Merge pull request #309646 from MicrosoftDocs/main

Auto Publish – main to live - 2025-12-16 23:00 UTC

Author: Taojunshen

articles/api-management/api-management-howto-api-inspector.md

@@ -173,8 +173,10 @@ To help automate these steps with the [Visual Studio Code REST Client](https://m
 @apiEndPoint = // API URL
 @requestBody = // Data to send
 @tenantId = // Tenant ID
- 
-POST https://login.microsoftonline.com/{tenantId}/oauth2/token
+@apiId = // Api Id for which trace log is to be generated.
+
+# @name login 
+POST https://login.microsoftonline.com/{{tenantId}}/oauth2/token
 content-type: application/x-www-form-urlencoded
  
 grant_type=client_credentials&client_id={{clientId}}&client_secret={{clientSecret}}&resource=https%3A%2F%2Fmanagement.azure.com%2F
@@ -185,6 +187,7 @@ grant_type=client_credentials&client_id={{clientId}}&client_secret={{clientSecre
 # @name listDebugCredentials
 POST https://management.azure.com/subscriptions/{{subscriptionId}}/resourceGroups/{{resourceGroup}}/providers/Microsoft.ApiManagement/service/{{apimName}}/gateways/managed/listDebugCredentials?api-version=2023-05-01-preview
 Authorization: Bearer {{authToken}}
+
 Content-Type: application/json
 {
     "credentialsExpireAfter": "PT1H",
@@ -197,7 +200,13 @@ Content-Type: application/json
  
 ###
 # @name callApi
-curl -k -H "Apim-Debug-Authorization: {{debugToken}}" -H 'Host: {{externalHost}}' -H 'Ocp-Apim-Subscription-Key: {{subscriptionKey}}' -H 'Content-Type: application/json' '{{apiEndPoint}}' -d '{{requestBody}}'
+POST {{apiEndPoint}} HTTP/1.1
+Host: {{externalHost}}
+Apim-Debug-Authorization: {{debugToken}}
+Ocp-Apim-Subscription-Key: {{subscriptionKey}}
+Content-Type: application/json
+
+{{requestBody}}
  
 ###
 @traceId = {{callApi.response.headers.Apim-Trace-Id}}

articles/app-service/media/app-service-migrate-wordpress/wordpress-database-application-settings.png

@@ -1,8 +1,8 @@
 ---
 title: Prevent Subdomain Takeovers
-description: Describes options for dangling subdomain prevention on Azure App Service.
+description: Learn how to prevent dangling subdomain takeovers to reduce the threat of malicious activity.
 ms.topic: concept-article
-ms.date: 10/14/2022
+ms.date: 12/02/2025
 ms.update-cycle: 1095-days
 ms.author: msangapu
 ms.custom: UpdateFrequency3
@@ -13,35 +13,35 @@ ms.service: azure-app-service
 
 ---
 
-# Mitigating subdomain takeovers in Azure App Service
+# Prevent subdomain takeovers in Azure App Service
 
-Subdomain takeovers are a common threat for organizations that regularly create and delete many resources. A subdomain takeover can occur when you have a DNS record that points to a deprovisioned Azure resource. Such DNS records are also known as "dangling DNS" entries. Subdomain takeovers enable malicious actors to redirect traffic intended for an organization’s domain to a site performing malicious activity.
+Subdomain takeovers are a common threat for organizations that regularly create and delete many resources. A subdomain takeover can occur when you have a DNS record that points to a deprovisioned Azure resource. Such DNS records are also known as "dangling DNS" entries. Subdomain takeovers allow malicious actors to redirect traffic intended for an organization’s domain to a site performing malicious activity.
 
 The risks of subdomain takeover include:
 
 - Loss of control over the content of the subdomain
 - Cookie harvesting from unsuspecting visitors
 - Phishing campaigns
-- Further risks of classic attacks such as XSS, CSRF, CORS bypass
+- Further risks of classic attacks such as XSS, CSRF, or CORS bypass
 
-Learn more about Subdomain Takeover at [Dangling DNS and subdomain takeover](../security/fundamentals/subdomain-takeover.md).
+To learn more about subdomain takeover, see [Prevent dangling DNS entries and avoid subdomain takeover](../security/fundamentals/subdomain-takeover.md).
 
-Azure App Service provides [Name Reservation Service](#how-app-service-prevents-subdomain-takeovers) and [domain verification tokens](#how-you-can-prevent-subdomain-takeovers) to prevent subdomain takeovers.
+Azure App Service provides [name reservation](#how-app-service-prevents-subdomain-takeovers) and [domain verification tokens](#how-you-can-prevent-subdomain-takeovers) to prevent subdomain takeovers.
 
 ## How App Service prevents subdomain takeovers
 
-Upon deletion of an App Service app or App Service Environment (ASE), immediate reuse of the corresponding DNS is forbidden except for subscriptions belonging to the tenant of the subscription that originally owned the DNS. Thus, the customer is afforded some time to either clean-up any associations/pointers to the said DNS or reclaim the DNS in Azure by recreating the resource with the same name. This behavior is enabled by default on Azure App Service for "\*.azurewebsites.net" and "\*.appserviceenvironment.net" resources, so it doesn't require any customer configuration.
+Upon deletion of an App Service app or App Service Environment (ASE), the corresponding DNS is forbidden from reuse except by subscriptions that belong to the tenant of the subscription that originally owned the DNS. Thus, the customer has some time to either clean up any associations or pointers to the said DNS or reclaim the DNS in Azure by recreating the resource with the same name. This behavior is enabled by default on Azure App Service for `*.azurewebsites.net` and `*.appserviceenvironment.net` resources, so it doesn't require any customer configuration.
 
-#### Example scenario
+### Example scenario
 
-Subscription 'A' and subscription 'B' are the only subscriptions belonging to tenant 'AB'. Subscription 'A' contains an App Service web app 'test' with DNS name 'test'.azurewebsites.net'. Upon deletion of the app, only subscription 'A' or subscription 'B' will be able to immediately reuse the DNS name 'test.azurewebsites.net' by creating a web app named 'test'. No other subscriptions will be allowed to claim the name right after the resource deletion.
+Subscription *A* and subscription *B* are the only subscriptions that belong to tenant *AB*. Subscription *A* contains an App Service web app *test* with DNS name `test.azurewebsites.net`. Upon deletion of the app, only subscriptions *A* or *B* are able to immediately reuse the DNS name `test.azurewebsites.net` by creating a web app named *test*. No other subscriptions are allowed to claim the name right after the resource deletion.
 
 ## How you can prevent subdomain takeovers
 
-When creating DNS entries for Azure App Service, create an asuid.{subdomain} TXT record with the Domain Verification ID. When such a TXT record exists, no other Azure Subscription can validate the Custom Domain or take it over unless they add their token verification ID to the DNS entries.
+When creating DNS entries for Azure App Service, create an *asuid.{subdomain}* TXT record with the domain verification ID. When such a TXT record exists, no other Azure subscription can validate the custom domain or take it over unless they add their token verification ID to the DNS entries.
 
 These records prevent the creation of another App Service app using the same name from your CNAME entry. Without the ability to prove ownership of the domain name, threat actors can't receive traffic or control the content.
 
 DNS records should be updated before the site deletion to ensure bad actors can't take over the domain between the period of deletion and re-creation.
 
-To get a domain verification ID, see the [Map a custom domain tutorial](app-service-web-tutorial-custom-domain.md)
+To get a domain verification ID, see [Set up an existing custom domain in Azure App Service](app-service-web-tutorial-custom-domain.md).