Connecting WebApp Service and a DBaaS (MS SQL MySQL etc)PaaS through a VNet service. We understand that there is a SNAT limitation when a webapp service is connected to a PaaS service that causes error in the application.
We need private endpoint for DB PaaS services for overcoming the SNAT limitation and also to reduce the latency while connected through private IP address.43 votes
Currently ASE allows uploading of ILB certificates through script/portal.
Provision to autopick certificate from Azure KeyVault using thumbprint should be made possible through script/portal13 votes
When an App Service is configured with an IP Restriction, only whitelisted IP's can access the App service URL/site. Other users cant access the URL. By default the blacklisted IP's or denied IP's will receive
Error 403 - This web app is stopped. Many SR's can been be seen with this requirement to divert or return custom error message instead of 403 error. It would be great if we have a feature in portal to divert with custom message when the IP restrictions are configured for a web app.12 votes
Allow multiple VNET integrations inside an app service plan as it affects the existing production loads.9 votes
The Web Apps have a VNET Configuration section.
This becomes very useful in consuming database/storage/keyvault via subnet endpoint(s) without employing the expensive App Service environment (ASE).
unfortunately it has been in preview since last Aug 2018. I worked with product team to get the bug fixed (~Mar 2019) i.e it could not talk to SQL PaaS DB over endpoint.
Please if you can help release that functionality so we can use this in prod.9 votes
When the singleton lock is reset, the job may start in parallel, and I would like to detect, to able to distinguish whether the singleton lock has been reset.8 votes
I want to configure RBAC (IAM) individually for Web App with hybrid connection, but I can only configure it per Web App.
Also, although the actual status of the hybrid connection should be Service Bus, it can not be set because it is not displayed in the list.
I would like to be able to configure RBAC (IAM) separately for Web App with hybrid connections.8 votes
There doesn't seem to be a clear and defined way to manage HTTP headers with an Azure static website. I know this feature is still in preview but my team and I are attempting to make this into a production ready web application.
Developers need to be able to access the KUDU logs for deployment and diagnostic troubleshooting without having contributor access to the web app. Can a read-only role or resource provider operation be created in order to grant this level of access?7 votes
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
We are seeing intermittent exceptions while making outbound calls from Azure to other system on our application hosted on Azure App Service. We talked to the Azure support team they provided some good feedback on how to reduce it but we are not provided any logs i.e. what happens on back end on network level so that we can establish some bench marking for our performance testing. We have seen the issue couple of times and not getting consistent root cause of the issue backing up by logs etc. This makes this issue very unpredictable and only option to solve/reduce this issue occurrence is just keep catching these issues and retry or go with Expensive Tiers.
We are seeing intermittent exceptions while making outbound calls from Azure to other system on our application hosted on Azure App Service. We talked to the Azure support team they provided some good feedback on how to reduce it but we are not provided any logs i.e. what happens on back end on network level so that we can establish some bench marking for our performance testing. We have seen the issue couple of times and not getting consistent root cause of the issue backing up by logs etc. This makes this issue very unpredictable and only option to solve/reduce…6 votes
We run more than one app per hosting plan. In dev we have 63 apps on one plan (I know this isn't advised but it saves money for dev and illustrates the point). If we have one app that is eating most of the CPU or memory there is no simple way to find this at the app plan level, I have to look at 63 different screens or add 63 different counters to the same screen. The app plan has a 'per instance' button that is great for seeing how each node in the plan is doing but we want to further break that down per app. Think of perfmon on an old iis server.
We run more than one app per hosting plan. In dev we have 63 apps on one plan (I know this isn't advised but it saves money for dev and illustrates the point). If we have one app that is eating most of the CPU or memory there is no simple way to find this at the app plan level, I have to look at 63 different screens or add 63 different counters to the same screen. The app plan has a 'per instance' button that is great for seeing how each node in the plan is doing but we…6 votes
I’d love to see a warning - at least - in the azure portal that connectionStrings with hyphens are a bad idea... that would prevent a lot of wasted debugging hours for others.5 votes
We have webapps that is querying Hive on HDInsight which is working fine when hosted on on-prem IIS. We need Hive ODBC driver installed on the VM to get it works.
But when we deploy on Azure App Service it's failing due to missing driver.
Can Microsoft® Hive ODBC Driver installed on Azure App Service Environment & Azure Function please?4 votes
The support to disable Basic Auth is highly important in App Service from security point of view.
The reason is very simple, any one access to have Basic Auth credential can be disastrous and is providing the weakest link to peep into your environment.
It might be helpful in many ways but at the same time can be highly dangerous if not handled properly.3 votes
Currently, the Authentication / Authorization blade for azure web apps does not have a specific configurations for protecting virtual directories. however, many business cases need to have the main site available for public but some pages (like admin pages) need to be protected by Azure AD
Therefore, it will be great to use Azure Active Directory sign-in to protect a virtual directory in web app.
Raed Alahmad3 votes
One of the STIG recomendations is to disable the Scripting.FilesystemObject ComObject (
https://www.stigviewer.com/stig/iis_7.0_web_server/2017-04-05/finding/V-13700) This can be easily done on an IIS server, but not on a (Windows) WebApp3 votes
Node Apps on App Service can specify version of Node runtime in "engines" section of package.json,
But Function Apps(Runtime v2) cannot specify version by description of package.json, so they has to specify version of node by setting of WEBSITE_NODE_DEFAULT_VERSION variable.
Is this behavior by design?3 votes
Add support for NetworkWatcher / NSG Flow logs for App Service with Regional Vnet Integration enabled
At the moment, if one uses an App Service with Vnet Integration there is NO way to monitor the traffic that traverses this path. For organizations with requirements to monitor ALL network traffic for integrity / Security / Audit purposes - this presents a significant challenge as ALL traffic that traverses this integration is not able to be monitored. Since the App Service presents itself as on a given subnet within the Vnet - there should be NO reason that NetworkWatcher or NSG flow logs shouldn't be usable.3 votes
Add support to do POST health check requests for SOAP web service health checks, instead of only doing a GET for health checks
Adding support to do POST health check requests for SOAP web service health checks in traffic manager, instead of only doing a GET for health checks.
The current issue is the dynamic DNS is not detecting proper outages of our SOAP web services because it performs a GET request and doesn't seem any problems, however we have had problems where our POST requests have stopped working and the dynamic DNS does NOT kick it since it can't detect it.3 votes
An alert should be raised when a .NET Core version upgrade is scheduled for the App Service platform. Ideally, the alert should occur well in advance of the actual upgrade to give application teams time to prepare.2 votes
- Don't see your idea?