Web Apps
Web Apps in Azure App Service provide a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js or Python. Choose from a variety of source control options including TFS, GitHub, and BitBucket to set up continuous integration and develop as a team.
-
Antimalware feature on Web Apps (App Service)
Cloud Services and Virtual Machines have an antimalware feature to protect themselves from viruses.
However, Web Apps only protects their platform, and there is no customer-facing antimalware service now.
If we develop an application which receives files from anonymous users with an upload form, we can't detect and get rid of the viruses.
We strongly request the antimalware feature like that Cloud Services and Virtual Machines do.59 votesThere are no near term plans to provide this functionality. However we will keep it under review for periodic re-evaluation in the future.
Thank you,
Azure App Service Team -
Enable 'client certificate authentication' per directory
I have a site that only part of it needs to be secured with client certificate authentication, it is able to be enabled on the site level but not the directory level as per this article.
https://docs.microsoft.com/en-us/azure/app-service-web/app-service-web-configure-tls-mutual-auth
44 votesHi,
thanks for the feedback. This is not currently possible as client cert auth on App Service is in require mode and as such cannot be delegated to folder level.We will review this item and your feedback, we may look to implement this capability based on customer prioritization.
Thanks
Andrew
-
Add static IP address for outbound traffic without the use of App Service Environment
There are many reasons you may want to have a static IP address for outbound connections. For example, you may be accessing a system which requires you to whitelist IP address in a firewall, such as SQL Database or an external service.
Currently, the only way to get a static IP address for outbound connections is to use App Service Environment. App Service Environments are quite complex, and has a very high price tag. You need at least 4 instances, 2 of which must be P2, meaning you'll pay at least 1000 EUR/month. Paying 1000 EUR/month just because you want…
252 votesThanks for the suggestion. The App Service is a multi tenant service which makes features like this more challenging. Because the App Service Environment is single tenant and runs in your VNet it makes having a static IP for outbound requests from your app possible.
Christina
-
41 votes
We are still working on dependent services to be upgraded to .NET core – most notably OData support. Once that happens, I will update this request,
-
can we set alert for OpenSocketCount crossing limit on web app level
If by any chance of buggy code sockets are not closed and the count goes on increasing to the limit set, we should receive alert which will help in web app going down.
2 votesThanks for the idea. We have this planned right now but with no timeline yet. We’ll update when it’s available.
Thanks,
Oded -
Provide .NET language packs on Web Apps
I'm working on a website that uses System.ComponentModel.DataAnnotations
On my local machine, model validation messages are displayed in french but they are in english when I deploy the website to Azure.
Please install .NET language packs on Azure Web Apps so we don't have to create .resx files and messy code to override .NET built-in messages...
203 votesHi there,
We are still waiting on a few internal dependencies before we can complete this request.
Thanks,
Oded -
Azure websites should permit to set a regional time setting independent of the Region deployed.
Right now when an Azure website is created it sets the time to the region specified on the deployment.
It would be useful to be able con configure the ntp server for a website for the country our company is set, independent of the azure datacenter where the website was deployed.72 votesThank you for the additional details. This is a great feature request! We have entered an item for this on our product backlog and will wait to see if it gathers more support from our customers.
Thanks,
Oded -
Allow Custom URL Rewrite Handler for Database
Allow installation of a GAC custom rewrite handler for doing URL rewrites on Web Apps using a database backend.
17 votesHi there,
Thanks for bringing this up once more. We will have an internal conversation again about implementing for App Service.
Thanks,
Oded -
Custom request headers in web server logs
This is generally useful, but my usecase if with Cloudflare:
When a web app is behind Cloudflare, all visitor IPs come Cloudflare's IPs. Cloudflare does forward the original visitor IP with a custom request header. I want to log this value in my web server logs. In IIS this is achieved with Advanced Logging, but this capability does not seem available in Azure web apps.
13 votesJust an update that this is still under review. We have a few dependencies we need to work out before completing the item. We don’t have a timeline to share right now but will update when it becomes available.
Thanks,
Oded -
Online Certificate Status Protocol (OCSP) Stapling
We are seeing some delays in Time To First Byte because OCSP stapling is not active on Azure Web Apps SSL endpoints.
This causes our clients' browsers to call the issuing CA's endpoint before SSL negotiation can really begin.Stapling would save the client browser from having to make an extra request to the CA checking if the certificate has been revoked.
There is also a potential privacy issue for our clients that the CA will be able to log these requests. If the web server takes care of OCSP on the other hand no requests will be sent from…
103 votesThank you for the feedback, we are looking into the option.
