Links

Microsoft Cdn

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes

Payload Inspection

Microsoft.Cdn/CdnWebApplicationFirewallPolicies

Name
Terraform
Custom Rules
Terraform
Custom Rules-Rules
Terraform
Rules-Action
Terraform
Rules-Enabled State
Terraform
Rules-Match Conditions
Terraform
Match Conditions-Match Value
Terraform
Match Conditions-Match Variable
Terraform
Match Conditions-Operator
Terraform
Match Conditions-Selector
Terraform
Rules-Name
Terraform
Managed Rules
Terraform
Managed Rules-Managed Rule Sets
Terraform
Rules-Action
Terraform
Rules-Enabled State
Terraform
Rules-Rule Id
Terraform
Managed Rule Sets-Rule Set Type
Terraform
Managed Rule Sets-Rule Set Version
Terraform
Policy Settings
Terraform
Policy Settings-Enabled State
Terraform
Policy Settings-Mode
Terraform

Input Validation

Microsoft.Cdn/CdnWebApplicationFirewallPolicies

Match Conditions-Transforms
Terraform

Microsoft.Cdn/profiles/endpoints

Parameters-Custom Query String
Terraform
Parameters-Transforms
Terraform
Health Probe Settings-Probe Request Type
Terraform
Query String Caching Behavior
Terraform

Microsoft.Cdn/profiles/endpoints/originGroups

Health Probe Settings-Probe Request Type

Redirect To TLS

Design Guidance:

Microsoft.Cdn/CdnWebApplicationFirewallPolicies

Policy Settings-Default Redirect Url
Terraform

Microsoft.Cdn/profiles/endpoints

Parameters-Redirect Type
Terraform

Transaction Rate-limiting

Design Guidance:

Microsoft.Cdn/CdnWebApplicationFirewallPolicies

Rate Limit Rules
Terraform
Rules-Action
Terraform
Rules-Enabled State
Terraform
Rules-Match Conditions
Terraform
Match Conditions-Match Value
Terraform
Match Conditions-Match Variable
Terraform
Match Conditions-Negate Condition
Terraform
Match Conditions-Operator
Terraform
Match Conditions-Transforms
Terraform
Rules-Priority
Terraform
Rules-Rate Limit Duration In Minutes
Terraform
Rules-Rate Limit Threshold
Terraform

Microsoft.Cdn/profiles/endpoints

Health Probe Settings-Probe Interval In Seconds
Terraform

Microsoft.Cdn/profiles/endpoints/originGroups

Health Probe Settings-Probe Interval In Seconds

Asset Inventory

Design Guidance:

Microsoft.Cdn/CdnWebApplicationFirewallPolicies

Microsoft.Cdn/profiles

Name
Terraform
Tags-Additional Properties
Terraform

Microsoft.Cdn/profiles/endpoints

Name
Terraform
Rules-Name
Terraform
Origin Groups-Name
Terraform
Origins-Name
Terraform
Origins-Host Name
Terraform
Tags-Additional Properties
Terraform

Microsoft.Cdn/profiles/endpoints/customDomains

Microsoft.Cdn/profiles/endpoints/originGroups

Microsoft.Cdn/profiles/endpoints/origins


Identification and Authentication

Microsoft.Cdn/profiles/endpoints

Default Origin Group-Id
Terraform
Origins-Id
Terraform

Microsoft.Cdn/profiles/endpoints/originGroups

Origins-Id

TLS

Design Guidance:

Microsoft.Cdn/profiles/endpoints

Parameters-Destination Protocol
Terraform

Subnet Isolation

Microsoft.Cdn/profiles/endpoints

Parameters-Ip Subnets
Terraform

Protect Cryptographic Keys

Microsoft.Cdn/profiles/endpoints

Parameters-Key Id
Terraform
Url Signing Keys-Key Id
Terraform
@odata-Type
Terraform
Key Source Parameters-Resource Group Name
Terraform
Key Source Parameters-Secret Name
Terraform
Key Source Parameters-Secret Version
Terraform
Key Source Parameters-Subscription Id
Terraform
Key Source Parameters-Vault Name
Terraform

Secure Response Headers

Design Guidance:

Microsoft.Cdn/profiles/endpoints

Parameters-Header Action
Terraform
Parameters-Header Name
Terraform
Origin Host Header
Terraform
Origins-Origin Host Header
Terraform
HTTP Error Ranges-Begin
Terraform
HTTP Error Ranges-End
Terraform

Microsoft.Cdn/profiles/endpoints/originGroups

HTTP Error Ranges-Begin
HTTP Error Ranges-End

Microsoft.Cdn/profiles/endpoints/origins

Origin Host Header

Hardening

Microsoft.Cdn/profiles/endpoints

Parameters-Cache Behavior
Terraform

Cache Management

Design Guidance:

Microsoft.Cdn/profiles/endpoints

Parameters-Cache Duration
Terraform

Load Balancing

Microsoft.Cdn/profiles/endpoints

Origins-Enabled
Terraform

Microsoft.Cdn/profiles/endpoints/origins


Firewalls

Design Guidance:

Microsoft.Cdn/profiles/endpoints

Web Application Firewall Policy Link-Id
Terraform

Fault-Tolerance

Microsoft.Cdn/profiles/endpoints

Response Based Origin Error Detection Settings-Response Based Failover Threshold Percentage
Terraform

Deny-all Communications and Only Allow-by-Exception

Microsoft.Cdn/profiles/endpoints

Origins-HTTP Port
Terraform
Origins-HTTPS Port
Terraform

Microsoft.Cdn/profiles/endpoints/origins

HTTP Port
HTTPS Port

Design for High Availability

Microsoft.Cdn/profiles/endpoints/originGroups

Response Based Origin Error Detection Settings-Response Based Failover Threshold Percentage

Network Access Points Enforcing Network Access

Microsoft.Cdn/profiles/endpoints/origins

Private Link Alias
Private Link Approval Message
Private Link Location
Private Link Resource Id