Acts as a proxy to redirect requests to a target URL (e.g., C2 server).
- Azure CLI
- Azure Functions Core Tools
- Terraform
- Python 3.11+
- Azure Subscription
-
Sign in and select your subscription:
az login az account set --subscription <subscription_id>
-
Prepare variables:
make prepare vi terraform/terraform.tfvars
-
Deploy infra and publish code:
make all
This runs: terraform init, terraform plan, terraform apply -auto-approve, publishes the function app, and prints outputs.
To destroy:
make destroyGET /api/get→ proxies toTEAMSERVER_GET_URLPOST /api/post→ proxies toTEAMSERVER_POST_URLANY /api/web→ proxies toWEB_SERVER_URLANY /api/web/{*path}→ proxies toWEB_SERVER_URL/{path}
App settings:
TEAMSERVER_GET_URLTEAMSERVER_POST_URLWEB_SERVER_URLALLOW_INSECURE_SSL("true" to disable SSL verification for/api/web; default "false")TEAMSERVER_GET_ROUTE(default:get)TEAMSERVER_POST_ROUTE(default:post)WEB_ROUTE_BASE(default:web)
- Plan: App Service Basic plan (B1). HTTPS-only, TLS 1.2+, HTTP/2.
- The proxy strips hop-by-hop headers and adds
X-Forwarded-Forwhen a valid client IP is present.
Handy targets after deploy (they use current Terraform outputs):
# Possible outbound public IPs used by the Function App
make info
# Default hostname of the Function App
make hostname
# List HTTP-triggered functions with constructed URLs
make routes
# Provision a StorageV2 account with static website enabled and print its endpoint
# Optionally pass a name: STORAGE_NAME must be globally unique
make storage-website STORAGE_NAME=mystaticweb123
make storage-website
### Pre-deployment: set route prefix
Override the `routePrefix` in `function/host.json` before publishing:
```bash
# One-off edit
make set-route-prefix ROUTE_PREFIX=myapi
# Or inline during publish
make publish ROUTE_PREFIX=myapi