Azure App Service applicationHost.xdt appears to have no effect - azure

I'm trying to get a reverse proxy set up by using Azure Websites, roughly following this guide that explains how to modify ApplicationHost.config on such a website - but it doesn't work for me.
I've have this applicationHost.xdt:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_ORIGINAL_HOST" xdt:Transform="InsertIfMissing" />
<add name="HTTP_X_UNPROXIED_URL" xdt:Transform="InsertIfMissing" />
<add name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" />
<add name="HTTP_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
I put it in the site directory of my web app.
The transforms appear to get executed (from the transform log):
2017-09-06T12:12:20 StartSection Executing InsertIfMissing (transform line 8, 50)
2017-09-06T12:12:20 on /configuration/system.webServer/rewrite/allowedServerVariables/add
2017-09-06T12:12:20 Applying to 'allowedServerVariables' element (no source line info)
2017-09-06T12:12:20 EndSection Done executing InsertIfMissing
I have indeed four of those blocks.
I still get 500s on setting the headers with rewrite. The detailed error message contains this:
<h3>HTTP Error 500.50 - URL Rewrite Module Error.</h3>
<h4>The server variable "HTTP_X_UNPROXIED_URL" is not allowed to be set. Add the server variable name to the allowed server variable list.</h4>
Not sure what to do at this point. Any ideas?

I faced the same issue with the TomSSL article, #David Ebbo's comment ultimately got me to the answer, but felt it was worth adding this to save people some time. It's because applicationHost.config is missing xdt:Locator="Match(name)":
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false"/>
<rewrite xdt:Transform="InsertIfMissing">
<allowedServerVariables xdt:Transform="InsertIfMissing">
<add name="HTTP_X_ORIGINAL_HOST" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
<add name="HTTP_X_UNPROXIED_URL" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
<add name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
<add name="HTTP_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>

The key to investigating these issues is to determine whether the problem is with the transform not doing the right thing, or with the applicationhost.config not working as you expect.
You can check the generated applicationhost.config in D:\local\Config from Kudu console.
See this page for more details about this.

Related

DNN UrlRewrite ("DotNetNuke.HttpModules.UrlRewriteModule, DotNetNuke.HttpModules") does not run custom rewrite rule on web.config

On our DNN site hosted in an Azure app service, we have the following custom rule set on our web.config:
<rewrite>
<rules>
<rule name="Proxy" stopProcessing="true">
<match url="^base3/?(.*)" />
<action type="Rewrite" url="https://(a website hosted in aws s3)/tx/{R:1}" />
<serverVariables>
<set name="HTTP_ACCEPT_ENCODING" value="" />
<set name="HTTP_X_ORIGINAL_HOST" value="{HTTP_HOST}" />
<set name="HTTP_X_Blog" value="1" />
</serverVariables>
</rule>
</rules>
We have also setup the following in our applicationHost.xdt
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_ORIGINAL_HOST" xdt:Transform="Insert" xdt:Locator="Match(name)"/>
<add name="HTTP_X_UNPROXIED_URL" xdt:Transform="Insert" xdt:Locator="Match(name)"/>
<add name="HTTP_ACCEPT_ENCODING" xdt:Transform="Insert" xdt:Locator="Match(name)"/>
<add name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" xdt:Transform="Insert" xdt:Locator="Match(name)"/>
<add name="HTTP_X_Mischief" xdt:Transform="Insert" xdt:Locator="Match(name)"/>
<add name="HTTP_X_Blog" xdt:Transform="Insert" xdt:Locator="Match(name)"/>
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
However, when trying to navigate to it (https://(our azure webapp.com)/base3/index.html) we constantly get the error The resource you are looking for has been removed, had its name changed, or is temporarily unavailable. which is confusing because this was the rewrite rule we have used on our other sites.
We even tried the same approach on a fresh app service and the rewrite rule above works just fine..
Trying to figure out what's wrong through heuristic analysis, on our web.config the rewrite rule now works if:
under <system.webServer>
<modules runAllManagedModulesForAllRequests="true">
then commenting <add name="UrlRewrite" type="DotNetNuke.HttpModules.UrlRewriteModule, DotNetNuke.HttpModules" preCondition="managedHandler" />
However, the main site breaks now..
How do we implement a rewrite rule that works properly with DotNetNuke.HttpModules.UrlRewriteModule, DotNetNuke.HttpModules??
UPDATE
<configSections>
<section name="RewriterConfig" type="URLRewriter.Config.RewriterConfigSerializerSectionHandler,URLRewriter" />
</configSections>
......
<RewriterConfig>
<Rules>
<RewriterRule>
<LookFor>^default/([0-9]+)/([_0-9a-z-]+)</LookFor>
<SendTo>11.aspx?id={R:1}</SendTo>
</RewriterRule>
</Rules>
</RewriterConfig>
PRIVIOUS
About the function of url rewrite, the reason is the Web Server integrated by App Service cannot have full control. You can refer my answer in another post .
You can use the Application Gateway to implement the url rewriting function.

