Web Apps
Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.
More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.
Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.
-
App service high disk queue length
We have observed high app service disk queue length while testing an application hosted on App service plan . As per investigation along with the microsoft support engineer, it has been identified that the disk queue length metric has always been aggregated as a sum (Total) for the samples captured from a worker. So any small change in this metric on the worker will cause this to spike rapidly. Also multiple workers will additionally cause this counter to grow even faster. In short, this is not an actual reflection of the actual disk queue length at any point in time…
8 votesWe will add a work item to make these metrics clearer, though we don’t have a timeline we can share when this may get picked up.
Thanks,
Oded -
Enable Docker Content Trust on Linux ASE
Now that Notary/Content Trust in available in ACR, it would be useful if it could also be enabled in the ASE so it could only pull signed images.
I can't see a way to currently do this - is it possible?
5 votesThe feature for filtering images is not available right now, though we will look into this.
Thanks,
Oded -
Option to hide/anonymize IPs in webserver logs to be GDPR compliant
It would be very helpfull if there would be an option to hide/anonymize IPs in webapps webserver logs. Right now you have to disable webserver logs completely to be GDPR compliant which might be not best practice.
33 votesHi all,
Thank you for the feedback and recommendations on this important topic!
We will look at adding this to our feature roadmap though we don’t have any timing to share right now.
For additional guidance please refer to “Azure Data Subject Request GDPR Documentation” under the Service Trust Portal: https://servicetrust.microsoft.com/ViewPage/GDPRDSR. Specifically read through, Part 1 – Step 5, which discusses the removal of personal data and timing in which you can leverage retention period settings for the logs.
Thanks,
Oded -
Allow to start an AAD authentication express setup from an ARM template
When enabling AAD authentication on an App service, using an ARM tempalte, you have to manually specify a clientid and clientsecret. Something like MSI: identity: "system" would be much easier. Especially from a Ci/CD perspective.
18 votesThanks for the suggestion! We will be looking into this.
-
Metrics for Linux Docker Containers - Function APPS
We are currently running several Linux Docker Containers in a function app and are surprised that most metrics are not available.
The system reports on data in/out and http 5xx errors but that is all that it there. Information such as processed HTTP requests, response time, logs streams, processes and container load (cpu/memory/io is only available for the whole app service and not for the container).
Docker function apps are heavy priced already and it doesn't help that most functionality in the portal is not available in this use case.
10 votesIt’s a great idea to be able to view the metrics per container. We’ll review the request.
Thanks,
Oded -
App Service on Linux in Azure Stack
App Service on Linux is a much requested feature from our customers, and is a glaring hole in the consistency between Azure and Stack today.
12 votesThis feature set is under review for enablement in Azure App Service on Azure Stack. We recognise the feature is not available but have no timelines to share at this time.
-
Metric and alert for Web App file system used quota
We would like to setup an automatic alert that fires when the file storage of an app plan is reaching its limits.
Ideally it will be great to have a metric that tells the % of storage (quota) consumed so we can set an alert on top of that metric.
244 votesThis is a great idea and we would like to implement it though there are a few dependencies we need to meet first. We are leaving this on the roadmap for now to see if it gains more customer support which will help with prioritization.
Thanks,
Oded -
App Service - Allow Named Pipe Activation to be enabled
We would like to use named pipes to communicate between services on the same app service, but this doesn't seem to be possible since named pipe activation isn't enabled in .Net on the app service.
90 votesThanks for the entry. We’re taking a look.
Oded
-
Strict-Transport-Security
With the ability now to force HTTPS, it would be nice if Strict-Transport-Security HTTP Header should also be set and knock another finding off of the security report:
Details on The Header:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security25 votesWe’ll be taking a look.
Thanks,
Oded -
WebApp custom DNS with private DNS Name
Custom DNS HostName for a WebApp is working exactly in the same way in both Azure and Azure Stack, with both ownership and record check against a public Internet DNS server. That's pretty cool for public facing web applications, but represents a security issue for :
1)Intranet applications.(hosted on Azure or AzureStack)
- Custom Domain Names makes sence not only for Internet but Intranet too.
- We don't want to expose intranet application names publicly to the wild...
2)Multi-tenant AzureStack
- Each customer would like to have it's own custom domain for its applications, and not use the *.appservice.local.azurestack.external or…59 votesThis is still on our backlog for review, this did not make it into update 2. We will continue to review this for Azure App Service on Azure Stack.