Thanks,
Oded, App Service -
Ability to suspend App Service Plans without charge
To save on costs, we want the ability to shut down an App Service Plan overnight while nobody is using it. We can shut down the Web App itself in an automated fashion, but the App Service Plan still charges us even through there are no running instances. Deleting and rebuilding the App Service and the App Service Plan is an option, but it is messy. Please consider not charging for periods where there are no running resources attached to the App Service Plan.
68 votesWe are leaving this idea open, though in the meantime note that you can scale down the App Service Plan to the free or shared tier to reduce costs.
-
[Linux] Allow remote debugging of .NET core apps hosted by linux app services
It is currently not possible to remote debug .NET core applications running on Azure Linux App Services. Please consider to add remote debugging to the feature list of Linux App Services.
14 votesThanks for suggesting that, we are looking into a number of ways to have that support. Unfortunately we don’t have a timeline for introducing such capability.
Ahmed
App Service Team -
Ability to move Web Apps to a different Resource Group
Really need this one, due to the inability to Change App Service Plan on a web app when the App Service Plan has a different Resource Group
34 votesHi, This scenario is currently unsupported, you can move your app between resource groups but you can’t move it to another app service plan if the destination app service plan is in a different resource group than the source resource group, even if both app service plans are on the same scale unit.
We are currently investigating how we can add the support for such scenario, and we will share any updates.Ahmed (App Service Team)
-
Add the ability to see the request queue for web apps in the azure portal
It would be great if we could see the current request queue for a web app in the portal (like you can in IIS)
This is very useful for debugging issues with long running requests and spotting weird things like 1 ip making masses of concurrent requests.
22 votes -
Near-realtime consolidated web app consumption
We need a consolidated way to see near-realtime CPU and Memory consumption for each Web App per App Service Plan. This way we can quickly identify which apps are consuming the most resources (specifically CPU and Memory) in that App Service Plan.
These are the 2 scenarios we run into often:
1. We run many web apps in each App Service Plan. We don't want to pay for a new App Service Plan until all memory (or CPU) is consumed on what we currently have. I could rebalance the sites (move some to another plan) if I could easily see…
33 votesThanks for the clarification. We’ll go back to the team and dig more into this.
Oded
-
Provide more secure TLS ciphers
Currently Chrome flags the CBC ciphers as obsolete. CBC ciphers are at the top of the cipher preference list of Azure Web Apps as you can see there: https://www.ssllabs.com/ssltest/analyze.html?d=test.azurewebsites.net
More info: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites
So please provide some more secure ciphers from the ECDHE cipher suite like TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256.29 votesHi there,
We are constantly reviewing cipher suites and will update more in the future.
Thanks,
Oded -
can switch region in anytime
can switch app services plan to anytime
3 votesCan you add more details here on what you’re asking for and what your desired outcome is? It’s unclear from your description.
If you’re asking about switching regions for your resource group, you can look into moving the resources through our move API without assistance from support: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move-resources
Thanks,
Oded -
Support Double Wildcard Custom Domains
For multi-tenant applications, we require the ability for Azure to support double wildcard custom domains.
Single wildcard custom domains are currently well supported, i.e.
*.mydomain.com
catches all unmapped, single subdomain urls e.g. level1ex.mydomain.com, level2ex.mydomain.com etc
The issue (which isn't documented: see forum post below) is that secondary level wildcards are not supported at all by Azure:
e.g. www.level2.mydomain.com will result in a 404 error.
Why is this important? in a multi tenant environment, with lots of customers on different subdomains, it is best from an end-user perspective to support a www. subdomain prefix, as that's what 99% of non-technerati do…
304 votesThanks GS! We will add it to our backlog and report back when we have a timeline.
-
Metric and alert for Web App file system used quota
We would like to setup an automatic alert that fires when the file storage of an app plan is reaching its limits.
Ideally it will be great to have a metric that tells the % of storage (quota) consumed so we can set an alert on top of that metric.
10 votesThis is a great idea and we would like to implement it though there are a few dependencies we need to meet first. We are leaving this on the roadmap for now to see if it gains more customer support which will help with prioritization.
Thanks,
Oded -
FTP accounts tied to subscription, not user. Not enough auditing
In the current model, FTP credentials are tied to a user's azure login. Thus, we have no visibility into credentials that are set, as we cannot see other people's FTP credentials they've set. Furthermore, when an FTP account is created or deleted, nothing is logged. This makes it difficult to audit who has access. With the logins being tied to the user, when the user leaves, there is no way for us to reclaim that username unless they delete their ftp credentials first. This doesn't always work, as a user may depart abruptly or not on good terms. Although the…
31 votesHi there,
Thanks for logging this idea. It’s definitely a valid request and we’ll leave it under review to see it collects more support from users.
As a reference, take a look at the deployment credentials doc we have out: https://docs.microsoft.com/en-us/azure/app-service-web/app-service-deployment-credentials
Thanks,
Oded
- Don't see your idea?