Remove Server header on response on 500 HTTP Error

I have a REST API service deployed as an Azure App Service and i been trying to remove the Server header from response.
I tried adding a custom outgoing rule to Rewrite module.
In web.config i have
<rewrite>
<outboundRules>
<rule name="Change Server Header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="My Server" />
</rule>
</outboundRules>
</rewrite>
I also applied a applicationHost.xdt transformation to applicationHost.config in order to add the RESPONSE_Server variable
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<configSections>
<sectionGroup name="system.webServer" xdt:Locator="Match(name)">
<sectionGroup name="rewrite" xdt:Locator="Match(name)">
<section name="allowedServerVariables" overrideModeDefault="Allow" xdt:Locator="Match(name)" xdt:Transform="SetAttributes(overrideModeDefault)" />
</sectionGroup>
</sectionGroup>
</configSections>
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="RESPONSE_Server" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
But i still see the Server response http header on a request like following which returns a 500 HTTP status code
https://api.internaltest.com/%3a/
The rewrite rule works in local IIS it removes the http header successfully... but not when doing it in Azure App Service.
Please tell me what i'm missing.
I mention that i have removeServerHeader="true" in web.config also but it only removes the server header on 404 bad request, not on 500 status code.
<security>
<requestFiltering removeServerHeader="true">
<requestLimits maxAllowedContentLength="2147483647" />
</requestFiltering>
</security>
Hope anyone can help me,
Thank you
I manged to make it work by adding the outbound rule in xdt file and not in web.config
Here is the correct application.Host.xdt hope it helps others... It replaces the server header with a value on 500 error HTTP response
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<configSections>
<sectionGroup name="system.webServer" xdt:Locator="Match(name)">
<sectionGroup name="rewrite" xdt:Locator="Match(name)">
<section name="allowedServerVariables" overrideModeDefault="Allow" xdt:Locator="Match(name)" xdt:Transform="SetAttributes(overrideModeDefault)" />
</sectionGroup>
</sectionGroup>
</configSections>
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="RESPONSE_Server" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" />
</allowedServerVariables>
<outboundRules xdt:Transform="InsertIfMissing">
<rule name="Change Server Header" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="My Server" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>

Azure WebApp simple Html/JS gzip

Even though this has been ask numerous times I still haven't found a working solution on StackOverflow:
I've created an angular SPA with the angular cli. This gives me .html / .js files which I have deployed to azure.
Now I want azure to serve these files gzip encoded.
In order to do that I've created a web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpCompression
directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
</httpCompression>
<urlCompression doStaticCompression="true" doDynamicCompression="false" />
</system.webServer>
</configuration>
But this doesn't serve any files gzipped.
I've also tried it with this config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<urlCompression doStaticCompression="true" doDynamicCompression="false" />
<httpCompression>
<staticTypes>
<clear />
<remove mimeType="*/*" />
<add enabled="true" mimeType="text/*"/>
<add enabled="true" mimeType="message/*"/>
<add enabled="true" mimeType="application/javascript"/>
<add enabled="true" mimeType="application/x-javascript"/>
<add enabled="true" mimeType="application/atom+xml"/>
<add enabled="true" mimeType="application/xaml+xml"/>
<add enabled="true" mimeType="application/json"/>
<add enabled="false" mimeType="*/*"/>
</staticTypes>
</httpCompression>
</configuration>
same result...
Does anyone know how I can get azure to serve these static files gzipped?
Have you tried doing an XDT transform? as described here:
https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<httpCompression>
<dynamicTypes>
<add mimeType="application/foo" enabled="true" xdt:Transform="Insert" />
</dynamicTypes>
</httpCompression>
</system.webServer>
</configuration>
I haven't had a lot of luck enabling GZip compression either. What I eventually did was take my static Angular files, put them into a .NET bundle, append a calculated hash to the URL for cache busting, then push them into an Azure CDN. I was able to get the CDN to serve the files using GZip compression.

Where should <allowedServerVariables> tag live in Azure Website applicationHost.config?

