How to add security headers in Azure

2024-02-02T13:33:46.1733333+00:00

Our web application link in azure is contoso.azurewebsites.net/ After that we have created custom dns in azure and updated as contoso.azure.zf.com/ After creating this, we have a request from security that we need to enable WAF for public apps So we have to enable WAF and we have provided CName and domain Name to the WAF team CName : contoso.azurewebsites.net/ FinalDomain : contoso.azure.zf.com/ CloudWAF name was provided by them (check below) and we were asked to update our CName DEV:
contoso.azure.zf.com --> CNAME: contoso9.fortiweb-cloud-azure.net PROD:
contoso.azure.zf.com --> CNAME: contso.forti.web-cloud-azure.net So we have updated this Value like below inplace of azurewbsites.net And after that informed WAF team about updation. Then they provided security headers and asked to update in portal

Header-Name: ZF-SECURE-WAF-HEADER Value: XYZ

Where we have to add this security headers in portal - Access restriction or in configuration or in application insights. Only if we add this security header: contoso.azurewebsites.net/ will not be accessible

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,484 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Luis Arias 3,766 Reputation points
    2024-02-02T14:27:35.37+00:00

    Hi Rangasamy Sakthikrishna CNN FIXP51,

    First I advise to don't share confidential information by communities. About your questions:

    How to Add this security headers? This will depends on your application code or configuration, for example if you are using C# can use something like this:

    app.Use(async (context, next) =>
    {
        var headerValue = Environment.GetEnvironmentVariable("ZF_SECURE_WAF_HEADER");
        context.Response.Headers.Add("ZF-SECURE-WAF-HEADER", headerValue);
        await next.Invoke();
    });
    

    Additionally, In order to don't hardcode this values on your code you can add this headers values in the App Service > Configuration > Application Settings in the Azure portal, these values are made available to your application as environment variables and Your can retreive by this way.

    User's image

    Let me know if this information help you to address your question.

    Luis