I am at a loss as to how to present a custom error page, with professional branding, for errors covering:
403 - Wep App stopped - currently get blue page with Azure text.
503 - Service Unavailable - currently get white page with "service unavailable"
I have tried to use CloudFlare custom error pages, but this does not work. For a 403, traffic still gets routed throught to Azure, where it gets the standard Azure 403 Page.
Must be possible?
There are two categories of HTTP errors that can happen on Azure Web Apps:
Those that happen in IIS on the Web Worker where your site is running.
Those that happen before it reaches that. This includes cases when the site is stopped, in the process of restarting, or potentially affected by some other issue in the system.
One way to tell if an error is #1 or #2 is to turn on http logging, and see if it gets logged. Only #1 will.
For #1, you can customize errors using standard techniques. But for #2, there is currently no way for you do customize the pages returned by Azure.
Related
I've read through the link below and extended the timeout, disable compression on the Origin/Azure Front Door and a Rules Set rule to remove accept-encoding from the request for byte range requests. However, I am still getting these random 503 errors or blank pages.
https://learn.microsoft.com/en-us/azure/frontdoor/front-door-troubleshoot-routing
In my web app, I've added the custom domain (app.contoso.com) with my own certificate.
And in my Front door, I've added my custom domain (app.contoso.com) with my own certificate and set up a backend pool and a routing rule.
And in the update backend, I've left the backend host header empty as I would like it to be able to redirect to the custom domain instead of showing the web app url.
And in my routing rule, I've set the following
I've followed the instruction closely provided from Azure but still getting random 503 Errors or Blank Page from Azure Front Door. And I can confirm that my Web app (contoso.azurewebsites.net) is working when I am getting a 503 errors or blank pages from the custom domain from front door. I've also ensure I used the same SSL certificate on the web app and front door custom domain.
In my DNS, I've mapped the following
app.contoso.com CNAME contoso.azurefd.net
Is there anything I missed out or does anybody have a solution to this?
Follow up
I've tried to enable and disable the certificate subject name validation and change the send/receive timeout from 30 to 240 or from 240 to 30 but still getting the same issues.
Update: It giving blank page or 503 error (see screenshot below)
I have FrontDoor setup in front of multiple backend Web App. I've noticed there's a number of random 503 errors each day. The requests themselves are valid, and retrying generally works, however, the initial request that fails is not hitting the backend Web App. The backend health at the times of the errors are also 100%, and it can't be a timeout because the error is immediate (timeout is also extended to 240 seconds). It seems like FrontDoor itself is having some kind of health issue, but there's no health issues mentioned.
I have observed what I thought were random 503 errors from front door, and eventually narrowed it down to a particular set of circumstances - in the Azure portal, the App Service Client Certificates mode was set to Required or Allow, and the request was an HTTP POST with sizes over 100KB.
My experience was that problem is not in Front Door - it was just reporting the problem. The issue is that the application hosted by the Azure App Service never receives the request that is sent by Front Door, and therefore doesn't respond - leading to a 503 timeout. Increasing the timeout in Front Door won't solve the problem.
From what I've read the underlying cause is that "when the server sends the SSL renegotiation request the client has already sent too much data for the server to buffer before it can receive the SSL renegotiation response" (quoted from here: https://github.com/dotnet/runtime/issues/17336)
There are a couple of workarounds which may help in your scenario involving setting ServicePointManager.Expect100Continue = true (from here https://github.com/dotnet/runtime/issues/17336) or alternatively performing a HEAD request followed by a POST (documented here: https://github.com/fasigpt/appserviceclientcertauth/blob/fa0862dcd44ae570594e21f4bbab4f328cd5eadb/clientcert/Program.cs#L35)
But the only way I've found to reliably eliminate the 503 errors reported by Front Door is by setting the Client Certificates mode to "Ignore" in the App Service settings section in the Azure Portal. This may or may not be suitable for your particular scenario, YMMV - I didn't find this ideal, but for my case it was less bad than intermittent (but also reasonably frequent) 503 errors.
