Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

secure application through WAF

Go to solution
THE_BLUE
Cirrostratus
Cirrostratus

‎10-May-2021 03:36

is it practical to secure application like Office 365 through WAF ?

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Daniel_Wolf
MVP
MVP
In response to THE_BLUE

‎10-May-2021 11:46

Ah, I did not understand this from your initial question.

So you have a web application that is interacting with O365, but the web application is internet facing? In that case should could limit access to only known O365 public IP addresses. Check out this git repo: https://github.com/brett-at-f5/f5-office365-ip-url-automation

Probably you can create an iRule to block access if the traffic is not coming from O365 source IP addresses.

Or you can secure your web app with AdvWAF.

Or a combination of both.

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
Daniel_Wolf
MVP
MVP

‎10-May-2021 04:49

Hi BLUE,

 

my short answer is NO. And the explanation is: Microsoft is taking care of that already (I never thought I'd ever say this... 😁 ). Any kind of SaaS application should be protected by the vendor and not by the customer. It's running in their datacenters, they must protect it.

 

KR

Daniel

0 Kudos

Go to solution
THE_BLUE
Cirrostratus
Cirrostratus
In response to Daniel_Wolf

‎10-May-2021 11:36

😂

Hi Daniel,

so basically if i have web application that integrated with sth same as Office 365 , no need to be secured by WAF .

Clear , thanks.

 

0 Kudos

Go to solution
Daniel_Wolf
MVP
MVP
In response to THE_BLUE

‎10-May-2021 11:46

Ah, I did not understand this from your initial question.

So you have a web application that is interacting with O365, but the web application is internet facing? In that case should could limit access to only known O365 public IP addresses. Check out this git repo: https://github.com/brett-at-f5/f5-office365-ip-url-automation

Probably you can create an iRule to block access if the traffic is not coming from O365 source IP addresses.

Or you can secure your web app with AdvWAF.

Or a combination of both.

0 Kudos

Go to solution
THE_BLUE
Cirrostratus
Cirrostratus
In response to THE_BLUE

‎10-May-2021 11:50

OK , NOW it's clear .

Many thanks

0 Kudos
Copyright © 2023 Khoros, LLC