Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,083 questions
Application gateway not added x-forwarded-proto request header
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 95%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWA%3C/text%3E%3C/svg%3E)
Will Ang
20
Reputation points
Application gateway front listener listen https, the backend is a container app, the backend setting listen http, when use custom domain of application gateway public ip to visit the container app web application encounter the following error, and the application trace shoulds x-forwarded-proto, x-forwarded-for, x-forwarded-host are all null,
"
jquery.min.js:2 Mixed Content: The page at 'https://simpleregimen.com/login.html?requestedUrl=http%3A%2F%2Fsimpleregimen.com%2Fem' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://simpleregimen.com/em?_=1727336261383'. This request has been blocked; the content must be served over HTTPS."
it seems Application gateway not worked as the document say
Application gateway inserts six additional headers to all requests before it forwards the requests to the backend. These headers are x-forwarded-for, x-forwarded-port, x-forwarded-proto, x-original-host, x-original-url, and x-appgw-trace-id. The format for x-forwarded-for header is a comma-separated list of IP:port. https://learn.microsoft.com/en-us/azure/application-gateway/how-application-gateway-works#modifications-to-the-request
I tried add rewrite set to the rule, but still not work, is this a bug in the application gateway or does it require additional configuration? Thanks!
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Rohith Vinnakota 1,085 Reputation points Microsoft Vendor2024-09-30T23:41:59.7833333+00:00 Hi Will Ang,
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
This could be related to a site serving a mix of HTTPS and HTTP Content
Configure the end-to-end TLS encryption.
Alternatively, you can consider using Azure Front Door which provides the HTTPS capability.
If you have any further concerns, please do not hesitate to contact us.
We are pleased to help you.
If the information is helpful, please click on "Upvote" and "Accept Answer" so that it would be helpful to other community members.
-
Rohith Vinnakota 1,085 Reputation points Microsoft Vendor
2024-10-01T20:20:50.9066667+00:00 Hi Will Ang,
Greetings of the day!!
Just checking in to see if you had a chance to see my response to your question. Please tell us if it was helpful and feel free to reach out to us if you have any queries.
Thanks,
Rohith
-
Rohith Vinnakota 1,085 Reputation points Microsoft Vendor
2024-10-07T21:43:59.3+00:00 Hi Will Ang,
Greetings of the day!!
Just checking in to see if you had a chance to see my response to your question. Please tell us if it was helpful and feel free to reach out to us if you have any queries.
Thanks,
Rohith
-
Will Ang 20 Reputation points
2024-10-08T12:21:14.0166667+00:00 I apologize, I just returned from my vacation. Thank you for your reply. I understand that end-to-end TLS can solve the aforementioned problem, but I do not want to use HTTPS in the backend settings of the app gateway because the ingress of the backend container app is restricted within the virtual network. I believe TLS termination is more suitable. I have added a certificate to the listener in the application gateway as per the documentation, which should have activated TLS termination. Therefore, my question is why the app gateway has not added the x-forwarded-proto and other request headers as described in the documentation?
Here are the specific configuration details(sorry, there is no deployment at the moment, so I will describe the specific configuration in text):
- Container app ingress limit to vnet allow insecure is true
add a custom domain, let's call it test.com, without binding certificatesession sticky is enabled - Application gateway backend pool use container app's fqdn, let's call it app.envbasedomain
- Application gateway listener https
- Application gateway backend setting http session sticky is enabled override host name with container app's custom domain
- Container app ingress limit to vnet allow insecure is true
-
Rohith Vinnakota 1,085 Reputation points Microsoft Vendor
2024-10-09T00:59:58.9966667+00:00 Hi Will Ang,
Good day!
- Sometimes, misconfigurations in the listener, backend pool, or HTTP settings can cause headers not to be added.
- Ensure that your backend services are configured to accept and process these headers. Sometimes, the backend might strip out or ignore these headers if not configured correctly.
Thanks,
Rohith
-
Rohith Vinnakota 1,085 Reputation points Microsoft Vendor
2024-10-09T20:52:58.9366667+00:00 Hi Will Ang,
Greetings of the day!!
Just checking in to see if you had a chance to see my response to your question. Please tell us if it was helpful and feel free to reach out to us if you have any queries.
Thanks,
Rohith
-
Rohith Vinnakota 1,085 Reputation points Microsoft Vendor
2024-10-10T22:36:45.6933333+00:00 Hi Will Ang,
Greetings of the day!!
Just checking in to see if you had a chance to see my response to your question. Please tell us if it was helpful and feel free to reach out to us if you have any queries.
Thanks,
Rohith
-
Will Ang 20 Reputation points
2024-10-11T13:58:27.8566667+00:00 Hi, Rohith Vinnakota
Thank you very much for your reply!
I wrote a simple Spring Boot demo app, built it into a Docker image, and deployed it as a container app with an application gateway on Azure. According to the logs from the container app, headers like x-forwarded-proto are still null. I can't figure out where the configuration might be wrong. Below are the specific configuration screenshots. Could you help me determine where the configuration might be incorrect? I would be extremely grateful, as this issue is driving me crazy.
Container app ingress:
application gateway listener:
application gateway backend pool:
application gateway backend setting:
container app log when doing redirect:
-
Rohith Vinnakota 1,085 Reputation points Microsoft Vendor
2024-10-17T19:55:56.8+00:00 Hi Will Ang,
Sorry for delay.
Can you verify that the application gateway can reach the backend server (container apps)?Thanks,
Rohith
-
Rohith Vinnakota 1,085 Reputation points Microsoft Vendor
2024-10-18T20:22:28.7266667+00:00 Hi Will Ang,
Good day!
Can you verify that the application gateway can reach the backend server (container apps)?
Thanks,
Rohith
-
Will Ang 20 Reputation points
2024-10-22T11:21:33.9566667+00:00 Hi, Rohith Vinnakota
Yes, application gateway can reach the backend server (container apps), and log have already printed in the container app when visit container app by application gateway public ip.
-
Rohith Vinnakota 1,085 Reputation points Microsoft Vendor
2024-10-23T22:27:08.3433333+00:00 Hi Will Ang,
Thank you for getting back
Make sure that the application gateway is configured to forward the like x-forwarded-proto header to the backend. You can do this by checking the HTTP settings of the application gateway and making sure that the "Pick host name from backend address" option is selected
Thanks,I hope this helps.
Rohith
-
Rohith Vinnakota 1,085 Reputation points Microsoft Vendor
2024-10-24T18:57:04.1866667+00:00 Hi Will Ang,
Greetings of the day!!
Just checking in to see if you had a chance to see my response to your question. Please tell us if it was helpful and feel free to reach out to us if you have any queries.
Thanks,
Rohith
-
Rohith Vinnakota 1,085 Reputation points Microsoft Vendor
2024-10-25T20:25:04.42+00:00 Hi Will Ang,
Greetings of the day!!
Just checking in to see if you had a chance to see my response to your question. Please tell us if it was helpful and feel free to reach out to us if you have any queries.
Thanks,
Rohith
Sign in to comment
Sign in to answer