Web Apps
Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.
More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.
Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.
-
Option to hide/anonymize IPs in webserver logs to be GDPR compliant
It would be very helpfull if there would be an option to hide/anonymize IPs in webapps webserver logs. Right now you have to disable webserver logs completely to be GDPR compliant which might be not best practice.
33 votesHi all,
Thank you for the feedback and recommendations on this important topic!
We will look at adding this to our feature roadmap though we don’t have any timing to share right now.
For additional guidance please refer to “Azure Data Subject Request GDPR Documentation” under the Service Trust Portal: https://servicetrust.microsoft.com/ViewPage/GDPRDSR. Specifically read through, Part 1 – Step 5, which discusses the removal of personal data and timing in which you can leverage retention period settings for the logs.
Thanks,
Oded -
Metrics for Linux Docker Containers - Function APPS
We are currently running several Linux Docker Containers in a function app and are surprised that most metrics are not available.
The system reports on data in/out and http 5xx errors but that is all that it there. Information such as processed HTTP requests, response time, logs streams, processes and container load (cpu/memory/io is only available for the whole app service and not for the container).
Docker function apps are heavy priced already and it doesn't help that most functionality in the portal is not available in this use case.
10 votesIt’s a great idea to be able to view the metrics per container. We’ll review the request.
Thanks,
Oded -
App Service on Linux in Azure Stack
App Service on Linux is a much requested feature from our customers, and is a glaring hole in the consistency between Azure and Stack today.
11 votesThis feature set is under review for enablement in Azure App Service on Azure Stack. We recognise the feature is not available but have no timelines to share at this time.
-
Allow to start an AAD authentication express setup from an ARM template
When enabling AAD authentication on an App service, using an ARM tempalte, you have to manually specify a clientid and clientsecret. Something like MSI: identity: "system" would be much easier. Especially from a Ci/CD perspective.
18 votesThanks for the suggestion! We will be looking into this.
-
App Service - Allow Named Pipe Activation to be enabled
We would like to use named pipes to communicate between services on the same app service, but this doesn't seem to be possible since named pipe activation isn't enabled in .Net on the app service.
89 votesThanks for the entry. We’re taking a look.
Oded
-
Support sending web server logs to OMS Log Analytics workspace
Web Server logs can currently be written to a Blob storage account. However, it would be great if the logs could be sent directly to an OMS Log Analytics workspace.
19 votesThanks for the feature request, definitely a valid request we will look to fulfill. Though no plans to work on this right now.
Thanks,
Oded -
[Linux] - Set Docker Image Tag as a slot setting in Application Settings of a Web App for Containers
When swapping between staging and production slots of a Web App for Containers, it would be really handy to have the option of keeping the tag of each image in its respective slot (e.g. image:latest for production, image:dev for staging) and not get them to swap after each slot swap.
Imagine you setup Continuous Deployment through Dockerhub. You push code changes on GitHub, and image build is triggered and then an image pull request from Azure to Dockerhub. If a swap has preceded the above flow, then newly build images would end up in the opposite from desired deployment slots. …26 votesThank you for the feature request. We will be taking a look.
Oded
-
Metric and alert for Web App file system used quota
We would like to setup an automatic alert that fires when the file storage of an app plan is reaching its limits.
Ideally it will be great to have a metric that tells the % of storage (quota) consumed so we can set an alert on top of that metric.
182 votesThis is a great idea and we would like to implement it though there are a few dependencies we need to meet first. We are leaving this on the roadmap for now to see if it gains more customer support which will help with prioritization.
Thanks,
Oded -
Strict-Transport-Security
With the ability now to force HTTPS, it would be nice if Strict-Transport-Security HTTP Header should also be set and knock another finding off of the security report:
Details on The Header:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security25 votesWe’ll be taking a look.
Thanks,
Oded -
App service high disk queue length
We have observed high app service disk queue length while testing an application hosted on App service plan . As per investigation along with the microsoft support engineer, it has been identified that the disk queue length metric has always been aggregated as a sum (Total) for the samples captured from a worker. So any small change in this metric on the worker will cause this to spike rapidly. Also multiple workers will additionally cause this counter to grow even faster. In short, this is not an actual reflection of the actual disk queue length at any point in time…
4 votesWe will add a work item to make these metrics clearer, though we don’t have a timeline we can share when this may get picked up.
