Forum Discussion
API Management Policy - Secure way to detect requests from Application Gateway
Hello. We got API Management which is reachable from internal network, and from external network (internet) via Application Gateway. I want to add an authorization policy in an API which only...
shailesh14
Microsoft
MicrosoftYou can use the Web Application Firewall (WAF) provided by the Application Gateway or use a condition to check the identifier in header.
condition="@(context.Request.Headers.ContainsKey("X-Application-Gateway-Identifier"))
If you think header can be modified by client pass/send it via App gateway and before that check request in AppGateway.
condition="@(context.Request.Headers.ContainsKey("X-Application-Gateway-Identifier"))
If you think header can be modified by client pass/send it via App gateway and before that check request in AppGateway.