Access application portal from internet - web

There is a portal which is currently accessible through intranet. Say, the request comes first to F5 (internal load balancer of the organization) then F5 to portal connection is established. Now, due to need, want to publish the portal in internet. Flow will be same like the request will land to F5 then F5 will forward request to the portal. Can anyone let me know what could be approaches to do this and what will be the best approach in such cases with minimal change.

you could do this with Access Policy Manager (APM) for BIG-IP if you have that licensing. This chapter on Web Access Management should achieve what you've described: https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-access-policy-manager-implementations/web-access-management.html#GUID-53DDB815-D109-4BE3-B30A-BD08FA6A2F4B

Related

Azure App Service Returns Error - Error 403 - Forbidden The web app you have attempted to reach has blocked your access

I am getting error while accessing the Azure App Service, can you help in resolving the issue ?
What setting to be applied to resolve the issue ?
Thanks in advance.
This error comes either
When the public access is not allowed on Azure App Service, if you have open public API.
The IP of your application with which you are calling the app service is not whitelisted.
If you have any gateway in between then that may also be blocking your calls.
Solutions to try:
Try removing the access restrictions from Networking page of your web app.
Try giving the access to all by adding 0.0.0.0/0. Later you can add restrictions based on your requirements.
The sequence of the restrictions matters, so please check that once. If you have any blocked call before any allowed call, then it may impact.
You can also have restrictions based on http-headers like X-Forwarded-For. Please check that once. This can happen from code as well, based on how you handle the errors. Link
If your API is behind the Gateway, then you can check this: Application Gateway integration with service endpoints
Are you the developer of this website?
If you are, please navigate to Networking page of your web app, check the Access Restrictions.
If you are not the developer, just contact your administrator and allow your ip to access this website.
For more information, see Azure App Service access restrictions.

Azure API Management "Could not complete the request. Please try again later."

Whenever I try to test an API (using the Test tab of the API blade) I get
Could not complete the request. Please try again later.
This has been happening on my API Management services for at least two hours.
I've created an additional API Management Service and another subscription (with its own APIM).
I'm on the Consumption tier (which has a 99.9% SLA) and the Azure Status Page is showing green across the board. My own personal dashboard (Service Health) is showing No service issues found.
This leads me to think it's something I've done.
How do I go about investigating this?
Solved. I was on a VPN which was changing the certificate.
I worked this out by going to the URL in Chrome (rather than requesting from the Azure Portal or Postman). Chrome told me that the connection was not secure which led me to realise it was the effect of the VPN.
This server could not prove that it is myapimservice.azure-api.net;
its security certificate is from *.myworkapimservice.azurewebsites.net.
This may be caused by a misconfiguration or an attacker intercepting your connection.

Does Azure App service communicate internally without going out through Application Gateway

I have Azure App Services behind the Azure Application Gateway/Firewall. There are few application that talks between them. Does that applications talk internally(using xxx.azurewebsites.net) or they talk with public domain(mydomain.com)?
Also, how to check these things in logs.
Current configuration:
HTTPSettings: Pick hostname from the backend address has checked.
Probes: pick hostname from backend https settings has checked.
To answer your question, No if your applications are inside azure's network, it usually wont go through the public domain. But it will go through the firewall/gateways and follow the same networking restriction you have defined.
What logs you want to check? if you want to see the application event logs you can do it using scm. You can access it via Diagnostics/Advanced Tools in your azure app services.
You can enable Access Logs in the Application gateway to see all the request that hits Application Gateway. It has the hostname field where you can check how the site is being accessed.
Let me know if you have any further questions.

Is Azure WebApp automatically rate limited / DOS protected?

I'm building a service that allows to enter activation keys in a desktop application, which will then call a web service to check the key and return a license. This call does not require authorization.
The web application is running as Azure "App Service". I'm afraid someone will be trying to "guess" activation keys and slow down my service. (I'm not afraid they will be able to correctly guess, they are long enough).
Do Azure WebApps have some kind of automatic rate-limiting or DOS-protection, or do I need to configure/code this myself?
If I have to do it myself, can you point me into the right direction?
As far as I know, we could use Dynamic IP Restrictions in web app.
The Dynamic IP Restrictions Extension for IIS provides IT Professionals and Hosters a configurable module that helps mitigate or block Denial of Service Attacks or cracking of passwords through Brute-force by temporarily blocking Internet Protocol (IP) addresses of HTTP clients who follow a pattern that could be conducive to one of such attacks. This module can be configured such that the analysis and blocking could be done at the Web Server or the Web Site level.
About how to config this feature. We could remote connect to the azure web app IIS and set it.
About how to remote connect web app IIS, you could refer to this article.
More details, you could also refer to this blog.

Azure custom domain validation timeout

I am trying to use my godaddy domain with azure web app. I create cname in godaddy dns settings. When I try to use this domain in azure portal I see two errors after validate button click without any description. In browser Dev tools I see two errors in console. It is two failed with 408 (timeout) error requests to manage.azurewebsites.net...
I try do that from different browsers and internet connections, but the result is the same.
What I'm doing wrong? How to setup custom domain for my azure web app (I see the instructions on learn.microsoft.com)?
I could not reproduce your issue. To bind it with my Azure Web App, I just add a CNAME record at domain DNS Zone tab. Here is my steps:
Then I can validate my custom domain in Azure Portal.
Please verify DNS before input it in azure portal via Dig Web Interface. Do you have any differences with your steps. If you have more concerns, please feel free to let me know.

Resources