Menu
I'm trying to lock down access to my Azure Web App by following the instructions here - https://learn.microsoft.com/en-us/azure/frontdoor/front-door-faq#how-do-i-lock-down-the-access-to-my-backend-to-only-azure-front-door.
The first step I did through the Azure Portal but I'm unsure as to where to do the second step (filter on the values for the incoming header 'X-Forwarded-Host'). Is it through the portal? or through Host Filtering in the app itself? or through a WAF?
263
asked Sep 21 '25 05:09
Since March 2020, Azure Frontdoor sends a X-Azure-FDID header with a unique value of your Frontdoor instance.
I wrote a detailed blog post about how to utilize that in restricting access to your web app: https://henrihietala.fi/limit-access-to-your-azure-web-app-from-your-azure-front-door-only/
74
I ended up just adding some middleware to do this:
public class XForwardedHostMiddleware
{
private readonly RequestDelegate _next;
public XForwardedHostMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task InvokeAsync(HttpContext context, IHostingEnvironment environment, IConfiguration configuration)
{
var forwardedHost = context.Request.Headers["X-Forwarded-Host"].ToString();
if (forwardedHost != "ex.ample.com")
{
await context.Response.WriteAsync("Blocked");
}
else
{
await _next(context);
}
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With