Optimizing Static File Performance: Implementing Caching and Compression with Azure Front Door

Azure Front Door is a global CDN service that enables you to securely expose your web artifacts to the external world. In this short article, I will demonstrate the process of caching and compressing responses by leveraging the caching and compression features provided by Azure Front Door.

It is advisable to apply caching and compression to static files such as CSS, images, JSON files, CSV, etc., as opposed to dynamic content. Therefore, careful route planning is imperative before embarking on the implementation of caching and compression strategies.

Following is an example.

• route 1 - /api/*
• route 2 -/assets/*

Following the example mentioned above, we'll designate the /api route for dynamic API content and the /assets route for static content. Let's proceed with the implementation. Let's focus on /assets route.

Let's start by navigating to the Front Door manager and selecting the desired endpoint.

Click on "Add a route" to begin configuring the routes for your Front Door setup.

Next, specify the path of the route to match

Let's explore how to define cache and compression settings.

I prefer selecting the Use Query String option, as it allows Front Door to independently cache responses with query strings. However, there are other options available for you to choose from.

This completes the necessary steps to optimize your responses for static content.

Investigate the root cause for latency with Azure Application Insights

In this article, I will demonstrate how to pinpoint the root cause when end users experience general latency. Azure Monitor - Application Insights will be instrumental in this process.

Firstly, we need to navigate to the Performance blade of the Application Insights instance.

Following that, it's better apply filters to refine the dataset.

As we aim to identify the lowest performance, it is advisable to conduct the investigation using the 99th percentile.

There is a distinct outlier present. Let's delve deeper into the investigation by narrowing down the time range to examine specific instances of the failure.

The DELTA indicates the extent to which the selected data points differ from the rest of the transactions within the chosen timeframe.

The Insights tile lets you identify the specific method, representing the best possible cause, that contributes to the majority of the latency, as illustrated below.

Utilize the Distribution of Durations tile to narrow down and select the incidents with the least performance. Check samples for further analysis.

This analysis is very important in pinpointing the root cause of latency and facilitating the implementation of necessary corrective actions.

Simulating Azure event hubs functionality end to end with Azure Data Explorer and generate data feature

To evaluate Azure Event Hubs functionality, typically we need to develop an application for data ingestion and another for data consumption

In my previous blog post, I outlined the process of discovering ingested data in Event Hubs using Azure Data Explorer. In this article, I will demonstrate how to ingest data into Event Hubs without writing a single line of code.

Our first step is to navigate to the Event Hubs instance and access the Generate data (preview) feature.

Multiple options are provided to ingest payload either from pre-canned datasets or custom payloads based on a given schema.

Once you click on the send button, the data will be ingested to our even hub instance.

Then, you can easily discover this data in your pre-configured Azure Data Explorer. I have detailed the steps involved in configuring Azure Data Explorer in my previous blog post.

This approach allows you to explore the functionality of Event Hubs without writing any code!

Visualizing ingested events in Azure Event Hub with Azure Data Explorer

In modern cloud-based solutions, event-driven architectures are very common. Microsoft Azure facilitates event processing through Azure Event Hubs, offering essential building blocks to implement scalable solutions capable of processing large volumes of events and data with low latency and high reliability.

Debugging or testing event-based solutions can be challenging due to the nature of their architecture. It requires implementing ingesting applications and consumers to verify the functionality of event-based solutions.

In this article, I will demonstrate how to leverage Azure Data Explorer to visualize ingested data without any delay. With this solution, there is no need to create any custom solutions to view the contents of our Event Hub instance.

First, we need to create our Azure Data Explorer cluster.

Next, we will create a database in Data Explorer.

To connect Data Explorer with Event Hubs, let's enable a managed account at the Data Explorer instance.

After enabling the managed account at the Data Explorer instance, we need to assign the required permissions to the Event Hub.

Now, let's configure Data Explorer for our Event Hub. Navigate to the Event Hub and select the "Analyze data" option.

