Web Apps
Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.
More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.
Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.
-
Add static IP address for outbound traffic without the use of App Service Environment
There are many reasons you may want to have a static IP address for outbound connections. For example, you may be accessing a system which requires you to whitelist IP address in a firewall, such as SQL Database or an external service.
Currently, the only way to get a static IP address for outbound connections is to use App Service Environment. App Service Environments are quite complex, and has a very high price tag. You need at least 4 instances, 2 of which must be P2, meaning you'll pay at least 1000 EUR/month. Paying 1000 EUR/month just because you want…
1,236 votesStill no news to share, just to add that we are investigating options on modifications for the App Service multi-tenant offering with enhanced capabilities.
Thanks,
Oded -
Enable 'client certificate authentication' per directory
I have a site that only part of it needs to be secured with client certificate authentication, it is able to be enabled on the site level but not the directory level as per this article.
https://docs.microsoft.com/en-us/azure/app-service-web/app-service-web-configure-tls-mutual-auth
462 votesHi,
thanks for the feedback. This is not currently possible as client cert auth on App Service is in require mode and as such cannot be delegated to folder level.We will review this item and your feedback, we may look to implement this capability based on customer prioritization.
Thanks
Andrew
-
Support Double Wildcard Custom Domains
For multi-tenant applications, we require the ability for Azure to support double wildcard custom domains.
Single wildcard custom domains are currently well supported, i.e.
*.mydomain.com
catches all unmapped, single subdomain urls e.g. level1ex.mydomain.com, level2ex.mydomain.com etc
The issue (which isn't documented: see forum post below) is that secondary level wildcards are not supported at all by Azure:
e.g. www.level2.mydomain.com will result in a 404 error.
Why is this important? in a multi tenant environment, with lots of customers on different subdomains, it is best from an end-user perspective to support a www. subdomain prefix, as that's what 99% of non-technerati do…
439 votesthis feature has been postponed as it wouldn’t be complete and might be revisited later if standards/supported features by CAs and browsers change (double wildcard certificates are not supported standard, resulting in no way to secure double wildcard domain)
-
Provide .NET language packs on Web Apps
I'm working on a website that uses System.ComponentModel.DataAnnotations
On my local machine, model validation messages are displayed in french but they are in english when I deploy the website to Azure.
Please install .NET language packs on Azure Web Apps so we don't have to create .resx files and messy code to override .NET built-in messages...
344 votesHi there,
We are still waiting on a few internal dependencies before we can complete this request.
Thanks,
Oded -
Antimalware feature on Web Apps (App Service)
Cloud Services and Virtual Machines have an antimalware feature to protect themselves from viruses.
However, Web Apps only protects their platform, and there is no customer-facing antimalware service now.
If we develop an application which receives files from anonymous users with an upload form, we can't detect and get rid of the viruses.
We strongly request the antimalware feature like that Cloud Services and Virtual Machines do.328 votesThere are no near term plans to provide this functionality. However we will keep it under review for periodic re-evaluation in the future.
Thank you,
Azure App Service Team -
Add Application Initialization Support for Scale Up/Down
The application initialization/warmup feature works great when scaling out/in, but when scaling up/down requests are immediately routed to the new instances before the application is warmed up. It would be great if the new instances could be warmed up before rerouting requests to them.
291 votesPlacing under review per Ruslan’s comments. We don’t have a timeline to share, but we will update the item once there is more information available.
Thanks,
Oded -
Scale Out wait for WarmUp complete before being added to LoadBalancer
When adding new instances to the LoadBalancer, scale out mechanism doesn't wait for those application instances to fully warm up.
Availability checker, via AppInsights, logs these responses, with the header:
'X-AppInit-WarmingUp: 1'Which means that IIS knows that the application is in it's WarmUp cycle, but the LoadBalancer is already trying to serve requests.
N.B. we _can_ add a rewrite rule to redirect the user to the original request, and hope that the LoadBalancer sends the user to a ready instance - but this feels like a hack.
282 votesThanks for the feedback. We are thinking of ways to make the warmup model better and fully ready for the app’s traffic. Right now, we just see the instance is ready before directing traffic.
Please refer to this blog post for more information about slots and AppInit.
https://ruslany.net/2015/09/how-to-warm-up-azure-web-app-during-deployment-slots-swap/Thanks,
Oded -
Allow Azure App Service IP Restriction configuration by PowerShell Script
At the moment an Azure App service has the ability to white list IP addresses through the Networking > IP Restriction blade. It would be useful if this could be configured through PowerShell.
213 votesThe option to manage your restrictions through PowerShell is on its way and the docs and being written to explain how to do this. We’ll update when the docs are out.
Thanks,
Oded -
Custom request headers in web server logs
This is generally useful, but my usecase if with Cloudflare:
When a web app is behind Cloudflare, all visitor IPs come Cloudflare's IPs. Cloudflare does forward the original visitor IP with a custom request header. I want to log this value in my web server logs. In IIS this is achieved with Advanced Logging, but this capability does not seem available in Azure web apps.
195 votesJust an update that we still have this feature on the backlog but with no concrete ETA. We will update when there is more to share.
