Web Apps

Web Apps in Azure App Service provide a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js or Python. Choose from a variety of source control options including TFS, GitHub, and BitBucket to set up continuous integration and develop as a team.

How can we improve Azure Web Apps?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. REST API shouldn't return 0 when it doesn't have the actual data

    Calling the REST API to get CPU or memory usage of an app service plan, if you ask for it in the last minute it can return 0 to you, when a few minutes later it will return the actual value for the same time, it seems it takes a while for the real data to be available to the API, however I think it's wrong to return incorrect data, it should not return a value until it has the real value.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →
    • Web Apps should not return 500 error when attacker appends MS-DOS devices to URLs

      If an attacker is trying to fingerprint your web server, perhaps looking for https://nvd.nist.gov/vuln/detail/CVE-2007-2897

      He may try https://yourSite.azurewebsites.net/AUX or https://yourSite.azurewebsites.net/PRN

      or any of the MS-DOS devices:

      https://support.microsoft.com/en-us/help/74496/ms-dos-device-driver-names-cannot-be-used-as-file-names

      Rather than return a 40x error, it returns a 500, and also leaks the server header "Server:Microsoft-IIS/8.0"

      This is a bad situation to be in - throwing 500 errors, and leaking the server technology. Throwing 500 errors makes our sites more susceptible to DoS attacks? If an attacker sends 1000s of requests that throw 500 errors, the site will go offline in a short period of time?

      0 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →

        Hi there,

        Thanks for bringing this up!

        We will look into the leaked server header, but based on some testing, it is not trivial fix.

        The internal server error responses are not harming your application in any way and cannot be used for DoSing the site (your site will not go down because of these). Unfortunately, fixing the response itself to 4xx type of response might be more challenging and there is currently no timeline for that and it is in our backlog.

        We will update when there is work deployed to address the above.

        Thanks,
        Oded

      • Option to migrate windows WebApp to linux WebApp

        I would like to migrate my existing azure app service web app (running on windows) to new app service Web App on Linux. Now I try to do it through backup and restore and the contents are not copied to the linux web app.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Flag idea as inappropriate…  ·  Admin →

          Thanks for that suggestion, can you please submit a support request to investigate why backup and restore didn’t copy the contents to the new linux web app.
          Note that backup and restore doesn’t move the *.azurewebsites.net hostname.

          Ahmed,
          App Service Team

        • App Service Environments Architecture and Cost

          I love using App Service Environments; however, the cost is shocking. We like that our App service can communicate over our express route to our data center. I gained some new understandings with how these services work on the back-end and it seems confusing. I have an understanding that normal App Service Plans operate such that a fault tolerant pair is available in a different part of the data center and in the event of a failure, your code is moved to the other pair. This is great and I love that. With ASE's the architecture changes and the use…

          6 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            under review  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
          • Add "Allow access to Azure services" in Azure App Service IP restrictions

            Re this thread

            https://www.yammer.com/azureadvisors/#/Threads/show?threadId=945875058

            I'd used PowerShell to manually add IP restrictions a couple of weeks ago. Right away my App Insights availability tests started failing so I narrowed the test location down to Dublin IE and allowed those IP/Subnets.

            Add an option similar to SQL Server "Allow access to Azure services" That white lists Azure App insights availability tests for selected regions.

            Thanks

            Luke

            12 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
            • Optionally stop the web app while backing up

              Some of my web apps have embedded databases that block the files they use. That prevents the backup from storing them (well, it actually stores a 0 byte file instead). This is not a big handicap if I make the backups manually, because I know the issue and I stop the web apps manually, but if I want to automate the backup I can't because almost always these files are locked...

              One possible solution would be to add an option in the backup configuration to stop the web app before running and start it again after it has finished.

              Thanks!

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • Give Linux web apps same deployment options as Windows based apps

                Linux based web apps have 3 deployment options (GitHub, BitBucket, Local Git repo) whereas Windows based apps have 7 deployment options (including the "External Repository" which is what I was looking for).

                This request is to bring the options for Linux based apps up to speed, and perhaps until then, provide documentation and/or UI verbiage as to why there are differences. I spent an hour or two trying to hook up GitLab as a deployment option (including trying to use the Azure CLI) in vein.

                BTW the CLI gives a cryptic error message when trying to add an external repository.…

                2 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
                • azure service environment (ASE) needs container support

                  You recently announced general availability for the new azure App Service in Linux and Web Apps for Containers. However, I can't get them to work inside my Azure Service Environment V2.0, I found a menu item to allow me to add an Azure App Service in Linux to my ASE, and I initially specified a docker container, but looking at the construct after that reveals the container is gone and the thing was neutered to a generic webapp.
                  Please enable your azure web apps with containers in ASE. These are, after all, just another variant of a webapp, and ASE…

                  5 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • Linux Static Site on Nginx

                    One of the most common web techniques today is static generated web sites. Ideally, there would be an option along with Node, Php etc for Static HTML. This would allow configuration for just running Nginx web servers to host static sites.

                    33 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                    • Provide an interface for dictating logic to the load balancer, or allow us to nuke instances

                      The load balancer for an App Plan is extremely simple minded in that it will always distribute load evenly.

                      This doesn't work in a production environment with real users.

                      e.g. if a webjob running on one machine picks up an intensive task from a queue, consuming all of the machine's resources, the load balancer will still forward users/requests to the affected machine.

                      Please provide some sort of control over the load balancer. Even just a basic interface to provide basic rules.

                      If you won't provide that, then at least instead allow us to nuke instances ourselves and provide us with…

                      4 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →

                        For heterogeneous workloads, the recommendation is to split the apps apart into separate app service plans. For example, webjobs isolated to in an app service plan separate and apart from the app service plan(s) running web or API applications.

                        We will keep this item open marked as “under review” because there are plans to onboard the per-worker metrics to the Azure Monitor feature, at which point programmatic scaling decision can be made from those metrics.

                        Currently worker metrics can be viewed from the UX by clicking into “Diagnose and Solve Problems” link for an app service plan. There will be a link in the UX blade that opens titled “Metrics per instance”. Drilling into that link will pull up another UX blade showing CPU usage (amongst other statistics) broken out by individual worker VMs.

                      • Metric and alert for Web App file system used quota

                        We would like to setup an automatic alert that fires when the file storage of an app plan is reaching its limits.

                        Ideally it will be great to have a metric that tells the % of storage (quota) consumed so we can set an alert on top of that metric.

                        25 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          3 comments  ·  Notifications  ·  Flag idea as inappropriate…  ·  Admin →

                          This is a great idea and we would like to implement it though there are a few dependencies we need to meet first. We are leaving this on the roadmap for now to see if it gains more customer support which will help with prioritization.

                          Thanks,
                          Oded

                        • rest api full sample app

                          You need to provide full sample app in rest api php good for php developers

                          7 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Add an SSL Certificate domain redirect checkbox

                            purchasing an SSL Certificate for a web app in Azure is convenient and straight forward.

                            I followed the instructions in this link:

                            Buy and Configure an SSL Certificate for your Azure App Service

                            https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-purchase-ssl-web-site

                            unfortunately, there is a missing step at the end of the procedure. there is no mention on how to configure a web.config rule so that a user is automatically redirected to the secure (https) version of the web site.

                            please create a checkbox to easily enable this capability.

                            2 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →

                              Hi Stephen,

                              Thank you for the feedback. We have opened an item with our documentation team to update this doc you linked to. There are some improvements we can definitely do in this space to make things clearer. More to come!

                              Thanks,
                              Oded

                            • Associating Hybrid Connections to Azure App Services cannot be automated

                              There is no way to associate a Hybrid Connection to an Azure App Service via ARM Template or PowerShell.

                              This is a significant gap since we cannot automate this at all when that is the driving factor for DevOps and PaaS services.

                              22 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                3 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
                              • Enable 'client certificate authentication' per directory

                                I have a site that only part of it needs to be secured with client certificate authentication, it is able to be enabled on the site level but not the directory level as per this article.

                                https://docs.microsoft.com/en-us/azure/app-service-web/app-service-web-configure-tls-mutual-auth

                                66 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  3 comments  ·  Flag idea as inappropriate…  ·  Admin →

                                  Hi,
                                  thanks for the feedback. This is not currently possible as client cert auth on App Service is in require mode and as such cannot be delegated to folder level.

                                  We will review this item and your feedback, we may look to implement this capability based on customer prioritization.

                                  Thanks

                                  Andrew

                                • Near-realtime consolidated web app consumption

                                  We need a consolidated way to see near-realtime CPU and Memory consumption for each Web App per App Service Plan. This way we can quickly identify which apps are consuming the most resources (specifically CPU and Memory) in that App Service Plan.

                                  These are the 2 scenarios we run into often:

                                  1. We run many web apps in each App Service Plan. We don't want to pay for a new App Service Plan until all memory (or CPU) is consumed on what we currently have. I could rebalance the sites (move some to another plan) if I could easily see…

                                  34 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    6 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Provide more secure TLS ciphers

                                    Currently Chrome flags the CBC ciphers as obsolete. CBC ciphers are at the top of the cipher preference list of Azure Web Apps as you can see there: https://www.ssllabs.com/ssltest/analyze.html?d=test.azurewebsites.net
                                    More info: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites


                                    So please provide some more secure ciphers from the ECDHE cipher suite like TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256.

                                    55 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      5 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • in ASE disable TLS 1.1

                                      Allow for the disablement of TLS 1.1 protocols from ASE in a similar method as TLS 1.0. This would help secure systems further for ISVs building new API Apps and help with additional security concerns and compliance for PCI and others.

                                      Allowing for the same method but adding an additional JSON in cluster settings to actually trigger the TLS 1.1 disablement would be good.

                                      "clusterSettings": [
                                      {
                                      "name": "DisableTls1.0",
                                      "value": "1"
                                      },
                                      {
                                      "name": "DisableTls1.1",
                                      "value": "1"
                                      }
                                      ],

                                      https://docs.microsoft.com/en-us/azure/app-service-web/app-service-app-service-environment-custom-settings#disable-tls-10

                                      8 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
                                      • FTP accounts tied to subscription, not user. Not enough auditing

                                        In the current model, FTP credentials are tied to a user's azure login. Thus, we have no visibility into credentials that are set, as we cannot see other people's FTP credentials they've set. Furthermore, when an FTP account is created or deleted, nothing is logged. This makes it difficult to audit who has access. With the logins being tied to the user, when the user leaves, there is no way for us to reclaim that username unless they delete their ftp credentials first. This doesn't always work, as a user may depart abruptly or not on good terms. Although the…

                                        33 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          4 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Hybrid Connection Manager Support for Linux

                                          We are an ISV leveraging Azure PaaS to provide an iPaaS service to customers. We have a requirement to connect to on premise servers to access line-of-business apps. Currently, we leverage Azure’s Hybrid Connection Manager --- but are limited to Windows servers only. Our customers have both Windows, Linux and mixed environments. This considerably limits our market.

                                          Can we expect Linux support? If so, when? Any suggested work arounds?

                                          Thank you for your consideration.

                                          11 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5
                                          • Don't see your idea?

                                          Web Apps

                                          Feedback and Knowledge Base