Let's link our Data Explorer instance

Now that our configuration is complete, let's ingest some data and explore it in Data Explorer.

To explore our data, navigate to Data Explorer and go to the Query section. Then, select the table and run your query to explore the ingested data.

Ensure Azure resource compliance for critical workloads with Azure Security Center Policies

Security and compliance are paramount in a zero-trust cloud environment. Azure policy is one key control Azure employs to achieve zero-trust.

Azure Security Center monitors your resources against a set of policy initiatives, defined according to the Microsoft Cloud Security Benchmark.

By default, those policy initiatives are named ASC Default.

When navigating through a specific Azure Policy initiative, you can review the current compliance status.

We need to prioritize certain critical workloads, such as safeguarding sensitive information stored in an Azure SQL instance.

To check the compliance of a specific resource, such as our Azure SQL instance, there are various methods available. However, in this article, I'll focus on how to do it directly within Azure Policy.

Within the initiative compliance screen, you can easily navigate to non-compliant resources by clicking on the "Non-compliant resources" tab.

In this section you can see all the resources those are not compliant against the Microsoft cloud security center benchmark.

You can specify the name of your resource or use filters to narrow your search.

Once you locate your resource, you can proceed to the resource compliance page to view which policies it is not compliant with.

This serves as an excellent starting point to secure your resources and enhance your cloud security posture.

Azure Monitor: How to View Alerts Triggered on a Resource in a Timeline View

Azure alerts enable you to receive notifications or take automated actions based on predefined conditions occurring within your Azure resources.

In this article, I will demonstrate a straightforward method for monitoring alerts triggered by specific alert rule(s) within a designated timeframe for a resource. This approach enables us to promptly identify any issues and correlate them with other incidents that occurred during the same period. 

Additionally, it facilitates cross-referencing with metrics such as CPU usage, memory consumption, and more, within the same time interval.

Let's pick a resource. I'll choose Azure Front Door where my alerts are configured.

Navigate to Alerts blade in Monitoring section.

Choose the "View as timeline" option, as illustrated in the diagram below.

Upon selecting that option, alerts will be displayed in a chronological timeline.

You can click on a bubble to access more detailed information.

Upon clicking on a specific incident, you will be provided with comprehensive details.

Detecting malicious requests from bots with Azure monitor and securing workloads using WAF

There are bots and botnets on the internet constantly attempting to exploit vulnerabilities in applications for their advantage. Since Azure public IP ranges are readily available, the risk of such attacks is ever-present. IP ranges are available for various reasons and it is our responsibility to safeguard our assets.

In this article I will demonstrate how to identify such attempts to gain unauthorized access to our precious applications using Azure Monitor - Application Insights. Additionally, I'll illustrate how to safeguard our resources with Azure Front Door - Web Application Firewall (WAF).

Let's explore the process of detecting malicious attempts from bots.

Navigate to Application Insights and go to the Failures tab. You will notice a substantial number of errors in the 400 category, particularly 404 errors as per the image below.

Let's identify the origin of those requests. There are several methods to achieve this. But I prefer the following approach. Navigate to Usage > Events > View More Insights.

Based on the origins of the requests, I can confirm that they are not acceptable.

Now that we have identified a risk, the next step is to safeguard our applications. If you have configured Azure WAF, the process is straightforward.

Let's navigate to  Web Application Firewall (WAF).

I have enabled only the Microsoft_DefaultRuleSet_2.1 as the set of rules in our WAF to filter requests. Unfortunately, it doesn't include any rules to filter requests from bots.

Fortunately, we can address this by adding an additional ruleset to my default rules. To add an additional ruleset, click on Managed Rules, and then click on the Assign button. In the Additional rule set option, select Microsoft_BotManagedRuleSet_1.0, as shown below.

Once it is applied, it will add another set of rules to handle bots

That concludes the necessary steps. Our application is now in good hands.