Securing SharePoint Site using Azure App Service

Building application firewall for SharePoint site will never been so easy. With Azure App Service we can quickly create public facing application firewall using IIS Application Request Routing and protect SharePoint web site in internal network. In this scenario, you will : Create Azure App Service to serve as Reverse Proxy Register custom domain in Azure App Service Forward request from public URL to SharePoint internal URL The steps:

OWASP Top Ten to Secure SharePoint Public Site (Part 5)

dIn part 4, we have sanitize response header from SharePoint portal by modifying response header through web.config custom header modification. Unfortunately, during my testing not all response header can be modified using this technique. Therefore we need to use custom httpmodule to clean-up the response header. Following are the list header that will be removed from the response using this technique: Server X-AspNet-Version X-SharePointHealthScore SPRequestGuid X-Powered-By MicrosoftSharePointTeamServices SPIisLatency SPRequestDuration X-MS-InvokeApp We also want to add additional response header:

OWASP Top Ten to Secure SharePoint Public Site (Part 4)

At this point, I believe that you have fully configured reverse proxy for SharePoint portal. Your portal is now behind an application firewall the IIS ARR. Since all traffic now is back and fort to through reverse proxy, now we have freedom to modify the response from SharePoint before it arrives to the client browser. The next step is to clean-up the response header. You can remove Origin-By and add SAMEORIGIN restriction in response header by modifying web.