search

projectkudu / kudu

Kudu is the engine behind git/hg deployments, WebJobs, and various other features in Azure Web Sites. It can also run outside of Azure.
Apache License 2.0
3.12k stars 654 forks source link

Set server variable using xdt transform file is working but not working #2627

Closed Workshop2 closed 6 years ago

Workshop2 commented 6 years ago

Hello,

We are trying to rewrite the "host" header given a header of "X-CF-ORIGIN" - this works locally, however, in the app service, all logging indicates it has worked but we don't seem to see the effect.

We expect to get a 500 error for an incorrect HOST header, however, the site resolves as if the host header has not been changed.

We have seen other posts on here about XDT transform (and have read the warning about doing it). E.g. https://github.com/projectkudu/kudu/issues/2053

Also, our XDT transform indicates it has worked (see below):

Our rewrite rule:

  <rule name="CDN Host Header Rewrite" stopProcessing="false">
    <match url=".*" />
    <conditions logicalGrouping="MatchAll" trackAllCaptures="true">
      <add input="{HTTP_X_CF_ORIGIN}" pattern="(.+)" />
    </conditions>
    <serverVariables>
      <set name="HTTP_HOST" value="{C:1}" />
    </serverVariables>    
    <action type="None" />
  </rule>

Our XDT Transform:

<?xml version="1.0"?> 
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform"> 
 <configSections>
        <sectionGroup name="system.webServer"
                      xdt:Locator="Match(name)">
            <sectionGroup name="rewrite" xdt:Locator="Match(name)">
        <section name="allowedServerVariables"
                     overrideModeDefault="Allow"
                     xdt:Locator="Match(name)"
                     xdt:Transform="Replace" />
            </sectionGroup>
        </sectionGroup>
    </configSections>
    <system.webServer> 
        <rewrite>
            <allowedServerVariables>
            <add name="HTTP_HOST" xdt:Transform="InsertIfMissing" />
            </allowedServerVariables>
        </rewrite>
    </system.webServer>
</configuration>

applicationHost:

      <sectionGroup name="rewrite">
        <section name="rules" overrideModeDefault="Allow" />
        <section name="globalRules" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
        <section name="outboundRules" overrideModeDefault="Allow" />
        <section name="providers" overrideModeDefault="Allow" />
        <section name="rewriteMaps" overrideModeDefault="Allow" />
        <section name="allowedServerVariables" overrideModeDefault="Allow" />
      </sectionGroup>
    <rewrite>
      <allowedServerVariables>
        <add name="HTTP_HOST" />
      </allowedServerVariables>
      <globalRules />
      <outboundRules />
      <providers />
      <rewriteMaps />
      <rules />
    </rewrite>

Failed Request Tracking: image

Please help - what have we missed?

davidebbo commented 6 years ago

Please see https://github.com/projectkudu/kudu/wiki/Azure-Site-Extensions#understanding-what-could-go-wrong-with-xdt-transforms. The first step is to determine if you're in category 2 or category 3 from the "Understanding what could go wrong with xdt transforms" section.

Workshop2 commented 6 years ago

@davidebbo I believe we would be no.2

Transform looks good, looks like it is applied but ASP app isn't detecting the host header change.

davidebbo commented 6 years ago

2 is when the transform does not produce the applicationhost.config that you expect. You pasted your applicationhost.config above, but don't make it clear whether it is what you expect to see.

Or if it is what you expect, then it's the third category. In that case, the question becomes: does the same thing work if you use this same markup on your local iis applicationhost.config.

Workshop2 commented 6 years ago

Sorry about that, then it's no.3.

Yes, this code works locally on iis with rewrite module installed - we have tested it via postman. When setup on app service the logging indicates it has worked (failed request tracking) but the new host header isn't picked up in the .net code.

davidebbo commented 6 years ago

Sorry, it's going to take more of an IIS expert on this one. My angle is the XDT transform side, and if it transformed your applicationhost.config into exactly what you wanted it to be, it did its job. The rest comes down to IIS.

About your transform, I don't think you need to change allowedServerVariables overrideModeDefault="Allow", since you are not overriding it. You're simply setting it directly in your applicationhost.config. But that's likely unrelated to the issue you're seeing.

Workshop2 commented 6 years ago

@davidebbo we did the overrideModeDefault as we hoped it would solve the problem as mentioned in the issue #2053.

Who can we quiz about IIS in app services on this problem? This is a major road blocker to some work we are doing.

davidebbo commented 6 years ago

The App Service forum or StackOverflow are good places for general App Service questions.

Workshop2 commented 6 years ago

In case anyone else wants to follow my desperation of fixing this, I have posted the question on Stack Overflow: https://stackoverflow.com/questions/47339128/azure-app-service-applicationhost-config-set-server-variable-is-working-but-not

Workshop2 commented 6 years ago

I have also posted it to App Service Forum https://social.msdn.microsoft.com/Forums/azure/en-US/b49374e6-1456-4a9c-9fe9-464f2f3d89db/azure-app-service-applicationhostconfig-set-server-variable-is-working-but-not-working?forum=windowsazurewebsitespreview

CameronWills commented 6 years ago

For what its worth, our implementation worked with applicationHost.xdt

applicationHost.xdt

<?xml version="1.0"?>  
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">  
    <configSections>
        <sectionGroup name="system.webServer" xdt:Locator="Match(name)">
            <sectionGroup name="rewrite" xdt:Locator="Match(name)">
        <section name="allowedServerVariables" overrideModeDefault="Allow" xdt:Locator="Match(name)" xdt:Transform="SetAttributes(overrideModeDefault)" />
            </sectionGroup>
        </sectionGroup>
    </configSections>
</configuration>

web.config

 . . .
  <rewrite>
      <allowedServerVariables>
        <add name="HTTPS" />
        <add name="SERVER_PORT" />
      </allowedServerVariables>

      <rules>
        <!-- Mark request as HTTPS when SSL terminated at WAF -->
        <rule name="SimulateHTTPs" patternSyntax="Wildcard" xdt:Transform="Insert">
          <match url="*" />
          <conditions>
            <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" />
          </conditions>
          <serverVariables>
            <set name="HTTPS" value="on" />
            <set name="SERVER_PORT" value="443" />
          </serverVariables>
          <action type="None" />
        </rule>
      </rules>
  </rewrite>
 . . .