Enabling AAP for Azure App Services
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Compatibility
Only web applications are supported. Azure Functions are not supported.
Note: Threat Protection through Remote Configuration is not supported. Use Workflows to block IPs in your WAF.
| Type | OS | Threat Detection |
|---|
| Java | Windows, Linux | |
| .NET | Windows, Linux | |
| Node | Linux | |
| Python | Linux | |
| Ruby | Linux | |
| PHP | Linux | |
Setup
Set application settings
To enable AAP on your application, begin by adding the following key-value pairs under Application Settings in your Azure configuration settings.
DD_API_KEY is your Datadog API key.DD_CUSTOM_METRICS_ENABLED (optional) enables custom metrics.DD_SITE is the Datadog site parameter. Your site is datadoghq.com.DD_SERVICE is the service name used for this program. Defaults to the name field value in package.json.DD_START_APP is the command used to start your application. For example, node ./bin/www (unnecessary for applications running in Tomcat).DD_APPSEC_ENABLED value should be 1 in order to enable App and API Protection
Identifying your startup command
Linux Azure App Service Web Apps built using the code deployment option on built-in runtimes depend on a startup command that varies by language. The default values are outlined in Azure’s documentation. Examples are included below.
Set these values in the DD_START_APP environment variable. Examples below are for an application named datadog-demo, where relevant.
| Runtime | DD_START_APP Example Value | Description |
|---|
| Node.js | node ./bin/www | Runs the Node PM2 configuration file, or your script file. |
| .NET Core | dotnet datadog-demo.dll | Runs a .dll file that uses your Web App name by default.
Note: The .dll file name in the command should match the file name of your .dll file. In certain cases, this might not match your Web App. |
| PHP | cp /home/site/wwwroot/default /etc/nginx/sites-available/default && service nginx reload | Copies script to correct location and starts application. |
| Python | gunicorn --bind=0.0.0.0 --timeout 600 quickstartproject.wsgi | Custom startup script. This example shows a Gunicorn command for starting a Django app. |
| Java | java -jar /home/site/wwwroot/datadog-demo.jar | The command to start your app. This is not required for applications running in Tomcat. |
Note: The application restarts when new settings are saved.
Set General Settings
Go to General settings and add the following to the Startup Command field:
curl -s https://raw.githubusercontent.com/DataDog/datadog-aas-linux/v1.4.0/datadog_wrapper | bash
Download the datadog_wrapper file from the releases and upload it to your application with the Azure CLI command:
az webapp deploy --resource-group <group-name> --name <app-name> --src-path <path-to-datadog-wrapper> --type=startup
Testing threat detection
To see App and API Protection threat detection in action, send known attack patterns to your application. For example, send a request with the user agent header set to dd-test-scanner-log to trigger a security scanner attack attempt:
curl -A 'dd-test-scanner-log' https://your-function-url/existing-route
A few minutes after you enable your application and exercise it, threat information appears in the Application Signals Explorer.
Further reading
Documentation, liens et articles supplémentaires utiles:
