0

I want to redirect a URL-path in my Azure Web App service to another URL-path using Azure Application Gateway. How to avoid redirection to include the original path?

enter image description here I have an ASP.NET framework 4.7 Web App service in Azure with two APIs: 

https://myapp.azurewebsites.net/api/values/{int}        -> respons 200
https://myapp.azurewebsites.net/api/forbidden           -> respons 403

Then I have an App Gateway

http://myapp.northeurope.cloudapp.azure.com

With path-based route

http://myapp.northeurope.cloudapp.azure.com -> https://myapp.azurewebsites.net (works ok)

And a permanent redirect to "external site"

/api/values/* -> http://myapp.northeurope.cloudapp.azure.com/api/forbidden

Now when I go to a path /api/values/1 it redirects me wrong to /api/forbidden/api/values/1

http://myapp.northeurope.cloudapp.azure.com/api/values/1 -> http://myapp.northeurope.cloudapp.azure.com/api/forbidden/api/values/1 !!!

Means redirection includes the origin path! "Include path" is not checked and greyed-out in configuration. enter image description here

I only want to restrict the access to some API-path from public Internet.

Michael Chudinov
  • 2,620
  • 28
  • 43
  • maybe happens because of precedence? – 4c74356b41 Feb 19 '20 at 12:47
  • Hm.. Maybe. The question is how to avoid it. I could solve the problem just to deploy another Web service that just responses "403 forbidden", then add it as a pool to the gateway. But that looks overkill for a such simple requirement. – Michael Chudinov Feb 19 '20 at 12:59
  • change the order of rules? – 4c74356b41 Feb 19 '20 at 13:34
  • There is only one path-based rule, that redirects from gateway to pool, and adds that URL-path exception for /api/values/*. It is not possible to add more rules, since there is only one listener. And there can be only single listener on the same port (80). – Michael Chudinov Feb 19 '20 at 13:42

1 Answers1

0

For the include path configuration, I think you could try to set redirection for the listener with Azure CLI or Azure PowerShell with -IncludePath parameter.

From Redirect to external site in the document, it should have option to disable the include path.

With this change, customers need to create a new redirect configuration object, which specifies the target listener or external site to which redirection is desired. The configuration element also supports options to enable appending the URI path and query string to the redirected URL. You can also choose the type of redirection. Once created, this redirect configuration is attached to the source listener via a new rule. When using a basic rule, the redirect configuration is associated with a source listener and is a global redirect. When a path-based rule is used, the redirect configuration is defined on the URL path map. So it only applies to the specific path area of a site.

Nancy
  • 26,865
  • 3
  • 18
  • 34