Merge pull request #290031 from MicrosoftDocs/main

11/6/2024 PM Publish

Author: Taojunshen

articles/api-management/import-soap-api.md

@@ -5,7 +5,7 @@ author: dlepow
 ms.service: azure-api-management
 ms.custom: devx-track-azurepowershell, devx-track-azurecli
 ms.topic: how-to
-ms.date: 10/26/2022
+ms.date: 11/05/2024
 ms.author: danlep
 ---
 # Import SOAP API to API Management
@@ -120,7 +120,11 @@ To define a wildcard SOAP action:
 1. In the portal, select the API you created in the previous step.
 1. In the **Design** tab, select **+ Add Operation**.
 1. Enter a **Display name** for the operation.
-1. In the URL, select `POST` and enter `/soapAction={any}` in the resource. The template parameter inside the curly brackets is arbitrary and doesn't affect the execution.
+1. In the URL, select `POST` and enter `/?soapAction={any}` in the resource. The template parameter inside the curly brackets is arbitrary and doesn't affect the execution.
+
+> [!NOTE]
+> Don't use the **OpenAPI specification** editor in the **Design** tab to modify a SOAP API.
+
 
 
 [!INCLUDE [api-management-navigate-to-instance.md](../../includes/api-management-append-apis.md)]

articles/application-gateway/hsts-http-headers-portal.md

@@ -0,0 +1,104 @@
+---
+title: Use header rewrite to add HSTS header in portal - Azure Application Gateway
+description: Learn how to use the Azure portal to configure an Azure Application Gateway with HSTS Policy
+services: application-gateway
+author: reyjordi
+ms.service: azure-application-gateway
+ms.topic: how-to
+ms.date: 11/06/2024
+ms.author: reyjordi
+ms.custom: mvc
+---
+# Add HSTS headers with Azure Application Gateway - Azure portal
+
+This article describes how to use the [Header Rewrite](./rewrite-http-headers-url.md) in [Application Gateway v2 SKU](./application-gateway-autoscaling-zone-redundant.md) to add HTTP Strict-Transport-Security (HSTS) response header to better secure traffic through Application Gateway.
+
+HSTS policy helps protect or minimize your sites against man-in-the-middle, cookie-hijacking, and protocol downgrade attacks. After a client has established the first successful HTTPS connection with your HSTS-enabled website, HSTS header ensures going forward the client can access only through HTTPS.
+
+If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+
+## Before you begin
+
+You need to have an Application Gateway v2 SKU deployment to complete the steps in this article. Rewriting headers isn't supported in the v1 SKU. If you don't have the v2 SKU, create an [Application Gateway v2 SKU](./tutorial-autoscale-ps.md) deployment before you begin.
+
+## Sign in to Azure
+
+Sign in to the [Azure portal](https://portal.azure.com/) with your Azure account.
+
+## Create required objects
+
+To configure HSTS policy, you must first complete these steps:
+
+1. Create the objects that are required for adding an HSTS header:
+
+   - **HTTP Listener**: Create a basic or multisite HTTP listener. This listener must listen on port 80, and the protocol must be set to HTTP.
+
+   - **HTTPS Listener**: Create a basic or multisite HTTPS listener. This listener must listen on port 443, have the protocol set to HTTPS, and contain a certificate.
+
+2. Create a routing rule that redirects all the traffic from the HTTP listener to the HTTPS listener.
+
+To learn more about how to set up http to https redirection, see [HTTP to HTTPS Redirection](./redirect-http-to-https-portal.md).
+
+## Configure HSTS policy
+
+In this example, we will add the Strict Transport Security (STS) response header, using the rewrite rules of application gateway.
+
+1. Select **All resources**, and then select your application gateway.
+
+2. Select **Rewrites** in the left pane.
+
+3. Select **Rewrite set**:
+
+    :::image type="content" source="./media/hsts-http-headers-portal/add-rewrite-set.png" alt-text="Screenshot that shows how to add a rewrite set." lightbox="./media/hsts-http-headers-portal/add-rewrite-set.png":::
+
+4. Provide a name for the rewrite set and associate it with a routing rule:
+
+   - Enter the name for the rewrite set in the **Name** box.
+   - Select one or more of the rules listed in the **Associated routing rules** list. You can select only rules that haven't been associated with other rewrite sets. The rules that have already been associated with other rewrite sets are dimmed.
+   - Select **Next**.
+   
+     :::image type="content" source="./media/hsts-http-headers-portal/name-and-association.png" alt-text="Screenshot that shows how to add the name and association for a rewrite set.":::
+
+5. Create a rewrite rule:
+
+   - Select **Add rewrite rule**.
+
+     :::image type="content" source="./media/hsts-http-headers-portal/add-rewrite-rule.png" alt-text="Screenshot that shows how to add a rewrite rule.":::
+
+   - Enter a name for the rewrite rule in the **Rewrite rule name** box. Enter a number in the **Rule sequence** box.
+
+     :::image type="content" source="./media/hsts-http-headers-portal/rule-name.png" alt-text="Screenshot that shows how to add a rewrite rule name.":::
+
+6. Add an action to rewrite the response header:
+
+   - In the **Rewrite type** list, select **Response Header**.
+
+   - In the **Action type** list, select **Set**.
+
+   - Under **Header name**, select **Common header**.
+
+   - In the **Common header** list, select **Strict-Transport-Security**.
+
+   - Enter the header value. In this example, we'll use `max-age=31536000; includeSubdomains; preload` as the header value. 
+
+   - Select **OK**.
+
+     :::image type="content" source="./media/hsts-http-headers-portal/action.png" alt-text="Screenshot that shows how to add an action.":::
+
+7. Select **Create** to create the rewrite set:
+
+    :::image type="content" source="./media/hsts-http-headers-portal/create-rewrite-set.png" alt-text="Screenshot that shows how to click create." lightbox="./media/hsts-http-headers-portal/create-rewrite-set.png":::
+
+## Limitations and Recommendations
+
+   - In order to maximize security, you must show HSTS policy as soon as possible when users begin an HTTPS session. In order to enforce HTTPS for a given domain, the browser only needs to observe the STS header once. Hence, it should be added to home pages and critical pages of a site. However, that is not sufficient, it is best practice to cover as much of the URL space as possible and prioritize non-cacheable content.
+
+   - In this example, the response header Strict-Transport-Security is set to `max-age=31536000; includeSubdomains; preload`. However, users can also set the header to equal `max-age=31536000; includeSubdomains`, removing the preload. Preloading helps strengthen HSTS by ensuring clients always access the site using HTTPS, even if it is their first time accessing it. You must submit your domain and subdomains to https://hstspreload.org/ in order to ensure that users will never access the site using HTTP. Although the preload list is hosted by Google, all major browsers use this list. 
+   
+   - HSTS Policy will not prevent attacks against TLS itself or attacks on the servers. 
+
+## Next steps
+
+To learn more about directives, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+
+To learn more about how to set up some common header rewrite use cases, see [common header rewrite scenarios](./rewrite-http-headers-url.md).

articles/application-gateway/media/hsts-http-headers-portal/action.png

@@ -277,6 +277,10 @@
       items:
         - name: Azure portal
           href: parameter-based-path-selection-portal.md
+    - name: HSTS Policy
+      items:
+        - name: Azure portal
+          href: hsts-http-headers-portal.md
   - name: Configure custom probes
     items:
       - name: Portal

articles/application-gateway/media/hsts-http-headers-portal/add-rewrite-rule.png

@@ -4,7 +4,7 @@ description: Learn how to instrument an Azure Batch .NET application using the A
 ms.topic: how-to
 ms.devlang: csharp
 ms.custom: devx-track-csharp, devx-track-dotnet
-ms.date: 06/13/2024
+ms.date: 11/06/2024
 ---
 
 # Monitor and debug an Azure Batch .NET application with Application Insights
@@ -15,16 +15,13 @@ This article shows how to add and configure the Application Insights library int
 
 A sample C# solution with code to accompany this article is available on [GitHub](https://github.com/Azure/azure-batch-samples/tree/master/CSharp/ArticleProjects/ApplicationInsights). This example adds Application Insights instrumentation code to the [TopNWords](https://github.com/Azure/azure-batch-samples/tree/master/CSharp/TopNWords) example. If you're not familiar with that example, try building and running TopNWords first. Doing this will help you understand a basic Batch workflow of processing a set of input blobs in parallel on multiple compute nodes.
 
-> [!TIP]
-> As an alternative, configure your Batch solution to display Application Insights data such as VM performance counters in Batch Explorer. [Batch Explorer](https://github.com/Azure/BatchExplorer) is a free, rich-featured, standalone client tool to help create, debug, and monitor Azure Batch applications. Download an [installation package](https://azure.github.io/BatchExplorer/) for Mac, Linux, or Windows. See the [batch-insights repo](https://github.com/Azure/batch-insights) for quick steps to enable Application Insights data in Batch Explorer.
-
 ## Prerequisites
 
 - [Visual Studio 2017 or later](https://www.visualstudio.com/vs)
 - [Batch account and linked storage account](batch-account-create-portal.md)
 - [Application Insights resource](/previous-versions/azure/azure-monitor/app/create-new-resource). Use the Azure portal to create an Application Insights *resource*. Select the *General* **Application type**.
 - Copy the [instrumentation key](/previous-versions/azure/azure-monitor/app/create-new-resource#copy-the-instrumentation-key) from the Azure portal. You'll need this value later.
-  
+
   > [!NOTE]
   > You may be [charged](https://azure.microsoft.com/pricing/details/application-insights/) for data stored in Application Insights. This includes the diagnostic and monitoring data discussed in this article.
 
@@ -186,7 +183,7 @@ private static readonly List<string> AIFilesToUpload = new List<string>()
     "Microsoft.AI.PerfCounterCollector.dll",
     "Microsoft.AI.ServerTelemetryChannel.dll",
     "Microsoft.AI.WindowsServer.dll",
-    
+
     // custom telemetry initializer assemblies
     "Microsoft.Azure.Batch.Samples.TelemetryInitializer.dll",
  };
@@ -230,7 +227,7 @@ for (int i = 1; i <= topNWordsConfiguration.NumberOfTasks; i++)
         accountSettings.StorageAccountName,
         accountSettings.StorageAccountKey));
 
-    //This is the list of files to stage to a container -- for each job, one container is created and 
+    //This is the list of files to stage to a container -- for each job, one container is created and
     //files all resolve to Azure Blobs by their name (so two tasks with the same named file will create just 1 blob in
     //the container).
     task.FilesToStage = new List<IFileStagingProvider>
@@ -242,7 +239,7 @@ for (int i = 1; i <= topNWordsConfiguration.NumberOfTasks; i++)
     foreach (FileToStage stagedFile in aiStagedFiles)
    {
         task.FilesToStage.Add(stagedFile);
-   }    
+   }
     task.RunElevated = false;
     tasksToRun.Add(task);
 }
@@ -260,7 +257,7 @@ To view trace logs in your Applications Insights resource, click **Live Stream**
 
 ### View trace logs
 
-To view trace logs in your Applications Insights resource, click **Search**. This view shows a list of diagnostic data captured by Application Insights including traces, events, and exceptions. 
+To view trace logs in your Applications Insights resource, click **Search**. This view shows a list of diagnostic data captured by Application Insights including traces, events, and exceptions.
 
 The following screenshot shows how a single trace for a task is logged and later queried for debugging purposes.
 
@@ -292,7 +289,7 @@ To create a sample chart:
 ## Monitor compute nodes continuously
 
 You may have noticed that all metrics, including performance counters, are only logged when the tasks are running. This behavior is useful because it limits the amount of
-data that Application Insights logs. However, there are cases when you would always like to monitor the compute nodes. For example, they might be running background work which is not scheduled via the Batch service. In this case, set up a monitoring process to run for the life of the compute node. 
+data that Application Insights logs. However, there are cases when you would always like to monitor the compute nodes. For example, they might be running background work which is not scheduled via the Batch service. In this case, set up a monitoring process to run for the life of the compute node.
 
 One way to achieve this behavior is to spawn a process that loads the Application Insights library and runs in the background. In the example, the start task loads the binaries on the machine and keeps a process running indefinitely. Configure the Application Insights configuration file for this process to emit additional data you're interested in, such as performance counters.