Forum Discussion
Dest1337
Mar 23, 2021Copper Contributor
Azure Application Gateway/App Service + Secure Headers
Hello Everyone!!!
Hope you guys are doing great.
Im looking to create Security Headers (detailed above) from OWASP recommendations to An App service in Azure.
- HTTP Strict Transport Security
- X-Content-Type-Options
- Content-Security-Policy
- Referrer-Policy
- Cross-Origin-Embedder-Policy
1) Is there a way to configure it on an App Service? Without doing the Web.Config.
2) I saw Azure application Gateway does the rewrite url. I tried to implement this
And nothing happen.
Could someone point me out to teh right direction? Is there an example would be awesome.
- AlvinAbrahamCopper Contributor
- _AndreGCopper ContributorOne point of caution (and I am not sure if Front Door handles that better): I have had a scenario where we were using a third party WAF and also setup adding a HSTS header. However, some of the websites set their own HSTS header, which resulted in a double HSTS header. This caused issues with some applications.
So either make sure headers are only added by Front Door (or whatever WAF/Reverse proxy) or add a rule to remove existing HSTS headers first