homepage
Open menu
Go one level top
  • Train and Certify
    Train and Certify

    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits

    • Overview
    • Courses
      • Overview
      • Full Course List
      • By Focus Areas
        • Cloud Security
        • Cyber Defense
        • Cybersecurity and IT Essentials
        • DFIR
        • Industrial Control Systems
        • Offensive Operations
        • Management, Legal, and Audit
      • By Skill Levels
        • New to Cyber
        • Essentials
        • Advanced
        • Expert
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
      • Course Demos
    • Training Roadmaps
      • Skills Roadmap
      • Focus Area Job Roles
        • Cyber Defence Job Roles
        • Offensive Operations Job Roles
        • DFIR Job Roles
        • Cloud Job Roles
        • ICS Job Roles
        • Leadership Job Roles
      • NICE Framework
        • Security Provisionals
        • Operate and Maintain
        • Oversee and Govern
        • Protect and Defend
        • Analyze
        • Collect and Operate
        • Investigate
        • Industrial Control Systems
    • GIAC Certifications
    • Training Events & Summits
      • Events Overview
      • Event Locations
        • Asia
        • Australia & New Zealand
        • Latin America
        • Mainland Europe
        • Middle East & Africa
        • Scandinavia
        • United Kingdom & Ireland
        • United States & Canada
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Overview
      • Degree and Certificate Programs
      • Scholarships
    • Cyber Ranges
  • Manage Your Team
    Manage Your Team

    Build a world-class cyber team with our workforce development programs

    • Overview
    • Why Work with SANS
    • Group Purchasing
    • Build Your Team
      • Team Development
      • Assessments
      • Private Training
      • Hire Cyber Professionals
      • By Industry
        • Health Care
        • Industrial Control Systems Security
        • Military
    • Leadership Training
  • Security Awareness
    Security Awareness

    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk

    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • IT Administrator
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
      • Overview
      • Training & Courses
      • Professional Credential
    • Blog
    • Partners
    • Reports & Case Studies
  • Resources
    Resources

    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis

    • Overview
    • Webcasts
    • Free Cybersecurity Events
      • Free Events Overview
      • Summits
      • Solutions Forums
      • Community Nights
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
      • Summit Presentations
      • Posters & Cheat Sheets
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
  • Get Involved
    Get Involved

    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.

    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    About

    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills

    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
      • Contact Customer Service
      • Contact Sales
      • Press & Media Enquiries
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • Contact Sales
  • SANS Sites
    • GIAC Security Certifications
    • Internet Storm Center
    • SANS Technology Institute
    • Security Awareness Training
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Azure’s Front Door
370x370_serge-borso.jpg
Serge Borso

Azure’s Front Door

TLDR; Login to Azure, setup a VM, SSH into the VM, then setup Front Door – good times!

April 22, 2021

In this blog post we’ll setup Azure’s Front Door service and deploy a virtual machine to host a server for basic web traffic. We’ll start with logging into our Azure account and then spinning up a machine, followed by general configuration of the environment. Next, we’ll deploy the Front Door service and test it out. There are bonus objectives for you to explore as well should you be so inclined to do so.

In order for you to be successful in this endeavor, you will need to have a fully functional Microsoft Azure cloud account. In addition, not much else… Just a quality browser (Firefox or Chrome) and the ability to make changes to your Azure account.

If you don’t already have an Azure account, a valid/working credit card is needed to get started – and this is outside of the scope of this blog post. So go take care of that if you need to, and then come back and continue.

The only other thing you will need is going to be an SSH client – we can use a browser plugin to provide this access for us, but something like your Linux/Mac/Windows terminal (or a tool like Putty), may be easier depending on what you are most comfortable with. We’ll deal with they when the time comes.

One last thing before we get started, and that is the level of difficulty you can expect. This is meant for those with a beginner skill set and should be able to be accomplished in about 30-45 minutes.

Let’s get started!

