How to configure a custom URL to access Azure WebApp

By default, all users access
Azure web applications via their HTML5 compactible browser using Microsoft URL
which is the same for all customers (https://rdweb.wvd.microsoft.com/webclient/index.html).

Being that this URL is
a bit long, and it is not quite easy to memorise, it would be helpful to set a Custom
URL using the corporate domain name. Something like https://desktop.essex.ac.uk
or any preferred subdomain name.

In this article, Azure
Functions will be leveraged to allow you to execute your code in a serverless
compute platform using the consumption plan pricing includes a monthly free
grant of 1 million requests, this would save you from the hassle of creating, configuring,
and securing an IIS virtual machine and well as the cost of compute.

Below are topics covered in this article:

Create an Azure
Function App

Create a Function App HTTPTrigger

Enable Azure Function
App Proxy

Create Azure Function
App Proxy

Create Custom domain

Update DNS service with
custom CNAME records

1.   
Go
to www.portal.azure.com and sign in
with your credentials.

2.  In
the App search bar, type Function App and select the Function App service.

 

3.  Click “+ Create” to
create a Function App in the Azure Portal

    

                              

4.   In
the Basics Tab, fill the required information as desired.

            

            ·      
Select
the subscription

·      
Choose
or create a new Resource Group

·      
Assign
a name to the Function App

·      
In
the “Do you want to deploy code or container image?” section, select “Code”

·      
For
the Runtime stack, choose .NET and select version 6 (LTS)

·      
Select
the desire region to deploy the Function App

·      
For
the Operating System, choose Windows

·      
On
the Hosting plan, choose Consumption (Serverless)

·      
Click
“Next: Storage >” create or select a storage account

 

 5.  In
the Storage Tab, select an existing storage account for the Function App or
create a new one. Click “Next: Networking >”

6.  In
the Networking Tab, select On in the “Enable public access” feature to ensure internet-based
traffic can access the Function App and click “Next : Monitoring”

7.  In
the Monitoring Tab, select “Yes” to enable Application Insights. Select an existing
Application Insights workspace or create a new workspace. Click on “Next :
Deployment >”

8.  In
the Deployment Tab, select either “Enable” if you want to push the code from a
Git repository. If not choose Disable and click “Next: Tags >” to proceed.

 9.   In
the Tag tab, assign tags to the resources and click “Next : Review + Create
>” to review and create the Azure Function App

10.   Review the configuration and click “Create”
to create the Function App

 

Create
a Function App HTTP Trigger

11. Go to the newly created Function App and
click the “Create in Azure Portal” button to select the environment to use in
configuring the Function App.

•         Choose
the option to develop in the Portal

•         Choose
the HTTP trigger as the desired template to use

•         Assign
a name to the new trigger function

•         In
the Authorization level, select “Function”

•         Click
“Create” to create the Function App Trigger

12. In the Function App page, go to the Overview page and click
on the newly created Trigger to open it

13. At the left pane of the Trigger page, click on the “Code
+ Test” Tab and paste the .NET code into the run.csx directory and click “Save”
to save the pasted code.

The .NET script can be downloaded from here:

GitHub - ak-wizzy/.NET-script-azure-webapp-redirect: .NET script for redirect of cu stom URL to Azure webapp URL

Remember to edit the underlined URLs with your custom URL and the target URL of the web application.

14. Click “Get Function URL” and copy the function URL

 

Enable
Azure Function App Proxy

15. In left hand pane of the Function App page, click on “Configuration”

·      
 Under the “Application settings” tab, click “+
New application setting”

 

16. In the “Add/Edit application setting”
page, in the “Name” field, type “AzureWebJobsFeatureFlags”, and in the “Value”
field type “EnableProxies” to enable the proxy feature. (This is disabled by
default in version 4.x of Azure Function App). Click OK and Save the new configuration
setting.

 ·      
Click
on the FUNCTIONS_EXTENSION_VERSION flag and change the version of the Function
App to version 3 (this activates the Proxies Feature of the function app)

17. In the left pane of the Function App, click on “Proxies”

·      
 Click “+ Add” to add a new proxy parameters

·      
Assign
a name to the proxy parameter

·      
In
the route template field type “/” to route all traffic from the custom URL to
the backend URL (the target URL configured in the Function App HttpTrigger using
.NET script).

