Share via

Need to find if Azure web apps are behind a front door or app gateway

Balaji Shinde 20 Reputation points
2023-06-08T05:18:41.1533333+00:00

Hi All,

We have 200+ Azure web apps in our tenant, I need to find if they are behind a front door or app gateway. We are working on enabling diagnostic settings on web apps, but because we already have diagnostic setting enabled for front doors and app gateways, we don't want to enable it for web apps which are running behind front doors etc.

I tried to get the web apps info using powershell to see if it gives any hint, but couldn't figure out. Any help with this please?

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
851 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,934 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator
    2023-06-08T06:59:50.64+00:00

    @Balaji Shinde

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    There are couple of problems with your approach

    1. Azure App Service/WebApps do not hold any property that identifies whether it is serving requests behind an AFD or not.
    2. Similarly, AFD does not have any property to verify if the Origin is an Azure Service or a Third party service, at least not directly. However, AFD does have a property where is stores the backends' HostName, which we are going to utilize

    Use the below script to list the Azure App Services that that are being added as an AFD's origin.

    $resourceGroupName = "<RG Name>"

#Get All AFDs in this ResourceGroup
$frontdoors = Get-AzFrontDoorCdnProfile -ResourceGroupName $resourceGroupName
$i = 1

#Loop through the AFDs
foreach ($frontdoor in $frontdoors){

#Get all the OriginGroups in an AFD
$origingroups = Get-AzFrontDoorCdnOriginGroup -ResourceGroupName $frontdoor.ResourceGroupName -ProfileName $frontdoor.Name

#Loop through the OriginGroups
foreach ($origingroup in $origingroups){

#Get all the Origins in an OriginGroup
$origins = Get-AzFrontDoorCdnOrigin -ResourceGroupName $origingroup.ResourceGroupName -ProfileName $frontdoor.Name -OriginGroupName $origingroup.Name

#Loop through the OriginS
foreach ($origin in $origins){

#Check whether the Host Header contains *.azurewebsites.net, indicating whether this is a App Service or not
if($origin.OriginHostHeader.Contains(".azurewebsites.net"))
{
Write-Output $i
$i = $i+1
Write-Host -NoNewline $frontdoor.Name " in ResourceGroup " $frontdoor.ResourceGroupName " contains "$origin.OriginHostHeader
Write-Output ""
}
}
}
}

    Points to Note:

    • The above script is for Azure App Services.
    • For other Azure PaaS services, you have to use appropriate OriginHostHeader value or a different identifying property as per the use case
    • As stated, neither of the services have any indicating feature/property to indicate that it is being used along the other service. The above is just a work around exploiting Host Header name.

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.