in a network connection validate the SSL certificates presented by each other against a trusted root Certificate Authority (CA) certificate.
Client Certificate: In cryptography, a client certificate is a type of digital certificate that is used by client systems to make authenticated requests to a remote server.
Safe Session: Represents sessions that are determined to be safe or not at risk of any threat.
At Risk Session: Represents sessions that are potentially under threat or have detected anomalies.
Header Payload: The data transferred in the header of HTTP requests or responses. Protecting this data ensures that it cannot be tampered with during transit.
Prerequisites for Using Azure Virtual Server with Appdome-Protected Apps
In order to use the Azure Virtual Server in conjunction with Appdome, you’ll need:
- A configured and accessible Azure Virtual Linux Server
- An Android or iOS app secured by Appdome MobileBOT™ Defense
- An Appdome MobileBOT™ Defense License
How to Configure the WAF to Parse Safe Session and At Risk Session
When Appdome’s code is integrated into the Azure Virtual Server, it enhances the firewall’s capability to determine the validity of a session. To categorize sessions as “Safe Session” or “At Risk Session”, Appdome’s code analyzes specific headers within incoming requests: Timestamp, Nonce, and SignedMessage. The Timestamp header allows Appdome’s code to detect potential delay attacks by comparing the request’s timestamp with the server’s time. The Nonce, a unique random value, ensures the uniqueness of each request, protecting against replay attacks. The SignedMessage, typically an RSA-encrypted SHA256 hash of the timestamp, nonce, and a shared secret, ensures the integrity of the request.
Getting Started with Azure Virtual Server Setup and Configuration
Follow these steps to configure a Linux server on GCP and Azure, and launch a Docker container with open network settings.
Note: Make sure to replace placeholders such as YOUR_VM_NAME, your-docker-image, your-username, and your-vm-ip with your own custom values and preferences.
Setting up a Linux Server on Azure
- Create a Resource Group
- In the Azure portal, navigate to Resource groups.
- Create a new resource group to organize your resources.
To learn more about managing Resource Groups on Azure, please read this article.
- Create a Virtual Machine (VM)
- In the Azure portal, go to Create a resource -> Compute -> Virtual machine
- Configure your VM instance, including selecting the Linux distribution you prefer (e.g., Ubuntu, CentOS).
Note: Make sure to allow HTTP/HTTPS traffic when configuring the firewall rules.
- SSH into Your VM
Use SSH to connect to your VM:ssh your-username@your-vm-ip
Running a Docker Container on Azure
Inside your VM, install Docker:sudo apt-get update
To learn more, see the installation instructions for Installing Docker Engine on Ubuntu
Configure Appdome’s Docker Image
Related Articles:
- MobileBOT™ Defense
- How to Configure GCP to work with Appdome MobileBOT™ Defense
- How to Secure Android & iOS Apps in Azure DevOps Pipelines
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app defense easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.