Objective: Login to Azure, and setup your Virtual Machine

To begin, login to your Azure account. You will need to have a sufficiently privileged account as to create and launch a virtual machine (VM). You can go to this link and login: https://azure.microsoft.com/en-us/

Picture1.png

Once you login, go to your portal: https://portal.azure.com/#home

Then, navigate to the Virtual machines section and choose “Virtual machines”:

Picture2.png

Picture3.png

Click the “Add” button and proceed to setup your new VM. You will need to create a new resource group and give the VM a name as well as an image type. The names you choose are arbitrary, but the CentOS image is important as we will use the Linux machine as part of the lab later on. Read what a “Spot Instance” is and note that you do not need to choose this if you don’t want to, and in fact, you may not be able to depending on the other choices made during the setup of the VM.

Picture4.png

There is no need to use anything but the cheapest possible VM at this point, so choose accordingly:

Picture5.png

Setting the username and password is extremely important. Make sure whatever you create here, you will remember. For a bonus challenge, setup an SSH key and use that for authentication (if you have time at the end of the lab and want to go back).

Picture6.png

Be sure to allow ports 80, 443 and 22 so we can SSH into the machine and setup the webserver that our Front Door will point to later.

Picture7.png

The hard drive type is not of critical importance for this lab and the defaults can be selected.

Clicking next, we are shown the networking section. Be sure, once again, that ports 80, 22 and 443 are all allowed. The other settings can be left as default.

Picture8.png

Going to the next section, the default options are fine here as well and may differ from the screenshot:

Picture9.png

Proceed to “Review and Create”

Picture10.png

Your current settings should pass validation. If you have any issues, try to identify and fix the problem(s) by reading the output from Azure as it pertains to why your validation failed. Proceed to complete the deployment/creation of your VM and click on “Go to resource” once the process is finished.

Picture11.png

From the VM section in the Azure portal, we can see details about our newly created VM:

Picture12.png

Look carefully at the “Public IP address”:

Picture13.png

Your IP address will be different, make note of it - seriously.

Next, we will SSH into the newly created VM by using an SSH client (putty [you can search for the latest version for your operating system and proceed to install if you choose to] is a great option, as is your CLI for Windows, Linux and Mac) or this browser-based option if you desire:

NOTE: IF YOU PREFER TO USE A DIFFERENT SSH CLIENT, SKIP THIS CHROME EXTENSION SECTION AND SSH INTO YOUR VM AS YOU PREFER

Using Chrome, browser here:

https://chrome.google.com/webstore/detail/secure-shell-app/pnhechapfaindjhompbnflcldabbghjo?hl=en

Install the app:

Picture14.png

Then Launch the app by clicking the button to Launch it if you are not automatedly directed to:

chrome://apps/

Picture15.png

Picture16.png

Click the icon to open it and put in your username (that you created as part of the VM creation process) and the IP address you took a note of a moment ago:

Picture17.png

On the bottom-right, select Enter/Connect (and remember to use YOUR OWN IP address and your own username/password combination that you created previously).

Picture18.png

Finally, put in your password that you created as part of the VM creation process. Ignore the warning… you should now be successfully logged into your server.

Picture19.png

Once logged in successfully, we will install Apache:

Issue the command: sudo su - (and press enter)

Then issue the command: dnf -y install httpd && systemctl start httpd (and press enter)

Picture20.png

With these commands, you have changed to the root account (which is required in order to be able to install software), and you have installed the httpd server (which is Apache) and turned it on. Now, to test, open a new tab in your browser and browse to your IP address, you should see the test page showing:

Picture21.png

Picture22.png

You have completed the first phase. Now we will move onto setting up our Front Door service. You can logout of the SSH session by closing the tab, or by typing exit (twice) in the terminal.

Picture23.png

Moving on… Deploy Front Door

With our VM now running successfully, we can leverage the Front Door service to provide access in a more robust way. Within your Azure portal, from within your browser, find the Front Door service icon and click it.

Picture24.png

Click the “New” button to start the process of creating a new Front Door:

Picture26.png

Picture26.png

Picture25.png

Picture26.png

You will likely only have one subscription option and one Resource Group to choose – so select what is available. Remember, we created our resource group in the first section of this lab when we setup our VM. Click next to continue.

Picture27.png

In the configuration section, choose the plus sign for the Frontends/domains box as shown above. Provide a hostname of your choosing and understand that this is like your domain name. Note the .azurefd.net domain associated with the host you are providing. This will be the URL for the outside world to connect to our host once we complete the setup.

Picture28.png

As a bonus challenge, once finished with the entire lab, go back and enable the Web Application Firewall and configure it with custom rules. But for now, proceed to the next step.

