Forum Discussion

Dest1337's avatar
Dest1337
Copper Contributor
Mar 23, 2021

Azure Application Gateway/App Service + Secure Headers

Hello Everyone!!!

 

Hope you guys are doing great.

 

Im looking to create Security Headers (detailed above) from OWASP recommendations to An App service in Azure.

 

1) Is there a way to configure it on an App Service? Without doing the Web.Config.

2) I saw Azure application Gateway does the rewrite url. I tried to implement this

https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers#implement-security-http-headers-to-prevent-vulnerabilities

And nothing happen.

 

Could someone point me out to teh right direction? Is there an example would be awesome.

    • _AndreG's avatar
      _AndreG
      Copper Contributor
      One point of caution (and I am not sure if Front Door handles that better): I have had a scenario where we were using a third party WAF and also setup adding a HSTS header. However, some of the websites set their own HSTS header, which resulted in a double HSTS header. This caused issues with some applications.

      So either make sure headers are only added by Front Door (or whatever WAF/Reverse proxy) or add a rule to remove existing HSTS headers first

Resources