Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 days ago.
Improve this question
I have an API Management instance provisioned, not within a virtual network (due to a cost constraint).
I am wanting to front API Management with Application Gateway to take advantage of the Web Application Firewall. Is this possible? I'm struggling to find any documentation that supports this (or similar) scenario.
I have routed traffic to a backend pool which points to the APIM FQDN to no success (502 errors).
APIM will use IP filtering to prevent non-AGW traffic from accessing the APIs.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 2 years ago.
Improve this question
We would like to secure the connection to the Azure Portal from home because we are login every day to Azure Portal with very high privileged accounts.
We have already activated the MFA but we are not sure if it ’s enough and would like to add more security.
Does Azure have any VPN or certificate to allow only our company computers to login to our Azure Portail?
I believe what you are looking for is Continuous access evaluation. With that your company can set it up so that only the IP addresses of the company owned computers are allowed to access the tenant. It is currently in public preview.
According to the announcement it looks like Azure is not available yet but is coming in the future.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I was looking into to how import an API hosted locally/on-premise withing a internal network.
I found Microsofts documentation on: "Using Azure API Management service with an internal virtual network", but the prerequisites for that (as i understood it) was to either have a Developer or Premium tier on the APIM Resource.
As we want to be able to use the APIM in production environment we cant use the Developer tier and Premium is not profitable at this moment.
What i want to do is to be able to expose the on premises API's endpoints by proxying the endpoints via API Management.
Is there any other ways of doing this?
There are a couple of alternatives you could consider to exposing on-premises data, taking into account that the other tiers of APIM can access resources on the internet.
Application Gateway + VPN Gateway
App Service + Hybrid Connection
Logic Apps + On-Premise Data Gateway
With these setup, you could set these up as backends to APIM.
Also, you would want to protect these services from the public internet by setting up one or more of the following
IP Restrictions, if available for the service
Mutual Certificate Authentication
OAuth / Managed Identity
Also, there is a feature request for supporting Hybrid Connections directly in APIM which you could up vote for it to gain traction.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I have a VNET with two App Services and one Windows VM in Azure. They are in the same VNET using VPN point-to-site.
I want to protect this environment with a WAF and have read that I can use Application Gateway WAF instead of the very expensive setup with App Service Environment and Barracuda.
Could anyone please explain how I can achieve this? The closest I have found is https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-web-application-firewall-portal .
In case someone has the same question, starting from July 2017, the Azure Application Gateway with Web Application Firewall supports App Services deployed in the multi-tenant environment. As described here.
More information on how to configure it here.
Support for Azure Web Apps as backend pool member is not currently supported on Application Gateway. However for App Service Environment (ASE) there is a workaround possible. Refer to this blog post - http://sabbour.me/how-to-run-an-app-service-behind-a-waf-enabled-application-gateway/
You can use a NSG to lockdown the Internet calls and only allow calls from the AG to the ASE.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
Will Azure Websites support virtual network in the future. To enable an Azure Website to connect to VM:s and Cloud Services using a local ip within Azure instead of needing to open up the servers and services to everyone by using the public IP.
Is that something that's actively being developed or is such a feature way into the future. Or both.
i think feature has been there for a while, please checkout below article
https://azure.microsoft.com/en-us/blog/azure-websites-virtual-network-integration/
Quote:
Azure Websites is happy to announce support for integration between
your Azure VNET and your Azure Websites. While you cannot place your
Azure Website in an Azure VNET, the Virtual Network feature grants
your website access to resources running your VNET. This includes
being able to access web services or databases running on your Azure
Virtual Machines. If your VNET is connected to your on premise network
with Site to Site VPN, then your Azure Website will now be able to
access on premise systems through the Azure Websites Virtual Network
feature. This feature is currently in Preview and will continue to be
improved on the road to GA.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am doing some preliminary research on Windows Azure. The idea is to move 200+ ASP classic websites to Windows Azure. I am wondering if this is possible and feasible? Can I host that many websites on a single VM? Also note that each website needs to have its own set of email addresses.
There's absolutely no reason why you couldn't host all those sites on Azure VM (assuming you're talking about the preview Virtual Machine functionality). You get your own isolated machine, with its own IIS and IP. What you put on it is up to you, but it's no different than getting a VPS from any other company (rackspace etc.).
Obviously this is assuming that your sites are not very resource heavy and the memory etc. you get with different VM sizes can support the use.
Marek's answer isn't wrong, but please don't use "Virtual Machines" for this, and instead use Cloud Services (specifically, a web role). A web role lets you deploy just your code (in this case: websites) without having to mess with managing a full VM.
In short, PaaS is better than IaaS, as long as your app fits the model (which IIS-based websites do in Windows Azure).
I don't know what "each website needs to have its own set of email addresses" means or how it relates.