After delivering our application, our client conducted a penetration test that flagged an issue labeled as critical:
The Application seems to use an architecture where the user's browser communicates to both the frontend server (for static content) and the backend server (for data).
To clarify, we have a frontend and backend hosted in two separate Azure App Services. When the user interacts with the frontend, a request is made from the client's IP address to the backend to fetch dynamic data.
As a potential solution, we’re considering adding a proxy between the frontend and backend to restrict direct access to the backend. However, I'm not sure how using a proxy would solve the issue. My understanding is that this would just add another layer, meaning the user still sends the request to the proxy, which then forwards it to the backend.
Can someone clarify how placing a proxy between the frontend and backend would improve security and address the penetration test concern?
As a potential solution, we’re considering adding a proxy between the frontend and backend to restrict direct access to the backend. However, I'm not sure how using a proxy would solve the issue. My understanding is that this would just add another layer, meaning the user still sends the request to the proxy, which then forwards it to the backend.
In general, a proxy like Azure Front Door, for example defines a single entry point to the underlying app services. It also mean you can put your security effort on that single point of entry so any existing or future service is protected. Of course this is only applicable if the app services are only accessible through the proxy, which can be configured.
Some things a proxy can offer:
The proxy could also strip or rewrite headers that expose possible information about the backend services.
Some guidance regarding security for azure proxies can be found here for Azure Application Gateway and Azure Front Door
PS.: You should also ask this question to the party that performed the penetration test.