Use and setup of WAF with Azure App Service Web Application? - azure

I run a number of App Service MVC Asp.Net web applications. I think it would be a good idea to add a WAF to the front the App Service website to enable OWASP protection as well as more visibility on suspicious attacks. Also I would want this to be linked into Azure Security Centre.
As far as I can see this is not a problem with VM websites, but with App Service websites I have seen SO comment (April 2017) about how this may not be supported. Although this information may be outdated now.
1) Am I just trying to replace existing threat detection features that is built into App Services, so adding a WAF is not required?
2) If required, is App Service WAFs supported, and especially linked to Azure Security Centre.
3) If required and possible, then any pointers please?
By the way, I have considered the use of Cloudflare as a WAF wrapper around Azure which looks interesting, but intitially wanted to check out Azure functionality to start with.
Thanks.

1) WAF is supported and recommended even for App Service because it will improve your security capabilities while also providing you with more control and real-time monitoring.
Configure App Service Web Apps with Application Gateway
2) Yes to both. See here:
Azure Security Center and Microsoft Web Application Firewall Integration
3) See above links :)

Related

Hosting on Microsoft Azure

I already have a domain name purchase from Google Domains.
I would like to host this site on Microsoft Azure, How should I plan to purchase all the required resources on Azure, if I want to host a Wordpress site, but would also need control over the size, if in future I plan to host some microsite with NodeJS or any other technologies like Java or .Net Core.
What would be my cost per month considering the above requirements?
Below is the list that I envisioned that I may need, can anyone suggest something this I missed.
A VM with Ubuntu (That would take care of Wordpress, Database(MySQL), NodeJS, Java and others)
Map my domain with Azure and map it with the VM
The solution you're thinking of is also known as IaaS (Infrastructure as a Service) and it is something you'd usually consider when migrating from an on-prem solution where you already have the VMs images for your needs.
In your particular case I'd recommend looking into PaaS (Platform as a Service) - specifically Azure App Service.
Everything you enumerated can be hosted in an Azure App Service as it supports all major technologies for deploying web apps today (.Net, Node.js, Java, etc).
In addition to your own code, Azure offers a number of build-in templates for 3rd party vendors that allow you to deploy pre-packaged solutions such as Wordpress without having to worry about the installation yourself. See this Wordpress on Azure article for more details.
Pricing information for Azure Web Apps can be found on the docs page. In your case I suspect you could do with a B1 or S1 instance.
Lastly, for your domain name, you can easily map and configure any custom domain to an Azure Web App by simply updating the DNS records in your Domain Management system and reference that in the Azure Portal. See docs for details.
Adding to Alex's response. To provide you a good understanding on hosting website on Azure. Firstly, I wish to highlight that Azure offers several ways to host websites: Azure App Service WebApps (PAAS solution), Virtual Machines (IAAS), Service Fabric, and Cloud Services.
Azure App Service (PAAS solution) is the best choice for most web apps. Deployment and management are integrated into the platform, sites can scale quickly to handle high traffic loads, and the built-in load balancing and traffic manager provide high availability.
WebApp is a fully managed compute platform that is optimized for hosting websites and web applications.
If you wish to host your website/app on an Azure VM (IAAS solution), you would typically install, design and configure the app in a similar way as you would onprem. If you have an existing application that would require substantial modifications to run in App Service you could choose Virtual Machines in order to simplify migrating to the cloud.
Take a look at the supported and unsupported configuration on App Service Migrate - Migration checklist when moving to Azure App Service : https://azure.microsoft.com/en-us/blog/migration-checklist-when-moving-to-azure-app-service/

Azure SubDomain Link to Appservice

I have domain example.com I bought in azure.And I have two appservices app1 and app2.
I can link example.com to app1
But I want to link example.com/one to app1(appservices)
and example.com/two to app2(appservices).
Can anyone plz suugest me how to do this in Microsoft Azure
Using Azure Application Gateway and creating the relevant routing rules would be a good way to do this.
Here's a quick screenshot from Microsoft Docs which talks about a similar scenario..
Do know that there is price associated with it (and a lot of other features). So you may need to evaluate a bit.
Application Gateway Pricing
You will need to assign the custom domain to a load balancer. Azure App Gateway supports URL based routing. Since Azure App Services are multi-tenant you will need to follow these docs to configure App Gateway with an App Server. This is a great solution for single region applications.
If you need mutli-region support, check out our new Azure Front Door Service. Azure Front Door Service enables you to define, manage, and monitor the global routing for your web traffic by optimizing for best performance and instant global failover for high availability. With Front Door, you can transform your global (multi-region) consumer and enterprise applications into robust, high-performance personalized modern applications, APIs, and content that reach a global audience with Azure.

How do I configure App Service Authentication on Web App Service for Linux

I do not see the option to easily configure App Service Authentication on Web Apps for Linux. I am using SSL and custom domain name.
Thanks
If you are looking for an option through the Azure Portal, then this will help.
As per the Azure Web App on Linux documentation Limitations, The Azure portal shows only features that currently work for Web App on Linux and hides the rest. As Microsoft enable more features, they will be visible on the portal.
Some features, such as virtual network integration, Azure Active Directory/third-party authentication, or Kudu site extensions, are not available yet. Once these features are available, Microsoft will update the documentation and blog about the changes.

Signalr on Azure Mobile Services or Web Roles

I am developing a mobile application that makes extensive and continuous use of SignalR to communicate to a SignalR service.
I have previously assumed that I would use a Web Role to host the service, and then add more Web Roles backed by a backplane of Service Bus or Redis as and when the service needs to scale out. Using a Web Role would also allow me to significantly scale up if I wanted to avoid possible latency issues with the backplane.
However when I compare the pricing of the Web Role to Azure Mobile Services it appears that the Mobile Services may be cheaper.
So can Mobile Services be used instead?
And if so what are the pros and cons of doing so?
We are close to rolling out an update to Azure Mobile Services .NET backend which comes with some neat integration with SignalR built in. I'll be posting a blog on it on http://blogs.msdn.com/b/azuremobile/ (and of course on twitter #frystyk) when it's there and how to use it.
Henrik

What is the difference between Azure Web Site and Azure Cloud service

We are looking to host a website (some css,js, one html file but not aspx, one generic handler).
We deployed in as:
1) Azure Web Site
2) Azure Cloud Service
Both solutions work. There is a question though: which way of hosting it is better and why? Second thing: as there might be a lot of traffic - which solution would be cheaper?
Thanks in advance,
Krzysztofuncjusz
You may want to review this article that explains the primary differences. Web Sites are best for running web applications that are relatively isolated (that do not require elevated security, remote desktop, network isolation...). Cloud services are more advanced because they give you more control over web sites while still remaining flexible. And VMs are for full control over applications that need to be installed and configured (like running SQL Server for example).
I think that main difference in abilities to modify VM and possibility to configure scalability. Web sites is something like classic hosting, without ability to login by rdp. Cloud Services allows you to configure VM and if necessary setup scalability and availability.

Resources