Technical Information
Azure Website
Installed IIS Manager Site Extension by shibayan
Scenario
I have implemented a reverse proxy on my Azure Website, however the receiving server doesn't get any indication of whether the initial request was over HTTPS or not.
What I want to do is send the HTTPS flag of ON/OFF from the initial request to the proxied server, via a custom HTTP Header.
In Theory
Using shibayan's IIS Manager Site Extension, I can edit the applicationHost.xdt file, give it a Transform to insert an <allowedServerVariables> tag and that should allow me to set a custom HTTP Header.
In Practise
I've configured my rewrite rule as such:
<rule name="Proxy" stopProcessing="true" xdt:Transform="Replace" xdt:Locator="Match(name)">
...
<serverVariables>
<set name="HTTP_X_USE_HTTPS" value="{HTTPS}" />
</serverVariables>
...
</rule>
And have attempted a few combinations of where to put the <serverVariables> tag...
Attempt one:
As described in this answer.
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xdt:Transform="Insert" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_USE_HTTPS" xdt:Transform="Insert" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
Result:
HTTP Error 500.50 - URL Rewrite Module Error.
The server variable "HTTP_X_USE_HTTPS" is not allowed to be set. Add
the server variable name to the allowed server variable list.
Attempt two:
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location path="~1[app service name]" overrideMode="Allow">
<system.webServer>
<proxy enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xdt:Transform="Insert" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_USE_HTTPS" xdt:Transform="Insert" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</location>
</configuration>
Result: HTTP 500.50
Attempt three:
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location path="" overrideMode="Allow">
<system.webServer>
<proxy enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xdt:Transform="Insert" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_USE_HTTPS" xdt:Transform="Insert" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</location>
</configuration>
Result: HTTP 503
Attempt four:
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location path="[app service name]" overrideMode="Allow">
<system.webServer>
<proxy enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xdt:Transform="Insert" />
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_USE_HTTPS" xdt:Transform="Insert" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</location>
</configuration>
Result: HTTP 503
I am aware that in the applicationHost.config file for an Azure Website there are a few places that <system.webServer> can be defined, such as under the following elements:
<configuration>
<configuration><location>
...however I've tried these combinations to no avail.
Questions
Is there another possible location?
Have I misconfigured my .xdt file in any way?
Am I missing something from my applicationHost.config?
You have to create a applicationHost.xdt file under the site folder d:\home\site\applicationHost.xdt with this content:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<rewrite>
<allowedServerVariables>
<add name="HTTP_X_USE_HTTPS" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" />
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
Now you can use the new variable in your web.config file
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Proxy">
<serverVariables>
<set name="HTTP_X_USE_HTTPS" value="{HTTPS}"/>
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
See also https://azure.microsoft.com/en-us/documentation/articles/web-sites-transform-extend/ or https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples

Azure Web App Not Using GZip Compression

I was using WebPageTest to test the performance of my Azure Web App (ASP.Net vNext Web API/Angular). I got an F for both "Compress Transfer" and "Cache Static Content".
After searching StackOverflow and Google, I added the following to my web.config:
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
<httpCompression>
<dynamicTypes>
<clear />
<remove mimeType="*/*" />
<add enabled="true" mimeType="text/*"/>
<add enabled="true" mimeType="message/*"/>
<add enabled="true" mimeType="application/x-javascript"/>
<add enabled="true" mimeType="application/javascript"/>
<add enabled="true" mimeType="application/json"/>
<add enabled="false" mimeType="*/*"/>
<add enabled="true" mimeType="application/atom+xml"/>
<add enabled="true" mimeType="application/atom+xml;charset=utf-8"/>
</dynamicTypes>
<staticTypes>
<clear />
<remove mimeType="*/*" />
<add enabled="true" mimeType="text/*"/>
<add enabled="true" mimeType="message/*"/>
<add enabled="true" mimeType="application/javascript"/>
<add enabled="true" mimeType="application/atom+xml"/>
<add enabled="true" mimeType="application/xaml+xml"/>
<add enabled="true" mimeType="application/json"/>
<add enabled="false" mimeType="*/*"/>
</staticTypes>
</httpCompression>
and
<staticContent>
<!-- Set expire headers to 30 days for static content-->
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00" />
</staticContent>
After redeploying my Web App, I re-ran the test and I am still getting an F for both of them. Even though I have added these settings to web.config, it does not appear that Azure Web App is honoring them.
Also, I found out that some Web App tiers do not allow compression but I am running on an S2 and I verified that it does allow compression.
Any help would be appreciated!
Thanks!
gzip compression is enabled by default for Azure Web Apps. You can see the rules in your sites LocalSiteRoot/Config/applicationhost.config. Looking at the response headers (which can easily be done with developer tools) should confirm that gzip is being used. It is possible that one of the resources that your site loads is not compressed, and this is causing the WebPageTest to fail. I would look at a network capture and the response headers, and see if you can find the offending resources if you're concerned.
To go to the local site root, you can use FTP, or go to your SCM site at https://.scm.azurewebsites.net/DebugConsole and then click the globe icon.
Also I suspect that your 2 javascript files are not getting compressed since the Content-Type header is not getting populated, so the rule is not capturing it because it does not recognize the mimetype.
Just to back up #theadriangreen here - it will be a header problem. I've found adding the types in the web.config to be unreliable.
What you need to do instead is edit the applicationHost.config file stored in the deepest dark part of azure. The easiest way to do this, is to install the IIS Manager extension either in the Azure portal or in Kudu. Kudu can be accessed via .scm.azurewebsites.net.
There you can edit the file, and it'll save a xdt for you - which once you restart the app you should find that the xdt gets applied.
Alternatively, you can just add an applicationHost.xdt to your App root and you are good to go. Here is a sample.
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<httpCompression>
<dynamicTypes>
<add mimeType="application/json;charset=utf-8" enabled="true" xdt:Transform="InsertAfter(/configuration/system.webServer/httpCompression/dynamicTypes/add[(#mimeType='application/json')])" />
</dynamicTypes>
</httpCompression>
</system.webServer>
</configuration>
References:-
https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples
https://blogs.msdn.microsoft.com/benjaminperkins/2015/03/03/making-changes-to-the-applicationhost-config-on-azure-websites/
https://github.com/shibayan/IISManager

Resources