·      
In
the “Allowed HTTP methods” field, choose “All methods”

·      
In
the “Backend URL” paste the Function app URL copied in step 14 of this guidance

·      
Click
Create to add the newly create proxy.

  Add the custom domain

18. At the left-hand side of the Function App page, click
on “Custom domain”

•     Click
“+ Add Custom domain”

•     In
the “Domain Provider” option, choose “All other domain services” to type the
custom domain name as desired

•     In
the “TLS/SSL certificate” option, choose App Service Managed Certificate to use
Azure managed certificate or select “Add certificate later to upload custom
certificate later

•     In
TLS/SSL type, choose the SNI SSL option to ensure the web app URL is accessible
by all modern browsers

•     In
the “Domain” field, type in the custom domain name that users will use to
access the web app

 

19. In the Domain validation section, copy the CNAME &
TXT record and create corresponding records in the DNS service of the domain

20. Click “Validate” to validate the records are created
correctly and click “Add” to add the record to Azure custom domain

21. Click on “Add binding” on the custom domain page to
bind an SSL certificate to the domain.

·     Choose “Create App Service Managed Certificate”
to use Azure Managed certificate or select “Upload certificate (.pfx)” to
upload custom certificate

·      
Click Validate to validate
the certificate

·      
Click Add to bind the
certificate to the subdomain name

At this point, you
would have successfully validated that you own the domain and the hostname is
available. So go ahead and test the connection to the Azure web app using the
custom URL that you used in this guide.

 Open https://webavd.grantinointegrated.com

I hope you find this article helpful and I would like to read from you so drop your comment.

 

STAY ARMED AGAINST RANSOMWARE

On May 12, 2017, many
Windows O/S users around the world and the critical systems they depend on were
victims of a malicious Ransomware attack. To those who are not familiar with
this kind of threat, Ransomware is a type of malicious software that
carries out the crypto-viral extortion attack with a crypto-virology that
blocks access to data until a ransom is paid and displays a
message requesting payment to unlock it.

In most instances Ransomware
may lock the system in a way that is quite difficult for the user to reverse.
Even advanced security experts are still finding it difficult to solve this
threat and according to reports they had to work extra hours (during the early days
of this recent outbreak) in order to salvage the crisis and currently it is
impossible to decrypt the files without the decryption key.

HOW
DOES RANSOMWARE SPREAD?

According
to a Microsoft alert, this malware is described as a threat that does not
normally spread so rapidly and that they leverage social engineering or emails
as primary attack vector, relying on users downloading and executing a
malicious payload. It further states that the Ransomware perpetrators
incorporated publicly-available exploit code for the patched SMB EternalBlue
vulnerability, CVE-2017-0145,
which can be triggered by sending a specially crafted packet to a targeted
SMBv1 server, although this was fixed in security bulletin MS17-010,
released on March 14, 2017 by Microsoft.

Also the method of infection
varies for most viruses, and Ransomware is typically packaged with installation
files masquerading as official software updates. They are advertised as updates
for Adobe Acrobat, Java and Flash Player. If you’ve opened underground websites
such as torrent sites, you’ve probably come across some of the ads used to
distribute malware. Typically, a popup opens telling you that you need to
update Adobe Acrobat.

STEPS
TO PREVENT AND PROTECT AGAINST THIS THREAT

It
is important to note that the Ransomware malware comes in different variants
and the trending variant called Wannacrypt comes with a worm-like
functionalities, creating an entry vector in machines still unpatched even
after the Microsoft Windows fix had become available.

The exploit code used
by WannaCrypt as stated by security experts was designed to work only against
unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows
10 PCs are not affected by this attack.

At this point it is
important to note that the only way of fighting this threat for now is by putting
some preventive measures in place - as experts are still struggling to discover
a kill switch in decrypting the encrypted files.

Because attackers are
exploiting social engineering emails as a way to trick users to run the malware
and activate the worm-spreading functionality with the SMB exploit, Microsoft
has advised that SMB traffic on port 445 should be block on the router or
firewall. It also strongly recommends that the SMBv1 feature should be disabled
on all Windows O/S.

Also using the
following Microsoft tools can further help in detecting and removing this
threat before it fully escalates.

Windows Defender

Microsoft Safety Scanner

Getting the latest
protection from Microsoft which I highly recommend as the only antidote to this
threat and many others, I encouraged all Windows users to upgrade to Windows 10. Keep
their computers up-to-date so as
to benefit from the latest features and proactive mitigations built into the
latest versions of Windows.