Umbraco application with cookie hosted on Azure App GW doesn't work via WAF V2

Question

Umbraco application with cookie hosted on Azure App GW doesn't work via WAF V2

Manjunatha Munireddy 1

Hello,

Our customer is using Application Developed in Umbraco 10.

This Application URL is configured to access over public/internet via Azure Application Gateway WAF V2.

But umbraco backoffice doesn't work as expected, when we login to application, it just gives blank page.

UMB_UCONTEXT_C and values are alphanumeric with special characters and having (_) and (-) as well.
A similar type of issue has been reported here
https://github.com/MicrosoftDocs/azure-docs/issues/94465

I have the listener created “xyz.com-443” on azure app gw
I have created a local host entry for DNS resolution pointing to my azure app gw WAF V2 public IP
This listener has the WAF policy mapped “xyz.com-wafpolicy01”
WAF Policy is in prevention mode
I have reviewed the WAF logs and allowed the URI’s and application related cookies and requests, post reviewing the WAF logs
Now I don’t see anything getting blocked on WAF policy (Azure App GW logs)
But Still the URL https://xyz.com/umbraco application if i login, it is giving me blank page
There are few article that I have referred, https://github.com/MicrosoftDocs/azure-docs/issues/94465 and https://github.com/umbraco/Umbraco-CMS/issues/12580
I have tried putting the WAF policy into Detection mode and Disable it, But still no luck

Any Workaround or suggestion on this issue ?

KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator

2023-08-01T12:41:58.0266667+00:00
@Manjunatha Munireddy

To troubleshoot the exact issue, I think we will need a specialized 1:1 session, where a support engineer can have a screen share session to pinpoint the issue. If you have a support plan you may file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.

In case you need a one-time free technical support could you please send an email to

AzCommunity[At]Microsoft[Dot]Com with the below details.

Subject : Attn Kaananth

Thread URL: Link to this thread.

Subscription ID : Subscription ID of Application gateway Cheers,

Kapil
Manjunatha Munireddy 1 Reputation point

2023-08-03T05:27:10.12+00:00
To offer further insight into the issue:

Upon closer examination, I have delved into the matter.

We are currently running two instances of IIS servers hosting the Backoffice Umbraco application. These servers share a common Azure Storage Account File Share.

Upon disabling the IIS service on one of the servers and running it solely on the other, the application functions as intended. It successfully operates with the Azure App GW over the internet while being accompanied by the mapped WAF policy

However, the problem surfaces when we activate the IIS services on both backend servers simultaneously.
KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator

2023-08-03T13:57:53.87+00:00

@Manjunatha Munireddy

Thanks for the detailed insights.

However, I am afraid the details are still not enough for us to isolate the issue over Q&A platform.

So I would suggest you to file a support ticket, so that we can check the logs at the platform level.

Thanks,

Kapil

1 answer

Your answer

KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator

2023-08-01T12:41:58.0266667+00:00

@Manjunatha Munireddy

To troubleshoot the exact issue, I think we will need a specialized 1:1 session, where a support engineer can have a screen share session to pinpoint the issue. If you have a support plan you may file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.

In case you need a one-time free technical support could you please send an email to

AzCommunity[At]Microsoft[Dot]Com with the below details.

Subject : Attn Kaananth

Thread URL: Link to this thread.

Subscription ID : Subscription ID of Application gateway Cheers,

Kapil
Manjunatha Munireddy 1 Reputation point

2023-08-03T05:27:10.12+00:00

To offer further insight into the issue:

Upon closer examination, I have delved into the matter.

We are currently running two instances of IIS servers hosting the Backoffice Umbraco application. These servers share a common Azure Storage Account File Share.

Upon disabling the IIS service on one of the servers and running it solely on the other, the application functions as intended. It successfully operates with the Azure App GW over the internet while being accompanied by the mapped WAF policy

However, the problem surfaces when we activate the IIS services on both backend servers simultaneously.
KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator

2023-08-03T13:57:53.87+00:00

@Manjunatha Munireddy

Thanks for the detailed insights.

However, I am afraid the details are still not enough for us to isolate the issue over Q&A platform.

So I would suggest you to file a support ticket, so that we can check the logs at the platform level.

Thanks,

Kapil

Answer 1

@Manjunatha Munireddy

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I see that you have reached out to Azure Support and they have provided an analysis of your environment.

From their observation,

Application Gateway will drop any header that contains characters other than alphanumeric and hyphens.
This is documented here: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-faq#why-are-some-header-values-not-present-when-requests-are-forwarded-to-my-application

Request header names containing other characters are discarded when a request is sent to the backend target. Response header names can contain any alphanumeric characters and specific symbols as defined in RFC 7230, except for underscores (_).

Please let us know if we can be of any further assistance here.

Thanks,

Kapil

Please Accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer.

Share via

Umbraco application with cookie hosted on Azure App GW doesn't work via WAF V2

1 answer

Your answer