Thanks,
Oded -
Ability to incrementally create/update AppSettings & ConnectionStrings
Actual problem:
Today if we don't provide all of the existing AppSettings or ConnectionStrings, the ones we omit are removed.Feature:
A little bit like the ARM deployment mode, add the ability to specify an Incremental & Complete mode when pushing settings. To ensure compatibility, Complete would be the default, keeping the behavior we have today. If we set the mode to Incremental, only the provided settings would be created/updated, leaving existing settings untouched.Use cases:
This would be very useful in cases where we want to sync AppSettings or ConnectionStrings for resources directly in our ARM templates for only…192 votesThanks for the suggestion, we are looking into the feature request
Ahmed
Azure App Service Team -
Make certificate deployment idempotent
When including a Microsoft.Web/certificates resource in an ARM template, the deployment will fail with "Another certificate exists with same thumbprint XXXXXXXXXXXXXXXXXXXX at location xxxx in the Resource Group xxxxxx." if the certificate already exists.
The deployment should be idempotent like all of the other resource types and not fail if the resource already exists.
Otherwise, the certificate has to be deployed manually and cannot be included in an ARM template used for CI/CD deployments (ie: from VSTS)
175 votesThis is a valid request and I am discussing a fix with the engineering team. I will follow up and update the ticket when new information comes through.
Thanks,
Jason -
Metric and alert for Web App file system used quota
We would like to setup an automatic alert that fires when the file storage of an app plan is reaching its limits.
Ideally it will be great to have a metric that tells the % of storage (quota) consumed so we can set an alert on top of that metric.
160 votesThis is a great idea and we would like to implement it though there are a few dependencies we need to meet first. We are leaving this on the roadmap for now to see if it gains more customer support which will help with prioritization.
Thanks,
Oded -
Enable 'Connect', 'Log Stream', 'Console' etc for App Service Environment
When you deploy an App Service into an App Service Environment behind an ILB, much of the UI is greyed out. Examples of this is the 'Connect' button, 'Log Stream', 'Console' etc.
I have to manually construct a URL to get to the kudu endpoint right now in order to use the console.
160 votesThanks for bringing this up! This is a known issue and we are working on it. We’ll update the item when complete.
Thanks,
Oded -
TLS 1.3 is now approved, this should be implemented with Web Apps
TLS 1.3 is now no longer a draft, when will Azure introduce the option to enable it?
150 votesHi there,
Given TLS 1.2 was just enabled on Web Apps, we don’t have a plan for when the work will be done to enable 1.3. We will definitely leave this on the backlog as we will come back to it when relevant
Thanks,
Oded -
Associating Hybrid Connections to Azure App Services cannot be automated
There is no way to associate a Hybrid Connection to an Azure App Service via ARM Template or PowerShell.
This is a significant gap since we cannot automate this at all when that is the driving factor for DevOps and PaaS services.
133 votesWe are looking at options here.
Thanks,
Oded -
Allow IP Restrictions to be a Slot Setting
In the same way as we have with App Settings it should be possible to make the IP Restrictions a slot setting (sticky) so that they don't migrate when you swap slots. This could be per IP even....
116 votesThis is a valid request. We are looking to update more settings that will be sticky to a slot and we have added IP restrictions to that list.
Thanks,
Oded -
The Always On setting should have an option to make it sticky to the slot when swapping
This is odd it isn't this way by default but should at the very least have an option to make it sticky so as to not break anyone's current practices (in fact, shouldn't more settings have the option to be sticky?).
The issue here is that an always on slot consumes resources. If for example each app consumes 200Megs of RAM, and I have 5 app services running on a service plan, each app service has 2 slots for swapping, then I need to have Always On turned on unnecessarily for 10 slots (2gigs of RAM consumed for nothing). The…
111 votesMoving the feature request to under review. When we have a clear timeline to share, we’ll update the status.
Thanks,
Oded -
Restart App Service Plan (all Web Apps in a plan), something similar to iisreset, from within the portal
It would be great to have a restart button, similar to the restart button in a Web App, but on the App Service Plan level to restart all Web Apps in a plan. something similar to iisreset.
100 votesHi Ibrahim,
What issue are you trying to solve? What use case would this be used for?
It seems to me that placing a restart option on the plan level might do more harm than good, by resetting the memory on all the apps under the plan. Depending on your scenario, auto-heal would be a great solution to solve individual machine issues. See a video by my colleagues here for more details: https://channel9.msdn.com/Series/Windows-Azure-Web-Sites-Tutorials/Auto-Healing-an-Azure-App-Service
Placing this idea under review for now until I understand what’s at the base of the request here.
Thanks!
Oded -
Add "Allow access to Azure services" in Azure App Service IP restrictions
Re this thread
https://www.yammer.com/azureadvisors/#/Threads/show?threadId=945875058
I'd used PowerShell to manually add IP restrictions a couple of weeks ago. Right away my App Insights availability tests started failing so I narrowed the test location down to Dublin IE and allowed those IP/Subnets.
Add an option similar to SQL Server "Allow access to Azure services" That white lists Azure App insights availability tests for selected regions.
Thanks
Luke
93 votesThere was some confusion about this feature due to the documentation for it and UX originally released had a bug.
The IP Restrictions feature works as an ALLOW list, rather than a DENY list as originally stated.
The ask here is still valid, there are other services in azure (like SQL) that have UI to explicitly allow other azure services to reach the database. While this is convenient for development scenarios, it’s not a good idea for securing the resource.
We’ll keep an eye on this request and see if it gathers more up-votes.
-Byron
-
App Service - Allow Named Pipe Activation to be enabled
We would like to use named pipes to communicate between services on the same app service, but this doesn't seem to be possible since named pipe activation isn't enabled in .Net on the app service.
88 votesThanks for the entry. We’re taking a look.
Oded
- Don't see your idea?