2

I am running a (Linux) Container on Azure Web Apps for Containers (App Service). This App offers a REST-Interface with a path like /partner/{partnerId}/product/{productnumber}. The problem is that productnumber can be any alphanumeric string, including all kinds of special characters. The solution, of course, is to properly escape all characters in the request. This works fine for all characters except /:

When I send a properly escaped request like GET /partner/45/product/water%2F1l what my App gets is actually GET /partner/45/product/water/1l which maps to a different path/controller, which doesn't exist, so the App returns a 404. It seems some part of Azure un-escapes only %2F, as other escaped characters reach my App exactly as I sent them.

I want to disable this behaviour as I'm already dealing with escaping and unescaping these special characters in my App, but can't find any option or even documentation about this.

The only answers that deal with something like this give answers that are not applicable to App Service Containers, like this one: '+' symbol problem in URL in IIS 7.x which talks about putting something into a web.config file which I am unsure where to put or if it even does something in this case. I found another question about this, sadly without an answer: Where should I place web.config file in Azure Web Apps for Containers?

Is there some kind of reverse-proxy/ingress configuration I can do or see in Azure?

Johannes Loepelmann
  • 185
  • 1
  • 13

1 Answers1

2

The Azure App Service has a built-in load balancer because it can scale horizontally. Maybe this load balancer performs the unwanted URL decoding? I am also not aware of an option to deactivate this behavior.

I see 2 possible solutions:

  1. Azure Container Instances: Instead of using App Services, you can use Container Instances (its like managed Docker and you can directly deploy your container under an IP). There is no behavior like URL encoding. They can be hosted public as well as private. But many features of an App Services does not exist with the ACI, for example there are no deployment slots, no backups, no auto-scaling, no free SSL certificates etc.

  2. Azure API Management: You can use the Azure API Management (is for publishing and managing APIs) as Ingress/Proxy to encode the relevant part of the URL a second time. To do this, you can define your API, e.g. ../product/{prod} and assign an inbound policy. This policy can then make URL transformations (in this example, takes the last part of the URL and encoding it)

<policies>
    <inbound>
        <base />
        <rewrite-uri template="@{
            string url = context.Request.Url.ToString();
            int pos = url.LastIndexOf("/") + 1;
            string lastPart = url.Substring(pos, url.Length - pos);
            string lastPartDecoded = System.Uri.EscapeDataString(lastPart);
            return "/product/" + lastPartDecoded;
        }" />
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>
Thomas
  • 136
  • 2