I am trying to configure Azure Application Gateway with ADFS. The Backend pool points to ADFS Web Application Proxy. The backend health check is reporting as unhealthy.
I am getting an a error: received invalid status code 404 in the backend servers http response
Everything appears to be configured correctly and I can access the site when bypassing the App Gateway
This was resolved by re-configuring the health probe
In my case with the App Service as a backend pool, I had to create a custom Health probe(http-probe for ex.) to be used in the HTTP setting(http for ex.), where the HTTP setting(http for ex.) is the one configured in the Request Routing Rule.
Related
I face the issue that azure application gateway will show error 502 instead of forwarding the correct error message with HTTP code 500 from the underlying service.
Is that something one could configure? I don't want the application gateway to filter my error messages?
#thomasuebi, by default Azure application gateway sends out periodic probes to backend servers to check their health status. If any backend server does not respond successfully Azure application gateway marks it as unhealthy. When a client request is received for such "unhealthy" backend servers the application gateway does not forward the request to "unhealthy" backend servers and returns a "502 Bad Gateway" error to the requesting client. You can go through this documentation for additional details.
You can also go through this document to set custom error pages instead of 502 bad gateway page.
I am using a V1 WAF application gateway (dynamic IP) in front of a web app.
When i configure the web app access restrictions to Allow the application gateway i received a when i tryu to access the web app url (expected behavior). However, i also received a 403 when accessing throught the app gateway url (not expected !). i have try a rule to allow the app gateway ip and also a rule allowing the app gateway vnet (service endpoint) with both same result. Any idea why its not working ? Thx!
I suggest you to know about this topic. you are probably getting a VPC error.
https://azure.microsoft.com/en-us/services/virtual-network/#overview
In my ASP.Net Core application, I am using the OpenId Connect authentication scheme with the Azure AD.
The application is hosted on to Azure app service and it is running behind the application gateway of the Azure.
I have configured Application gateway's and app service URL in the Azure AD's reply URL configurations where I registered my application.
When I hit the application gateway's URL it redirects me for the authentication, then I log in using Azure AD Microsft credentials then after successful login it redirects me to Application gateway URL, then I get 500 internal server error, when I check the response header I can see that SetCookie header's domain is the App service URL which is running behind the application gateway and it shows me warning as "This Set-Cookie was blocked because its Domain attribute is invalid with regards to the current host URL"
Any idea how to resolve this issue
Many thanks
I have the following setup on Azure
Public internet <--> Application gateway <--> App service
I now have a weird issue where the very first request that hits the Application gateway returns "502 - Web server received an invalid response while acting as a gateway or proxy server.". And then if I try the same url again by refreshing the page, the page loads fine.
I had a look at the application logs in my app service but coudln't find anything that would cause the app gateway to return 502. So now I need to know what exactly the gateway is sending to the app service, and what exact response the gateway is getting from the app service that would cause only the first request to fail.
How would i view the http requests that were transmitted between the gateway and app service?
The following article details how to enable web server logging on an Azure App Service which will log raw HTTP request data in the W3C extended log format:
https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs
I followed the docs here https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-create-multisite-portal but still getting the error :
Azure Application Gateway error 502 - Web server received an invalid response while acting as a gateway or proxy server. There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, i
Any help?
About the 502 errors after configuring the application gateway, The main reasons are as follows.
NSG, UDR or Custom DNS is blocking access to backend pool members.
Back-end VMs or instances of virtual machine scale set are not responding to the default health probe.
Invalid or improper configuration of custom health probes.
Azure Application Gateway's back-end pool is not configured or empty.
None of the VMs or instances in virtual machine scale set are healthy.
Request time-out or connectivity issues with user requests.
References: Troubleshooting bad gateway errors in Application Gateway
Just a reminder, after you changing health probe, please check if you select the use custom probe.
Issue: Receiving 502 when you have Web App as the backend pool.
This is how the default probe from Application gateway looks like http/htpps://127.0.0.1:port/
But Web App doesn't respond to localhost, so Application gateway will be receiving 404 for the request sent and it will mark that Web Application unhealthy.
In your scenario, you need to create 3 backend pool where you add one web App in each pool. Then create HTTP setting and enable "Use App Service" check box.
How to enable Use App Service
Then create 3 separate rules to achieve your scenario.
Listener1(test.mydomain.com) ---> HTTP Settings (enable Use App Service) --> Backend Pool(test.mydomain.com)
Listener2(staging.mydomain.com) ---> HTTP Settings (enable Use App Service) --> Backend Pool (staging.mydomain.com )
Listener3(prod.mydomain.com) ---> HTTP Settings (enable Use App Service) --> Backend Pool (prod.mydomain.com)