How to use User-Agent header in bicep files / webtest resource?

Kevin Ob 1 Reputation point
2022-08-03T09:11:56.8+00:00

Hi,

I use Microsoft.AspNetCore.Diagnostics.HealthChecks / services.AddHealthChecks() to add health check feature to a .net core API.

According to a recent version of this page [https://learn.microsoft.com/en-us/azure/app-service/monitor-instances-health-check][1]:

"You can secure the Health check endpoint by requiring the User-Agent of the incoming request matches HealthCheck/1.0. The User-Agent can't be spoofed since the request would already secured by prior security features."

(it's been removed from current version)

HC route /api/hc requires User-Agent with "HealthCheck/1.0" and I want Microsoft.Insights/webtests resource to point to this route.

When I add this header to the Request part I get

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"Specified argument was out of the range of valid values.\r\nParameter name: Error code: HeaderNotSupported. Web test 'https://
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,202 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ryan Hill 29,561 Reputation points Microsoft Employee
    2022-08-05T17:35:38.94+00:00

    Hi @Kevin Ob ,

    You can't use the User-Agent in this manner. Health Check requests come from the platform, not a client request. Utilizing the HealthCheck/1.0 user agent was for URL rewrite between HTTP and HTTPS because initially, Health Check only worked over HTTP. Now Health Check supports HTTPS as well which is why that verbiage was removed the document. If you're using your own
    Authentication and security, you can have application check for x-ms-auth-internal-token in the HTTP header so that request matches the WEBSITE_AUTH_ENCRYPTION_KEY value basically verifying the request came from the Azure App Service platform and not some client request.

    It might help to know why you want to Microsoft.Insights/webtests pointed to this route.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.