I tried in my local environment and it works fine for me ,Followed by this MS DOC .
Here is my configuration :
Make sure that you have add your custom domain properly which destination as frontend host name.
In backend pool i have tried to set the interval to 5(small value) so the front door knows if backend is down and that it shouldn't routes traffic to that backend anymore
In routing rules, make sure that you have checked all your frontends/domains .
After that you can run by hitting your frontdoor host .
Please refer this Microsoft documentation : Add a custom domain to your Front Door for more information.
I currently have a WordPress website hosted on 3 virtual machines behind an application gateway. When users are trying to submit a form via our websites sponsorship pane, after clicking submit users are prompted with:
403 forbidden microsoft-azure-application-gateway/v2
I've done a significant amount of research and viewed the logs and I'm not seeing any red flag that is causing restricted access to the resource. The WAF is set to prevention so maybe it's seeing the form submission as a type of malicious activity and blocking it? Not quite sure at this point though.
I am not a web master, so my scope of service stops after it leaves the Azure portal.
Please advise.
After digging around the WAF logs, the way that the form is being transmitted to the website is being flagged as malicious and classifying the request as an SQL injection attack.
How I mitigated it in two ways:
Navigated to the Web application firewall (WAF) and disabled the rule in question
Add specific custom rules for exclusions for specific URLs
We suddenly began experiencing HTTP 502 errors (The specified CGI application encountered an error and the server terminated the process) from one of the instances of our web app. I was able to determine this using Kudu's "Support" tab whereby you can drill down to metrics per instance.
After restarting w3wp for the instance everything continued successfully as normal. There were no problems with resource usage (CPU/RAM) and the odd thing is that the 502s were returning instantly. So, requests weren't timing out for the client.
What are the possible steps to investigate why this happened?
Our application logs wouldn't have anything and our web server logs only have the record of these 502 but with no further details.
In our case it seems to have come down to port exhaustion on the app service plan. Read here for more details on the limitations for each of the plans available.
Is there a way to know when/if the whole website was down? And even better, the reason that it was down. I don't have access to the servers, only have access to Kentico admin with global admin privileges. Thanks!
Down as in the user trying to visit the site is getting a 503 Error?
If it goes down because of an error in Kentico, you would be able to check the event log, but if it is a server error you would need to check the server event logs.
There are a bunch of services online that will notify you when your site isn't responding like Uptimer Robot
One of the options is integrate your Kentico App with Azure Application Insights.
You can configure
.Net Performance monitoring via usage analytics (server
resources like http response time)
Status monitor to diagnose IIS
issues on live running web sites (without re-deploying)
Usage
analytics for pages of the website (client side like Google
Analytics)
Automated stress testing System availability and health
monitoring (think uptime / downtime tracking)
Crash reporting for
apps and devices
http://www.mcbeev.com/Blog/April-2016/Application-Insights-for-Kentico
I have a Web site deployed on Azure Web App. My web site gets very slow at times. This behavior is random.
On checking IIS Logs during the period of slowness, I found few requests coming in where the Client IP Address is blank (It shows "-").
The response time of these requests runs into minutes and finally they result into HTTP 500 error. This happens only for the requests where c-ip is blank.
All other requests that have a Client-IP address are processed successfully. But because of the bad requests my application becomes very slow. I have to restart my Web App to resolve this issue.
What could be the possible reason behind these requests having a blank Client IP Address ? Could this be a malicious attack on the web site ?
Difficult to say. Could you add Application Insights service to your project? It allows you to see what is going on before and after 5 minutes of "this" request. The second reason can be the mode of your Azure Web App - is it free or shared or standard?
After AI added, you could share some more insights, because it is important to know what is that request about, not just the fact that it was processed.
https://azure.microsoft.com/en-us/documentation/articles/app-insights-start-monitoring-app-health-usage/