Menu
My web application's endpoints are all secured and demand an OAuth access token.
To my understanding, Azure App Services Health Check is done through a HTTP call:
https://azure.github.io/AppService/2020/08/24/healthcheck-on-app-service.html
Exposing a path like /api/health can be used for attacks like DOS.
How exposing the path /api/health is justified from the security perspective?
What is a secured way of using App Services' Health Check ?
530
The Azure platform itself does have some mitigations to circumvent DDoS attacks. However, you can add additional layers of protection such as DDoS, App Gateway, and WAF.
Remember though, that if you're using App Service Authentication, the platform will utilize that to send authenticated requests to your configured health check API endpoint. But from a secured way to use health check, you would make sure that your endpoint only accepts authenticated requests.
97
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
