Web Apps

Web Apps in Azure App Service provide a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js or Python. Choose from a variety of source control options including TFS, GitHub, and BitBucket to set up continuous integration and develop as a team.

How can we improve Azure Web Apps?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Enable 'client certificate authentication' per directory

    I have a site that only part of it needs to be secured with client certificate authentication, it is able to be enabled on the site level but not the directory level as per this article.

    https://docs.microsoft.com/en-us/azure/app-service-web/app-service-web-configure-tls-mutual-auth

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Crystal Reports in Azure Websites

      Ability to host Crystal Report Sites in Azure Web Site. Currently, it can be hosted only on Cloud Services /Virtual Machines

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow a request timeout of more then 3.8 minutes

        Currently the infrastructure imposes a request timeout of 3.8 minutes. This is rather low for longer lasting requests such as for making reports.

        23 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Enable only Azure Traffic

          With the growing trend of Microservices based architecture, there's a demand to restrict access from public. It would be good if we could have one simple checkbox "Allow only traffic from Azure", which will block access that didn't come from Azure. Currently we can achieve that with Azure Service Environment, that allows VNETs, but it's expensive. Is there another way that I'm missing?

          19 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • ASE internal and external with express route data flow

            I am confused with ASE with internal and external. Can you explain the data flow for ASE with express route.

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • Feature for backing up only certain folders/ files

              currently the exclusion list is via _backup.filter. But consider the scenario, only certain files or folders needs to be backed up in a huge list of folders files .Consider a scenario of a big webapp with lot of subfolders

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →
              • Set times when maintenance should not occur

                We need the ability to set times that tells Azure, "never do maintenance on the underlying Azure VM or Azure Storage during these times".

                We run many web apps in Azure Web Sites. Unfortunately, we use a CMS that caches much of the site on startup. This makes it very fast once the site is loaded in memory. It takes 4-5 minutes to cache on initial load. Each time the application pool is reset, our clients experience 4-5 minutes of downtime. In Azure, when maintenance is done on the VM or Storage it causes an app restart. That translates into…

                20 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                • Monitor individual instances

                  We need a way to monitor each individual instance. We need an end-point, a separate URL or an instance ID returned via html, or something.

                  We love the ease of scaling web apps to multiple instances with the click of a button. We externally monitor every app, and if any app is down, we quickly begin troubleshooting. However, our external monitors are simply hitting the URL and checking for returned text. If one instance is down and the other one is up our monitor never alerts us, yet some clients see the app as "down". This happens more frequently than…

                  16 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                  • Near-realtime consolidated web app consumption

                    We need a consolidated way to see near-realtime CPU and Memory consumption for each Web App per App Service Plan. This way we can quickly identify which apps are consuming the most resources (specifically CPU and Memory) in that App Service Plan.

                    These are the 2 scenarios we run into often:

                    1. We run many web apps in each App Service Plan. We don't want to pay for a new App Service Plan until all memory (or CPU) is consumed on what we currently have. I could rebalance the sites (move some to another plan) if I could easily see…

                    19 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                    • Allow custom domain verification per subscription rather than per website

                      The current custom domain validation techniques require specific DNS work for each and every site being set up. This introduces a lot more complexity and can sometimes break down. The particular issue I'm into at the moment has to do with ARM templates and traffic manager, but it seems like there are a number of scenarios where one could have trouble.

                      Today, and awverify TXT record specifies a specific website. An equivalent for specifying an azure subscription ID would be far more flexible. Ideally one could apply this to the root domain, and automatically enable the provisioning of any entries…

                      6 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • Allow web apps to be backend pools in application gateways

                        Instead of requiring an App Service Environment, or Virtual Machines running IIS, allow us to put in the FQDN/IP Address of our Azure App Services.

                        12 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Provide more secure TLS ciphers

                          Currently Chrome flags the CBC ciphers as obsolete. CBC ciphers are at the top of the cipher preference list of Azure Web Apps as you can see there: https://www.ssllabs.com/ssltest/analyze.html?d=test.azurewebsites.net
                          More info: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites


                          So please provide some more secure ciphers from the ECDHE cipher suite like TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256.

                          16 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            2 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Copy the application log settings when cloning deployment slots

                            It would be better if the log settings are copied into a newly created slot, when we clone a slot, just like the app settings does.
                            For example, currently when we turn the blob logging enabled and then clone the slot, the logging get disabled in a new slot.
                            On the contrary, the blob container settings remains.

                            This is because the blob container setting is saved as an environment variable in app settings.
                            Here is the result in ResourceExplorer, when I cloned a slot.

