I run a number of App Service MVC Asp.Net web applications. I think it would be a good idea to add a WAF to the front the App Service website to enable OWASP protection as well as more visibility on suspicious attacks. Also I would want this to be linked into Azure Security Centre.
As far as I can see this is not a problem with VM websites, but with App Service websites I have seen SO comment (April 2017) about how this may not be supported. Although this information may be outdated now.
1) Am I just trying to replace existing threat detection features that is built into App Services, so adding a WAF is not required?
2) If required, is App Service WAFs supported, and especially linked to Azure Security Centre.
3) If required and possible, then any pointers please?
By the way, I have considered the use of Cloudflare as a WAF wrapper around Azure which looks interesting, but intitially wanted to check out Azure functionality to start with.
Thanks.
