Script to check Azure Front Door WAF for insecure RemoteAddr variable
Azure Front Door WAF has an option to perform "IP Matching" with the RemoteAddr variable. If configured this way, the WAF is vulnerable to bypass by supplying an X-Forwarded-For header with an appropriate (approved) IP address.
- Connect to Azure Portal
- Open CloudShell and upload the script
- Run the script.
Thanks to @AdmiralGold for code contributions!
There is also a version of this available as the Check-FrontDoorWAF function in GraphRunner (https://github.com/dafthack/GraphRunner)