0

I will be hosting a web application using a Web App Service that stores data to a database using SQL Database Service in Azure. I do not need access to the server and I do not need a virtual machine, I want to keep my configuration as a (Paas) Platform as a service. My question is: how do I setup a DMZ in azure to protect the web app? This web app will be available to the public and there will be an admin section where the admins can update/add data.

DavidJS
  • 417
  • 2
  • 5
  • 16
  • Assuming you're talking about source IP security you could use `` in your web.config - http://stackoverflow.com/questions/38805769/how-to-check-azure-network-security-group-outbound-ip-allowed-or-not/38808091#38808091 Since this is a Layer-7 security feature, both good and evil HTTP requests will still reach your deployment. Take a look at ASE or ILB ASE if you're looking for Layer-3 firewalling. – evilSnobu Oct 18 '16 at 01:00
  • Not sure what you mean, but you cannot install SQL Server in an App Service / web app. You need to install it in a VM or use the SQL Database service (which is its own separate DBaaS). – David Makogon Oct 18 '16 at 10:06
  • Also, you *can* access your Web App's environment, via kudu, easily - see my answer [here](http://stackoverflow.com/a/26385007/272109). – David Makogon Oct 18 '16 at 10:07
  • @DavidMakogon - I meant that I am using SQL Database Service to store data from Web App. Also I don't want access to remote control any server. I just want to see how to configure a DMZ using a Platform as a Service (Which is what WebApp service provides). I have a DMZ setup in amazon aws using Virtual machines. in Azure I dont need virtual machines so I was wondering how you do it. – DavidJS Oct 18 '16 at 13:21

1 Answers1

1

1.Please have a try to create NSGs to control inbound and outbound access to network interfaces (NICs) and subnets.

• Create a Network Security Group and virtual network then config it follow the document

• Integrate your app with an Azure Virtual Network detail info please refer to the Integrate your app with an Azure Virtual Network

• If you want to get more info about VET, please refer to Azure Virtual network

2.You also can have a try to use ASE and there are some ASE related

Introduction to App Service Environment

Configuring a Web Application Firewall (WAF) for App Service Environment

How to Control Inbound Traffic to an App Service Environment

Tom Sun - MSFT
  • 24,161
  • 3
  • 30
  • 47