Thanks,
Oded -
Add static IP address for outbound traffic without the use of App Service Environment
There are many reasons you may want to have a static IP address for outbound connections. For example, you may be accessing a system which requires you to whitelist IP address in a firewall, such as SQL Database or an external service.
Currently, the only way to get a static IP address for outbound connections is to use App Service Environment. App Service Environments are quite complex, and has a very high price tag. You need at least 4 instances, 2 of which must be P2, meaning you'll pay at least 1000 EUR/month. Paying 1000 EUR/month just because you want…
1,531 votesStill no news to share, just to add that we are investigating options on modifications for the App Service multi-tenant offering with enhanced capabilities.
Thanks,
Oded -
Azure App Service Environment ILB - Support for Internal Certificate Authorities
Currently the documentation for Azure App Service Environment with ILB claims it supports internal certificate authorities.
As part of the documentation it is recommended that a user bundles their server auth certificate with the full certificate chain - thus producing a PFX file or base64 encoding it and uploading through powershell.
However when testing with OpenSSL or on an iOS device, the first request never sees the full certificate chain and fails with "invalid server certificate". It is on a subsequent request the full chain is delivered - leaving users to hit refresh once in their browser…
13 votesThanks for the request! We’re looking to improve the overall certificate experience within ILB ASEs.
Thanks,
Oded -
Document healthcheck URL requirement for custom containers
With Web App for Containers, it seems Azure uses a special URL "/robots933456.txt" to check when the container has started, and expects a valid HTTP response (404 is fine). This requirement for custom containers should be mentioned in the documentation! (and preferably, it should be configurable)
44 votes -
Associating Hybrid Connections to Azure App Services cannot be automated
There is no way to associate a Hybrid Connection to an Azure App Service via ARM Template or PowerShell.
This is a significant gap since we cannot automate this at all when that is the driving factor for DevOps and PaaS services.
146 votesWe are looking at options here.
Thanks,
Oded -
Add newer ruby versions (2.4 & 2.5)
Would be good to keep up-to-date with the latest rubies, 2.3 is only receiving security fixes now.
10 votesThanks for the feature request! We are constantly working to add the most updated versions and we will get to Ruby as well. We’ll update on progress here though we don’t have a timeline to share at the moment.
Thanks,
Oded -
Make use of Reserved Instances
It's possible to prepay VM's, this will result in a lower cost, see https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepay-reserved-vm-instances
It would be great to use these machines in WebApps. Or add these type of payment to the Web Apps.
13 votesWe have reserved instances generally planned for ASE (App Service Environments), but nothing in terms of a timeline we can share at the moment.
Thanks,
Oded -
Antimalware feature on Web Apps (App Service)
Cloud Services and Virtual Machines have an antimalware feature to protect themselves from viruses.
However, Web Apps only protects their platform, and there is no customer-facing antimalware service now.
If we develop an application which receives files from anonymous users with an upload form, we can't detect and get rid of the viruses.
We strongly request the antimalware feature like that Cloud Services and Virtual Machines do.401 votesThere are no near term plans to provide this functionality. However we will keep it under review for periodic re-evaluation in the future.
Thank you,
Azure App Service Team -
Allow importing 3rd party ssl certs for use as app service certificates in app services/web apps
Currently if I have an ssl certificate being used in multiple app services, when I renew that certificate I have to update the app services one by one or via powershell. It looks like using an app service certificate would solve this by allowing me to renew in one place and have it update each of the app services automatically. The problem being that I use 3rd party issued ssl certs vs ones created as app service certs in azure.
Ideal would be to either allow uploading 3rd party ssl certs to be used as app service certs or offer…
22 votesThank you for the feature request. We will review this as part of our roadmap.
Thanks,
Oded -
[Linux] Add support to restrict IP access for Web Apps Linux / Docker
Don't have this functionality became unfeasible use of Linux / Docker Web Apps in production environment
17 votesThanks for the feedback!
We’re reviewing this request, and will provide update when we have a plan.
Thanks,
Yi -
Generate internally-issued certificates
There should be a way to generate internally-issued certificates for ASE so ASE's have no legacy-dependency. Currently one has to have CA running in a VM to generate that for the domain.
3 votesThanks for the suggestion! We’ll be looking into how we can potentially support this.
Thanks,
Oded
- Don't see your idea?