                            "applicationLogs": {
                            "fileSystem": {
                            "level": "Off"
                            },
                            "azureTableStorage": {
                            "level": "Off",
                            "sasUrl": "https://strageaccountsample.table.core.windows.net/xxxxxxx"
                            }, …

                            7 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
                            • in ASE disable TLS 1.1

                              Allow for the disablement of TLS 1.1 protocols from ASE in a similar method as TLS 1.0. This would help secure systems further for ISVs building new API Apps and help with additional security concerns and compliance for PCI and others.

                              Allowing for the same method but adding an additional JSON in cluster settings to actually trigger the TLS 1.1 disablement would be good.

                              "clusterSettings": [
                              {
                              "name": "DisableTls1.0",
                              "value": "1"
                              },
                              {
                              "name": "DisableTls1.1",
                              "value": "1"
                              }
                              ],

                              https://docs.microsoft.com/en-us/azure/app-service-web/app-service-app-service-environment-custom-settings#disable-tls-10

                              4 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
                              • FTP accounts tied to subscription, not user. Not enough auditing

                                In the current model, FTP credentials are tied to a user's azure login. Thus, we have no visibility into credentials that are set, as we cannot see other people's FTP credentials they've set. Furthermore, when an FTP account is created or deleted, nothing is logged. This makes it difficult to audit who has access. With the logins being tied to the user, when the user leaves, there is no way for us to reclaim that username unless they delete their ftp credentials first. This doesn't always work, as a user may depart abruptly or not on good terms. Although the…

                                10 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  4 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
                                • Hybrid Connection Manager Support for Linux

                                  We are an ISV leveraging Azure PaaS to provide an iPaaS service to customers. We have a requirement to connect to on premise servers to access line-of-business apps. Currently, we leverage Azure’s Hybrid Connection Manager --- but are limited to Windows servers only. Our customers have both Windows, Linux and mixed environments. This considerably limits our market.

                                  Can we expect Linux support? If so, when? Any suggested work arounds?

                                  Thank you for your consideration.

                                  3 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
                                  • [Linux] Allow remote debugging of .NET core apps hosted by linux app services

                                    It is currently not possible to remote debug .NET core applications running on Azure Linux App Services. Please consider to add remote debugging to the feature list of Linux App Services.

                                    9 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Allow powershell remote shell session e.g. Enter-PSSession on Web App machine

                                      To create a powershell session on a remote machine, WinRM is required to run on the remote machine. All Web App machines have this installed and are being used by the internal Azure provisioning system (assumption).

                                      Currently the only way to have some sort of shell on the Web App machine is by going through the ProcessExplorer site extension. This is not a true shell, but sort of an emulated one. Ctrl-v scrolls the page up for instance. And the transport is over SignalR, which could be fine, but the implementation feels wonky.

                                      Or I might have missed some documentation…

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Flag idea as inappropriate…  ·  Admin →

                                        Hi Tonny,

                                        Thanks for posting this request. Unfortunately, enabling Enter-PSSession on our sandbox is a complicated item to complete.

                                        We will leave the item under review for now and see if it gathers support. We will review it again in the future and see how and if we can accommodate.

                                        Thanks,
                                        Oded

                                      • Stop TiP causing security warnings

                                        Currently Testing in Production (TiP) can be used for two purposes: A/B testing or deploying multiple versions of the same website (eg. production and staging).

                                        Some companies like us use TiP only for the second purpose, but as soon as we enable the feature, an additional cookie called "TiPMix" added to our website. The purpose of the cookie is enable A/B testing and help to decide which user should be randomly routed to which slot. We always route 100% of our traffic to the production slot, so no decision have to be made in our case thus we don't need…

                                        73 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →

                                          Hi all,

                                          Thank you for the feedback up the issue! We intend to make some corrections to how we display the security warnings. This shouldn’t happen too far from now though I don’t have a concrete timeline to share yet. When more info is available, I’ll update the post.

                                          Thanks!
                                          Oded

                                        • Using the PerAppScaling option, also allow the ability specify which worker the App should run on

                                          Enabling the PerAppScaling to allow certain apps within the App Service Plan to scale, it would help if one could specify to which worker an app should be deployed to along with a fallback in case Worker #2 was specified and no worker #2 exists anymore.

                                          This would enable developers to group large memory-bound apps with smaller apps to balance the worker load more effectively.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            under review  ·  0 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 8 9
                                          • Don't see your idea?

                                          Web Apps

                                          Feedback and Knowledge Base