I had a case the other day where a custom rule in a Web Application Firewall v2 policy attached to an Application Gateway behaved kind of funky. The rule was setup to deny traffic if a specific request header in the HTTP request was not present. At first everything looked good but after a while I still noticed that some unwanted traffic was hitting my backend service. After some testing and investigation, I came up with the following. Thanks @SimonWahlin for the support!
I’ve been working a lot with Azure Networking the last couple of months, re-building and implementing new networking designs all over the place. When the time comes to move services to the new VNets I’ve deployed it can sometimes be a bit difficult to find all the services connected to the old VNets(not all services are listed under connected devices in the VNet). One of them are App Services and Function Apps with VNet Integration enabled. Since VNet Integration was released for App Services and Function Apps (available for Function Apps running on App Service Plans only!) a couple of months ago it’s been spreading like a disease across Azure Subscriptions with high privileged developers enabling it left to right in need of On-Premises connectivity😘. There can be hundreds of them and sometimes you need to find them to be able to get control of the network again.
Finding all App Services and Function Apps enabled for VNet Integration is a bit more difficult than you can imagine when you start looking at it.
I’ve been working a lot with Azure API Management supporting developers with the surrounding infrastructure like VNets (for APIM in VNet mode), Application Gateways, ARM Templates, certificates, identity providers, backup, custom RBAC etc. Over the years I’ve learned a lot of things regarding APIM, some of them undocumented, some things poorly documented and sometimes the documentation assumes that you’re setting up APIM for the first time instead of adding features to an existing deployment. I want to share some of the tips and tricks I’ve learned in a series of posts on the topic “Deploy APIM like a champ!🏆” and this is the first part of the series.
Welcome to my new blog! I removed my old one and all content since most of it was obsolete. It’s time to start fresh with a bunch of new stuff, my first mission is to write a series of posts with some Azure API Management stuff. A lot of it related to APIM and VNets, stay tuned!