Web Apps
Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.
More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.
Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.
-
Allow to start an AAD authentication express setup from an ARM template
When enabling AAD authentication on an App service, using an ARM tempalte, you have to manually specify a clientid and clientsecret. Something like MSI: identity: "system" would be much easier. Especially from a Ci/CD perspective.
18 votesThanks for the suggestion! We will be looking into this.
-
Metrics for Linux Docker Containers - Function APPS
We are currently running several Linux Docker Containers in a function app and are surprised that most metrics are not available.
The system reports on data in/out and http 5xx errors but that is all that it there. Information such as processed HTTP requests, response time, logs streams, processes and container load (cpu/memory/io is only available for the whole app service and not for the container).
Docker function apps are heavy priced already and it doesn't help that most functionality in the portal is not available in this use case.
10 votesIt’s a great idea to be able to view the metrics per container. We’ll review the request.
Thanks,
Oded -
App Service on Linux in Azure Stack
App Service on Linux is a much requested feature from our customers, and is a glaring hole in the consistency between Azure and Stack today.
12 votesThis feature set is under review for enablement in Azure App Service on Azure Stack. We recognise the feature is not available but have no timelines to share at this time.
-
App Service - Allow Named Pipe Activation to be enabled
We would like to use named pipes to communicate between services on the same app service, but this doesn't seem to be possible since named pipe activation isn't enabled in .Net on the app service.
90 votesThanks for the entry. We’re taking a look.
Oded
-
Metric and alert for Web App file system used quota
We would like to setup an automatic alert that fires when the file storage of an app plan is reaching its limits.
Ideally it will be great to have a metric that tells the % of storage (quota) consumed so we can set an alert on top of that metric.
213 votesThis is a great idea and we would like to implement it though there are a few dependencies we need to meet first. We are leaving this on the roadmap for now to see if it gains more customer support which will help with prioritization.
Thanks,
Oded -
[Linux] - Set Docker Image Tag as a slot setting in Application Settings of a Web App for Containers
When swapping between staging and production slots of a Web App for Containers, it would be really handy to have the option of keeping the tag of each image in its respective slot (e.g. image:latest for production, image:dev for staging) and not get them to swap after each slot swap.
Imagine you setup Continuous Deployment through Dockerhub. You push code changes on GitHub, and image build is triggered and then an image pull request from Azure to Dockerhub. If a swap has preceded the above flow, then newly build images would end up in the opposite from desired deployment slots. …29 votesThank you for the feature request. We will be taking a look.
Oded
-
Strict-Transport-Security
With the ability now to force HTTPS, it would be nice if Strict-Transport-Security HTTP Header should also be set and knock another finding off of the security report:
Details on The Header:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security25 votesWe’ll be taking a look.
Thanks,
Oded -
Azure App Service Environment ILB - Support for Internal Certificate Authorities
Currently the documentation for Azure App Service Environment with ILB claims it supports internal certificate authorities.
As part of the documentation it is recommended that a user bundles their server auth certificate with the full certificate chain - thus producing a PFX file or base64 encoding it and uploading through powershell.
However when testing with OpenSSL or on an iOS device, the first request never sees the full certificate chain and fails with "invalid server certificate". It is on a subsequent request the full chain is delivered - leaving users to hit refresh once in their browser…
13 votesThanks for the request! We’re looking to improve the overall certificate experience within ILB ASEs.
Thanks,
Oded -
WebApp custom DNS with private DNS Name
Custom DNS HostName for a WebApp is working exactly in the same way in both Azure and Azure Stack, with both ownership and record check against a public Internet DNS server. That's pretty cool for public facing web applications, but represents a security issue for :
1)Intranet applications.(hosted on Azure or AzureStack)
- Custom Domain Names makes sence not only for Internet but Intranet too.
- We don't want to expose intranet application names publicly to the wild...
2)Multi-tenant AzureStack
- Each customer would like to have it's own custom domain for its applications, and not use the *.appservice.local.azurestack.external or…46 votesThis is still on our backlog for review, this did not make it into update 2. We will continue to review this for Azure App Service on Azure Stack.
-
[Linux] Add support to restrict IP access for Web Apps Linux / Docker
Don't have this functionality became unfeasible use of Linux / Docker Web Apps in production environment
20 votesThanks for the feedback!
We’re reviewing this request, and will provide update when we have a plan.
Thanks,
Yi -
Add newer ruby versions (2.4 & 2.5)
Would be good to keep up-to-date with the latest rubies, 2.3 is only receiving security fixes now.
