Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,161 questions
How to Protect ...azure-api.net Subdomain from DDoS Attacks when using API Management Basic in External Mode without VNet Integration and Front Door
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 96%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Michael Schneider
0
Reputation points
Dear Tema, I am using Azure API Management (APIM Basic) in external mode and without VNet integration, meaning my API instance is publicly accessible through the default ...azure-api.net subdomain. I'm also using a custom domain but the default domain still remains aktive.
I am concerned about potential DDoS attacks and want to secure this subdomain. I am considering using Azure Front Door to filter the traffic and leverage its Web Application Firewall (WAF) for enhanced protection.
Could you please clarify the following:
- Is it possible to fully protect the API subdomain (
...azure-api.net) via Azure Front Door, ensuring no traffic bypasses Front Door and directly reaches the original APIM domain? - What additional configurations, such as IP filtering or header validation, are required to restrict access so that only traffic routed through Azure Front Door reaches the APIM domain?
- Given that API Management without VNet integration doesn’t support DDoS Protection Standard, what are the best practices for DDoS protection in this scenario?
- Could you recommend any additional steps or configurations to ensure that all DDoS and security measures are effectively implemented?
Thank you for your support.
Best regards Michael
Sign in to answer