Azure App Service applicationHost.xdt appears to have no effect

Question

I'm trying to get a reverse proxy set up by using Azure Websites, roughly following this guide that explains how to modify ApplicationHost.config on such a website - but it doesn't work for me.

I've have this applicationHost.xdt:

<?xml version="1.0"?>  
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">  
    <system.webServer>
        <proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" />
        <rewrite>
            <allowedServerVariables>
                <add name="HTTP_X_ORIGINAL_HOST" xdt:Transform="InsertIfMissing" />
                <add name="HTTP_X_UNPROXIED_URL" xdt:Transform="InsertIfMissing" />
                <add name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" />
                <add name="HTTP_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" />
            </allowedServerVariables>
        </rewrite>
    </system.webServer>
</configuration>

I put it in the site directory of my web app.

The transforms appear to get executed (from the transform log):

2017-09-06T12:12:20 StartSection Executing InsertIfMissing (transform line 8, 50)
2017-09-06T12:12:20 on /configuration/system.webServer/rewrite/allowedServerVariables/add
2017-09-06T12:12:20 Applying to 'allowedServerVariables' element (no source line info)
2017-09-06T12:12:20 EndSection Done executing InsertIfMissing

I have indeed four of those blocks.

I still get 500s on setting the headers with rewrite. The detailed error message contains this:

<h3>HTTP Error 500.50 - URL Rewrite Module Error.</h3> 
<h4>The server variable &quot;HTTP_X_UNPROXIED_URL&quot; is not allowed to be set. Add the server variable name to the allowed server variable list.</h4>

Not sure what to do at this point. Any ideas?

Answer 1

I faced the same issue with the TomSSL article, @David Ebbo's comment ultimately got me to the answer, but felt it was worth adding this to save people some time. It's because applicationHost.config is missing xdt:Locator="Match(name)":

<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
    <system.webServer>
        <proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false"/>
        <rewrite xdt:Transform="InsertIfMissing">
            <allowedServerVariables xdt:Transform="InsertIfMissing">
                <add name="HTTP_X_ORIGINAL_HOST" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
                <add name="HTTP_X_UNPROXIED_URL" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
                <add name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
                <add name="HTTP_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
            </allowedServerVariables>
        </rewrite>
    </system.webServer>
</configuration>