Using Hub-Spoke Topology Benefits: Network Isolation Ready to grow – with growing the company, IT, computer systems. The central point of Administration Control traffic in HUB between different Spokes Control Traffic to/from the Internet Control Traffic to/from On-Premises Capture traffic on HUBs Easy to put NSG based on all networks like 172.21.0.0/20 Hubs Should be […]
Previously in part 1 and part 2, there was no final and easy-to-use solution to prevent bad guys to map your website. There is a final solution that works with On-Premise IIS and with Azure Web App. It is independent of Web Application Firewall and Front Door service. The solution is based on rewrite, […]
Previously I showed you the method of preventing mapping of the file structure of your WebApp based on 404 and 403 response codes. The disadvantage of runAllManagedModulesForAllRequests=”true” method is that it must be handled by application code. The main problem is that these requests 403 and 404 are server not by IIS from WebApp, but […]
New-AzRoleAssigment -objectid service_principal -RoleDefinitionName “Managed Identity Operator” -Scope ResourceID In case of error: Principals of type Application cannot validly be used in role assignments Please provide -objectid Service Principal, not Application. Just display it, by: Get-AzureADServicePrincipal -SearchString “app_name”
If you deploy sample ASP.NET 4.x pure, out of the box web app (https://portal.azure.com/#create/Microsoft.WebSite) the behaviors is like: https://pure.azurewebsites.net/yfgrueygfuyrgfrf – 404 error – what is ok… https://pure.azurewebsites.net/a/a.txt – 200 OK (of course you need first put a.txt file to this directory) https://pure.azurewebsites.net/a/ – 403 forbidden – so it means that hacker can search for something […]