We are trying to get Azure app proxy to work and are running into CORS issues. We are using custom domains with split brain deployment.
I have read through: Azure Application Proxy CORs
and am currently on step 4 to just rewrite cors to work with out the wildcard below
var cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(cors);
Our web application has a frontend server hosted on IIS: https://frontend.company.com with the internal and external urls mapped to be the same urls as behind our company firewall.
We also have a backend server located on premises hosted on IIS and located at https://backend.company.com
We have set up two applications in app proxy to point to the respective servers where the internal and external match the urls we are using internally to the company.
I have tried var cors = new EnableCorsAttribute("https://backend.company.com", "*", "*")
and still get the cors issue. One thing I noticed is We are not getting the Response headers when going through Azure Proxy. Here is a picture of what it looks like internally and you can see access-control-allow-origin is set to *
The end goal is to be able to access this application externally. I can get the frontend to pull up html fine, and I can go directly to the swagger pages on the backend side just fine, but the two cannot communicate cross origin.
Below is what we see when accessing externally through app proxy:
We have tried to set web.config values, and remove values with pretty much every stack overflow article we can find.
Question is Does Azure or Azure App Proxy have any settings around allowing Access-Control-Allow-Origin settings to flow through? I dont have access to App Proxy, and am having to work with our cloud team to try different things. We have tried every combination of the Translate URLS mentioned here https://stackoverflow.com/a/60560675/1879992
Below is what we see externally and has the request headers missing
We have also read the official document and whitelisted our urls with the same response.
If I disable the chrome setting related to CORs the app comes up fine.
Related
We have a web app in Azure sitting behind a V2WAF Application Gateway. This is all private so the WAF uses a private frontend IP address and a certificate generated with openssl. The backend uses the azurewebsites.net domain so the backend app doesn't have any custom domains and therefore certificates assigned.
The WAF is configured with rewrite rules as per microsoft docs.
If
http header
response header
common header location
= pattern (https?)://.azurewebsites.net(.)$
then
response header
set common header location
Header value {http_resp_Location_1}://portal.uat.xxxxxxx.internal{http_resp_Location_2}
The result from this is a 404 not found.
I found this on github which seems to match the issue
https://github.com/AzureAD/microsoft-identity-web/issues/1199
Has anybody come across this and found a fix I can apply to the WAF?
The domain being used for the WAF frontend is.internal and can't be added as a custom domain into the webapp, not my choice but the person telling me this config works has said it's worked before.
Thanks
I've tried various things, but nothing has worked so far. I'm not a developer so need to be able to get this working just using the App Gateway.
I think I need a custom domain that can be verified and a matching SSL cert on the app service but the "architect" is telling me this works. I can't figure out a way of doing it.
CORS says that:
A web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, and port) than its own origin.
That been said, look at this scenario. I have two apps deployed on the azure.
https://myApp.azurewebsites.net .NET FW app that has a Angular client.
https://myMicroservice.azurewebsites.net .NET CORE API.
Since both apps are in the same site (origin) azurewebsites does that mean that I don't need to configure CORS?
Note: I already have configured CORS on the .NET CORE app to allow the https://myApp.azurewebsites.net origin.
Here, the same origin means that xxx.azurewebsites.net should be the same one(as well as xxx).
So in your case, you need to enable CORS. Otherwise, the access is not allowed.
I'm trying to setup empty azure web app to be reverse proxy following exact same steps as described here: https://tomssl.com/2015/06/15/create-your-own-free-reverse-proxy-with-azure-web-apps/. First of all it seems that allowedservervariables can not be transformed, it is set to deny in application.config file. When i remove them i just get 404 not found when i try to access my webapp (HTTP Error 404.4 - Not Found
The resource you are looking for does not have a handler associated with it.).
Anyone have some suggestions?
Cheers
You should try Azure Function Proxies instead
https://markheath.net/post/azure-functions-v2-proxies
A developer can create an Azure Function Proxy within the same UI as a Function App. Within the configuration, a developer will be asked to provide a Route template, identify which HTTP methods are allowed and provide a Backend URL where the HTTP request will be routed to. Backend URLs do not need to be static as you can dynamically set the URL based on content within the request or from your application settings.
I have two web apps setup in Azure, and for simplicity let's call them webapp1 and webapp2. They sit behind an application gateway, which is selecting the correct web app based on the subdirectory in the URL.
Here's a basic example of how I've set it up:
www.mydomain.com -> webapp1 (the default route)
www.mydomain.com/app -> webapp2
This is working fine, except for one problem: if webapp2 redirects to the login page, for example, the domain in the URL changes to the azurewebsites.net domain. Instead of redirecting to www.mydomain.com/login, it's going to webapp2.azurewebsites.net/login.
I'm fairly new to Azure application gateway, but I know it injects the x-forwarded-* and x-original-host headers. I assumed the gateway would either alter the redirected url request to correct the domain or the config on the web app would use the x-original-host instead. Neither of these things are happening.
Is there a way to configure either the web app or the gateway to make sure the host name doesn't change on redirects? Would this scenario work better with a separate web app/VM with a classic IIS reverse proxy setup instead of the application gateway?
Currently Application Gateway would not overwrite the response from the backend. We do inject X-Original-Host and your application should use that to write the redirect URL correctly back to mydomain.
Example to configure URL rewrite on web app can be found here. An example of rewriting default *.azurewebsites.net domain to a custom domain can be found here
I'm configuring Azure Application Gateway Url based routing for my two back-end pools and it is not working.
My default routing configuration is pointing to b1 end point and it is reachable by blabla.cloudapp.azure.com
When I add additional route path /b1/* I cannot access my back-end pool via blabla.cloudapp.azure.com/b1/. I get 404 page not found response.
Can anyone please help me to understand what is wrong with my configuration?
Azure Application Gateway URL Based routing will route different requests to different groups of servers (backend pools) based upon the URL of the request. Once the request is sent to a VM, it is received and treated like a normal web request. If the URL you are accessing is a Valid web URL for the web server that is receiving the request, then it will return a proper response.
The fact that you are getting a 404 error means that your web servers are receiving the request, but not finding anything at the requested location. One way you can troubleshoot this is to log onto the VM that should be receiving the request and trying the request in a browser replacing blabla.cloudapp.azure.com/with localhost/.
In the example you posted, you would need a folder from within your web directory called "b1" for the URL you specified to be a valid request.
You can use a Path-Based Rule to specify the default backend pool, as well as specific URL paths that should be sent to other backend pools. Here is an example of how to configure a Azure Application Gateway with URL based routing in the Portal.