@Arni Leibovits thanks for bringing this to our attention.
You can configure Azure App Service to exclude sensitive information, such as cookies and IP addresses, from HTTP logs by using the applicationHost.xdt
file. This file allows you to modify the configuration of the IIS server that hosts your App Service.
Here are the steps you can follow to exclude sensitive information from HTTP logs:
Create an applicationHost.xdt
file: Create a file named applicationHost.xdt
in the root directory of your App Service. This file will be used to modify the IIS server configuration.
Add the following XML code to the applicationHost.xdt
file:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<httpLogging xdt:Transform="InsertIfMissing">
<dontLogCookie xdt:Transform="InsertIfMissing" name=".AspNetCore.Identity.Application" />
<dontLogCookie xdt:Transform="InsertIfMissing" name=".AspNetCore.Antiforgery.*" />
<dontLogClientIp xdt:Transform="InsertIfMissing" />
</httpLogging>
</system.webServer>
</configuration>
This code adds the dontLogCookie
and dontLogClientIp
elements to the httpLogging
element in the IIS server configuration. The dontLogCookie
elements exclude the specified cookies from HTTP logs, and the dontLogClientIp
element excludes client IP addresses from HTTP logs.
Deploy the applicationHost.xdt
file: Deploy the applicationHost.xdt
file to your App Service by including it in your deployment package.
Best,
Grace