Picture29.png

Click the plus sign to setup the backend pools. What we are doing in this step is telling the Front Door service what or application server is, so when someone goes to access our website through the Front Door, the service knows what application is being hosted. Be sure to input the IP ADDRESS FOR YOUR VM in the corresponding box. If you don’t know what that IP address is, go back to the first part of this blog and take a note.

Picture30.png

Picture31.png

Next, we’ll add an arbitrarily named back-end pool associated with the host we created and leave the default health probes enabled.

Continuing on, well setup the last part of the service via the routing options:

Picture32.png

We’ll add a rule so when traffic comes in, it is directed as we desire:

Picture35.png

Picture35.png

Picture33.png

Picture34.png

Picture35.png

We’ll choose next and finish up the Front Door setup.

Nice work! Now let’s test it out.

Choose to “Go to resource” and see if you can access your website through the Front Door service.

You may get an error:

Picture36.png

Manually change the URL to http instead of https:

Picture37.png

If all worked as expected, you should see the Apache test page (note that you may need to wait 10-15 minutes for the process to complete). What now? This was a primer, feel free to go back and setup the Web Application Firewall, install an SSL certificate, deploy custom routing rules, and use a custom domain if you already own one. One thing to note is that you VM is very underpowered (which is fine for testing purposes) but it can be extremely slow as well. You may want to turn off Apache to save resources. systemctl stop httpd

Picture38.png

Conclusion

This concludes the blog post. You have learned how to setup a VM and Front Door service in Azure. You used SSH for remote access, you created a frontend host, a backend pool, you have default health-checks running and a functioning test website. Hopefully you enjoyed your time and learned something useful; nice work!

About the Author

When it comes to web application security and penetration testing, Serge is among the best possible instructors to learn from due to his experience, accomplishments, and, quite frankly, his personality. Duplicate badges to walk right through security and access a "secure" facility – did that. Dumpster diving for sensitive information outside of a financial institution – to him, that was “lots of fun.” Create an enterprise-wide, measurably successful security program for a billion-dollar company – one of his many accomplishments. All of them, in scope of the engagements. He’s a published author, President of the Denver Open Web Application Security Project (OWASP) chapter, founder and CEO of the cyber security consulting firm, SpyderSec, he’s discovered multiple 0-days, written OSINT tools for the community, and is a polished presenter who speaks regularly at national conferences. Truly, an expert in the field. Learn more about Serge here.

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Recommended Training

  • SEC510: Public Cloud Security: AWS, Azure, and GCP
  • SEC540: Cloud Security and DevSecOps Automation
  • SEC560: Enterprise Penetration Testing

Tags:
  • Cloud Security

Related Content

Blog
SANS_Cloud_Security_340x340.png
Cloud Security
January 5, 2023
SANS Cloud Security Curriculum
The SANS Cloud Security Curriculum is growing fast – like the Cloud itself.
370x370_Frank-Kim.jpg
Frank Kim
read more
Blog
CD_Blog_HowtoautomateinAzure_Part1_2.jpg
Cyber Defense, Cloud Security
October 11, 2022
How to Automate in Azure Using PowerShell - Part 1
In this post, we’ll cover how to automate the assessment and reporting of your cloud security configuration opportunities.
370x370_josh-johnson.jpg
Josh Johnson
read more
Blog
Penetration Testing and Red Teaming, Purple Team, Cloud Security
June 3, 2021
Build, Hack, and Defend Azure Identity - An Introduction to PurpleCloud Hybrid + Identity Cyber Range
PurpleCloud is a Hybrid + Identity Cyber Security Range built for Azure Cloud with automated deployment scripts.
370x370_Jason-Ostrom.jpg
Jason Ostrom
read more
  • Register to Learn
  • Courses
  • Certifications
  • Degree Programs
  • Cyber Ranges
  • Job Tools
  • Security Policy Project
  • Posters & Cheat Sheets
  • White Papers
  • Focus Areas
  • Cyber Defense
  • Cloud Security
  • Cybersecurity Leadership
  • Digital Forensics
  • Industrial Control Systems
  • Offensive Operations
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • © 2023 SANS™ Institute
  • Privacy Policy
  • Contact
  • Careers
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn