How to Protect …azure-api.net Subdomain from DDoS Attacks when using API Management Basic
Dear Tech Community , I am using Azure API Management (APIM Basic) in external mode and without VNet integration, meaning my API instance is publicly accessible through the default …azure-api.net subdomain. I’m also using a custom domain but the default domain still remains aktive.
I am concerned about potential DDoS attacks and want to secure this subdomain. I am considering using Azure Front Door to filter the traffic and leverage its Web Application Firewall (WAF) for enhanced protection.
Could you please clarify the following:
Is it possible to fully protect the API subdomain (…azure-api.net) via Azure Front Door or other products, ensuring no traffic bypasses Front Door and directly reaches the original APIM domain?What additional configurations, such as IP filtering or header validation, are required to restrict access so that only traffic routed through Azure Front Door reaches the APIM domain?Given that API Management without VNet integration doesn’t support DDoS Protection Standard, what are the best practices for DDoS protection in this scenario?Could you recommend any additional steps or configurations to ensure that all DDoS and security measures are effectively implemented?
Thank you for your support.
Best regards Michael
Dear Tech Community , I am using Azure API Management (APIM Basic) in external mode and without VNet integration, meaning my API instance is publicly accessible through the default …azure-api.net subdomain. I’m also using a custom domain but the default domain still remains aktive.I am concerned about potential DDoS attacks and want to secure this subdomain. I am considering using Azure Front Door to filter the traffic and leverage its Web Application Firewall (WAF) for enhanced protection.Could you please clarify the following:Is it possible to fully protect the API subdomain (…azure-api.net) via Azure Front Door or other products, ensuring no traffic bypasses Front Door and directly reaches the original APIM domain?What additional configurations, such as IP filtering or header validation, are required to restrict access so that only traffic routed through Azure Front Door reaches the APIM domain?Given that API Management without VNet integration doesn’t support DDoS Protection Standard, what are the best practices for DDoS protection in this scenario?Could you recommend any additional steps or configurations to ensure that all DDoS and security measures are effectively implemented?Thank you for your support.Best regards Michael Read More