10 votesThanks for the feature request! We are constantly working to add the most updated versions and we will get to Ruby as well. We’ll update on progress here though we don’t have a timeline to share at the moment.
Thanks,
Oded -
Allow importing 3rd party ssl certs for use as app service certificates in app services/web apps
Currently if I have an ssl certificate being used in multiple app services, when I renew that certificate I have to update the app services one by one or via powershell. It looks like using an app service certificate would solve this by allowing me to renew in one place and have it update each of the app services automatically. The problem being that I use 3rd party issued ssl certs vs ones created as app service certs in azure.
Ideal would be to either allow uploading 3rd party ssl certs to be used as app service certs or offer…
22 votesThank you for the feature request. We will review this as part of our roadmap.
Thanks,
Oded -
Generate internally-issued certificates
There should be a way to generate internally-issued certificates for ASE so ASE's have no legacy-dependency. Currently one has to have CA running in a VM to generate that for the domain.
3 votesThanks for the suggestion! We’ll be looking into how we can potentially support this.
Thanks,
Oded -
Please display a warning message that the main app will be stopped meanwhile the restoring process (snapshot preview) is taking effect.
Snapshots can be restored to the original web app, a slot of the web app, or any other web app in the same App Service Plan. While the restore operation is in progress, the web app will be stopped. It is strongly recommended to restore snapshots to a new slot instead of overwriting an existing slot in order to prevent data loss if the restore operation is unsuccessful.
Snapshots contain both web app files and web app settings. You can choose to restore files only, or to restore the settings as well. All settings contained in regular backups are also…4 votesThanks for the suggestion we are looking into it, will update once we have updates to share
-
Ability to incrementally create/update AppSettings & ConnectionStrings
Actual problem:
Today if we don't provide all of the existing AppSettings or ConnectionStrings, the ones we omit are removed.Feature:
A little bit like the ARM deployment mode, add the ability to specify an Incremental & Complete mode when pushing settings. To ensure compatibility, Complete would be the default, keeping the behavior we have today. If we set the mode to Incremental, only the provided settings would be created/updated, leaving existing settings untouched.Use cases:
This would be very useful in cases where we want to sync AppSettings or ConnectionStrings for resources directly in our ARM templates for only…384 votesThanks for the suggestion, we are looking into the feature request
Ahmed
Azure App Service Team -
Linux Static Site on Nginx
One of the most common web techniques today is static generated web sites. Ideally, there would be an option along with Node, Php etc for Static HTML. This would allow configuration for just running Nginx web servers to host static sites.
56 votesThanks for your suggestion, we will evaluate the suggestion and post an update when we have news to share.
Ahmed
App Service Team -
Update Web App ModSecurity module to 2.9.2
The current version of the ModSecurity module that is integrated in the IIS of the Web App Services is 2.8.0.
This version of ModSecurity has issues with the IP + Port formatting of the AlwaysOnline service. Please update it to 2.9.2.22 votes -
replicate app service for redundancy
would be good to have app services be replicated in another region for high availability and redundancy
11 votesThanks for your suggestion, we will review the ask. Will update the suggestion once we have it planned
-
Add a country code header to incoming requests
Google App Engine (https://cloud.google.com/appengine/docs/standard/go/how-requests-are-handled#app-engine-specific-headers) and Cloudflare (https://support.cloudflare.com/hc/en-us/articles/200168236-What-does-Cloudflare-IP-Geolocation-do-) are able to add a http header to requests with the visitor's ISO 3166 country code.
It would be nice to have this ability in web apps in Azure also.
9 votesThanks for the request and additional reference. We will be reviewing this but don’t have plans to work on this at the moment.
Thanks,
Oded -
Provide more secure TLS ciphers
Currently Chrome flags the CBC ciphers as obsolete. CBC ciphers are at the top of the cipher preference list of Azure Web Apps as you can see there: https://www.ssllabs.com/ssltest/analyze.html?d=test.azurewebsites.net
More info: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-SuitesSo please provide some more secure ciphers from the ECDHE cipher suite like TLSECDHERSAWITHAES256GCMSHA384, TLSECDHERSAWITHAES128GCMSHA256, TLSECDHERSAWITHCHACHA20POLY1305SHA256.
80 votesHi there,
We are constantly reviewing cipher suites and will update more in the future.
Thanks,
Oded
- Don't see your idea?