azure_web_app_security_hardening
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| azure_web_app_security_hardening [2017/11/18 02:59] – stephen | azure_web_app_security_hardening [2017/11/19 05:39] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Azure Web App Security Hardening ====== | ====== Azure Web App Security Hardening ====== | ||
| + | |||
| + | A bunch of checks can be done [[https:// | ||
| ===== HTTPS Only ===== | ===== HTTPS Only ===== | ||
| Line 24: | Line 26: | ||
| // Add this method: | // Add this method: | ||
| protected void Application_PreSendRequestHeaders(object sender, EventArgs e) { | protected void Application_PreSendRequestHeaders(object sender, EventArgs e) { | ||
| + | // Trying to remove this in the web.config doesn' | ||
| Response.Headers.Remove(" | Response.Headers.Remove(" | ||
| } | } | ||
| Line 32: | Line 35: | ||
| <code xml> | <code xml> | ||
| < | < | ||
| + | ... | ||
| <!-- Add enableVersionHeader=" | <!-- Add enableVersionHeader=" | ||
| < | < | ||
| Line 48: | Line 52: | ||
| </ | </ | ||
| </ | </ | ||
| + | |||
| + | ===== HTTPS Only Cookies ===== | ||
| + | |||
| + | '' | ||
| + | |||
| + | <code xml> | ||
| + | < | ||
| + | ... | ||
| + | <!-- Add this: --> | ||
| + | < | ||
| + | </ | ||
| + | </ | ||
| + | |||
| + | ===== Add Security Headers ===== | ||
| + | |||
| + | '' | ||
| + | |||
| + | <code xml> | ||
| + | < | ||
| + | < | ||
| + | | ||
| + | ... | ||
| + | <!-- Add these: --> | ||
| + | <add name=" | ||
| + | <add name=" | ||
| + | <add name=" | ||
| + | <add name=" | ||
| + | <add name=" | ||
| + | <!-- Max-age is in seconds, 31536000 = one year --> | ||
| + | <add name=" | ||
| + | | ||
| + | | ||
| + | </ | ||
| + | </ | ||
azure_web_app_security_hardening.1510973948.txt.gz · Last modified: 2017/11/19 03:59 (external edit)