Azure Web Apps Default Document not working

Share on:

When using an Azure WebApp (a.k.a. Application Service) behind an Application Gateway with the default document set correctly, visiting example.com/path/ works but example.com/path without the trailing slash brings up the blue 403 error.

Error 403 - Forbidden

In the case that you haven’t restricted App Service access to the Application Gateway (and you probably should), missing off this trailing slash would reveal the azurewebsites.net name in the address bar- so example.com/path would redirect to example.azurewebsites.net/path/

Example Architecture

Cause

If we take the Application Gateway out of the design, a request to example.azurewebsites.net/path (1) would be detected as a folder, rather than a page, and redirected to example.azurewebsites.net/path/ with the trailing slash (2). The browser would then follow that redirect (3) and get back the content of the default document (4).

Example without Gateway

When we put the Application Gateway in front of the WebApp we push traffic from example.com through to that WebApp and the azurewebsites.net name is hidden from the end user. However, when the above redirection happens to add the trailing slash, the WebApp is sending a redirection response telling the user to go to the specific azurewebsites.net URL - not the example.com address.

In the case that we’ve restricted access on the WebApp so it only serves requests passed by the Application Gateway then the redirection sends the browser off to the azurewebsites.net URL (bypassing the gateway) which returns a 403 unauthorised error.

Solution

Create a rewrite rule on your Application Gateway as detailed here: docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers. This will rewrite that redirect response of example.azurewebsites.net/path/ back to the desired example.com/path/

Example with Gateway Redirect Rule