Azure Application Gateway/App Service + Secure Headers

%3CLINGO-SUB%20id%3D%22lingo-sub-2231277%22%20slang%3D%22en-US%22%3EAzure%20Application%20Gateway%2FApp%20Service%20%2B%20Secure%20Headers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2231277%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Everyone!!!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20you%20guys%20are%20doing%20great.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIm%20looking%20to%20create%20Security%20Headers%20(detailed%20above)%20from%20OWASP%20recommendations%20to%20An%20App%20service%20in%20Azure.%3C%2FP%3E%3CUL%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fowasp.org%2Fwww-project-secure-headers%2F%23http-strict-transport-security%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EHTTP%20Strict%20Transport%20Security%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fowasp.org%2Fwww-project-secure-headers%2F%23x-content-type-options%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EX-Content-Type-Options%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fowasp.org%2Fwww-project-secure-headers%2F%23content-security-policy%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EContent-Security-Policy%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fowasp.org%2Fwww-project-secure-headers%2F%23referrer-policy%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EReferrer-Policy%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fowasp.org%2Fwww-project-secure-headers%2F%23cross-origin-embedder-policy%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ECross-Origin-Embedder-Policy%3C%2FA%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20Is%20there%20a%20way%20to%20configure%20it%20on%20an%20App%20Service%3F%20Without%20doing%20the%20Web.Config.%3C%2FP%3E%3CP%3E2)%20I%20saw%20Azure%20application%20Gateway%20does%20the%20rewrite%20url.%20I%20tried%20to%20implement%20this%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapplication-gateway%2Frewrite-http-headers%23implement-security-http-headers-to-prevent-vulnerabilities%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapplication-gateway%2Frewrite-http-headers%23implement-security-http-headers-to-prevent-vulnerabilities%3C%2FA%3E%3C%2FP%3E%3CP%3EAnd%20nothing%20happen.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20someone%20point%20me%20out%20to%20teh%20right%20direction%3F%20Is%20there%20an%20example%20would%20be%20awesome.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hello Everyone!!!

 

Hope you guys are doing great.

 

Im looking to create Security Headers (detailed above) from OWASP recommendations to An App service in Azure.

 

1) Is there a way to configure it on an App Service? Without doing the Web.Config.

2) I saw Azure application Gateway does the rewrite url. I tried to implement this

https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers#implement-security-h...

And nothing happen.

 

Could someone point me out to teh right direction? Is there an example would be awesome.

0 Replies