Where should <allowedServerVariables> tag live in Azure Website applicationHost.config?

Question

Technical Information

• Azure Website
• Installed IIS Manager Site Extension by shibayan

Scenario

I have implemented a reverse proxy on my Azure Website, however the receiving server doesn't get any indication of whether the initial request was over HTTPS or not.

What I want to do is send the HTTPS flag of ON/OFF from the initial request to the proxied server, via a custom HTTP Header.

In Theory

• Using shibayan's IIS Manager Site Extension, I can edit the applicationHost.xdt file, give it a Transform to insert an <allowedServerVariables> tag and that should allow me to set a custom HTTP Header.

In Practise

I've configured my rewrite rule as such:

<rule name="Proxy" stopProcessing="true" xdt:Transform="Replace" xdt:Locator="Match(name)">
  ...
  <serverVariables>
    <set name="HTTP_X_USE_HTTPS" value="{HTTPS}" />
  </serverVariables>
  ...
</rule>

And have attempted a few combinations of where to put the <serverVariables> tag...

Attempt one:

As described in this answer.

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <system.webServer>
    <proxy enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xdt:Transform="Insert" />
    <rewrite>
      <allowedServerVariables>
        <add name="HTTP_X_USE_HTTPS" xdt:Transform="Insert" />
      </allowedServerVariables>
    </rewrite>
  </system.webServer>
</configuration>

Result:

HTTP Error 500.50 - URL Rewrite Module Error.

The server variable "HTTP_X_USE_HTTPS" is not allowed to be set. Add the server variable name to the allowed server variable list.

Attempt two:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <location path="~1[app service name]" overrideMode="Allow">
    <system.webServer>
      <proxy enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xdt:Transform="Insert" />
      <rewrite>
        <allowedServerVariables>
          <add name="HTTP_X_USE_HTTPS" xdt:Transform="Insert" />
        </allowedServerVariables>
      </rewrite>
    </system.webServer>
  </location>
</configuration>

Result: HTTP 500.50

Attempt three:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <location path="" overrideMode="Allow">
    <system.webServer>
      <proxy enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xdt:Transform="Insert" />
      <rewrite>
        <allowedServerVariables>
          <add name="HTTP_X_USE_HTTPS" xdt:Transform="Insert" />
        </allowedServerVariables>
      </rewrite>
    </system.webServer>
  </location>
</configuration>

Result: HTTP 503

Attempt four:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <location path="[app service name]" overrideMode="Allow">
    <system.webServer>
      <proxy enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xdt:Transform="Insert" />
      <rewrite>
        <allowedServerVariables>
          <add name="HTTP_X_USE_HTTPS" xdt:Transform="Insert" />
        </allowedServerVariables>
      </rewrite>
    </system.webServer>
  </location>
</configuration>

Result: HTTP 503

I am aware that in the applicationHost.config file for an Azure Website there are a few places that <system.webServer> can be defined, such as under the following elements:

• <configuration>
• <configuration><location>

...however I've tried these combinations to no avail.

Questions

• Is there another possible location?
• Have I misconfigured my .xdt file in any way?
• Am I missing something from my applicationHost.config?

Answer 1

You have to create a applicationHost.xdt file under the site folder d:\home\site\applicationHost.xdt with this content:

<?xml version="1.0"?> 
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform"> 
  <system.webServer> 
    <rewrite>
      <allowedServerVariables>
        <add name="HTTP_X_USE_HTTPS" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" />
      </allowedServerVariables>
    </rewrite>
  </system.webServer>
</configuration>

Now you can use the new variable in your web.config file

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>           
            <rules>
                <rule name="Proxy">
                    <serverVariables>
                        <set name="HTTP_X_USE_HTTPS" value="{HTTPS}"/>
                    </serverVariables>
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

See also https://azure.microsoft.com/en-us/documentation/articles/web-sites-transform-extend/ or https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples