Skip to content
This repository has been archived by the owner on May 24, 2021. It is now read-only.

Latest commit

 

History

History
133 lines (98 loc) · 5.32 KB

01-01-02-Environment.md

File metadata and controls

133 lines (98 loc) · 5.32 KB
Raw
categories
features

#Environment

##Disable Server Affinity

By default, Azure Websites comes preconfigured with Session affinity, which in many cases allows developers perform a very simple migration of their applications to cloud. This is because there is no need to worry about centralizing the session state of your application as a user will be redirected back to the same server on each subsequent request.

Some applications, however, may not require session affinity and it would be better to turn off the session affinity in Azure Websites. This can be achieved by adding the following to the web.config file.

{% gist SyntaxC4/0d7185b30acf477c2033 web.disable-session-affinity.config %}

##Filtering Traffic by IP

Based on your web application, you may want to restrict access to it. Access can be restricted by using the <ipSecurity> element and providing a list of IP address to allow.

{% include html-alert-ip-security-docs.md %}

{% gist SyntaxC4/0d7185b30acf477c2033 web.ipsecurity.config %}

##Dynamic IP Restrictions

Dynamic IP Restrictions enable you to block access to your website when based on an interval of requests (i.e. Potential DDoS Attack). This can be achieved in a variety of ways as outlined in the example below.

{% include html-alert-dynamic-ip-restriction.md %}

{% gist SyntaxC4/0d7185b30acf477c2033 web.dipr.config %}

##Auto-Heal

You know those bugs where the only way to fix them is to restart the server every so often? There's a web.config setting for that! Microsoft Azure Websites have the ability to auto-heal based on a number of different triggers, i've outlined some of them in the example below. Note that this only works in Standard mode. It throws an error in Free or Basic mode.

{% gist SyntaxC4/0d7185b30acf477c2033 web.autoheal.config %}

##HTTP Compression

Some big wins come in small packages, enabling HTTP Compression in your Website can help decrease your users mobile bill and wait time while loading your Web Application.

{% gist SyntaxC4/0d7185b30acf477c2033 web.httpcompression.config %}




##Force HTTPS


{% gist SyntaxC4/0d7185b30acf477c2033 web.forcehttps.config %}



  
  
    
  
  





##Enable HTTP Verbs


When building out HTTP based APIs it is nearly impossible to enable functionality without being able to use certain HTTP Verbs such as PUT and DELETE.


###.NET


{% gist SyntaxC4/0d7185b30acf477c2033 web.netverbs.config %}


###PHP


{% gist SyntaxC4/0d7185b30acf477c2033 web.phpverbs.config %}


Enable HTTP Strict Transport Security (HSTS)


For more information on HSTS, visit and read this blog post on How to Enable HTTP Strict Transport Security in IIS 7+ by Scott Hanselman.


{% gist SyntaxC4/0d7185b30acf477c2033 web.hsts.config %}