-
Azure App Service Environment ILB - Support for Internal Certificate Authorities
Currently the documentation for Azure App Service Environment with ILB claims it supports internal certificate authorities.
As part of the documentation it is recommended that a user bundles their server auth certificate with the full certificate chain - thus producing a PFX file or base64 encoding it and uploading through powershell.
However when testing with OpenSSL or on an iOS device, the first request never sees the full certificate chain and fails with "invalid server certificate". It is on a subsequent request the full chain is delivered - leaving users to hit refresh once in their browser…
13 votesThanks for the request! We’re looking to improve the overall certificate experience within ILB ASEs.
Thanks,
Oded -
[Linux] Add support to restrict IP access for Web Apps Linux / Docker
Don't have this functionality became unfeasible use of Linux / Docker Web Apps in production environment
20 votesThanks for the feedback!
We’re reviewing this request, and will provide update when we have a plan.
Thanks,
Yi -
Add newer ruby versions (2.4 & 2.5)
Would be good to keep up-to-date with the latest rubies, 2.3 is only receiving security fixes now.
10 votesThanks for the feature request! We are constantly working to add the most updated versions and we will get to Ruby as well. We’ll update on progress here though we don’t have a timeline to share at the moment.
Thanks,
Oded -
Allow importing 3rd party ssl certs for use as app service certificates in app services/web apps
Currently if I have an ssl certificate being used in multiple app services, when I renew that certificate I have to update the app services one by one or via powershell. It looks like using an app service certificate would solve this by allowing me to renew in one place and have it update each of the app services automatically. The problem being that I use 3rd party issued ssl certs vs ones created as app service certs in azure.
Ideal would be to either allow uploading 3rd party ssl certs to be used as app service certs or offer…
22 votesThank you for the feature request. We will review this as part of our roadmap.
Thanks,
Oded -
Generate internally-issued certificates
There should be a way to generate internally-issued certificates for ASE so ASE's have no legacy-dependency. Currently one has to have CA running in a VM to generate that for the domain.
3 votesThanks for the suggestion! We’ll be looking into how we can potentially support this.
Thanks,
Oded -
Ability to incrementally create/update AppSettings & ConnectionStrings
Actual problem:
Today if we don't provide all of the existing AppSettings or ConnectionStrings, the ones we omit are removed.Feature:
A little bit like the ARM deployment mode, add the ability to specify an Incremental & Complete mode when pushing settings. To ensure compatibility, Complete would be the default, keeping the behavior we have today. If we set the mode to Incremental, only the provided settings would be created/updated, leaving existing settings untouched.Use cases:
This would be very useful in cases where we want to sync AppSettings or ConnectionStrings for resources directly in our ARM templates for only…406 votesThanks for the suggestion, we are looking into the feature request
Ahmed
Azure App Service Team -
Please display a warning message that the main app will be stopped meanwhile the restoring process (snapshot preview) is taking effect.
Snapshots can be restored to the original web app, a slot of the web app, or any other web app in the same App Service Plan. While the restore operation is in progress, the web app will be stopped. It is strongly recommended to restore snapshots to a new slot instead of overwriting an existing slot in order to prevent data loss if the restore operation is unsuccessful.
Snapshots contain both web app files and web app settings. You can choose to restore files only, or to restore the settings as well. All settings contained in regular backups are also…4 votesThanks for the suggestion we are looking into it, will update once we have updates to share
-
Update Web App ModSecurity module to 2.9.2
The current version of the ModSecurity module that is integrated in the IIS of the Web App Services is 2.8.0.
This version of ModSecurity has issues with the IP + Port formatting of the AlwaysOnline service. Please update it to 2.9.2.22 votes -
replicate app service for redundancy
would be good to have app services be replicated in another region for high availability and redundancy
11 votesThanks for your suggestion, we will review the ask. Will update the suggestion once we have it planned
-
Add a country code header to incoming requests
Google App Engine (https://cloud.google.com/appengine/docs/standard/go/how-requests-are-handled#app-engine-specific-headers) and Cloudflare (https://support.cloudflare.com/hc/en-us/articles/200168236-What-does-Cloudflare-IP-Geolocation-do-) are able to add a http header to requests with the visitor's ISO 3166 country code.
It would be nice to have this ability in web apps in Azure also.
9 votesThanks for the request and additional reference. We will be reviewing this but don’t have plans to work on this at the moment.
Thanks,
Oded
- Don't see your idea?