Azure App Service Site Extension
Last updated 2023-05-04
NOTE
The Signal Sciences site extension for Azure App Service does not currently support Azure Functions.
The Azure site extension for Signal Sciences adds the Signal Sciences Next-Gen Web Application Firewall (WAF) to any IIS web application hosted on Azure App Service.
The Signal Sciences Azure site extension downloads and installs the Signal Sciences agent and IIS module. The extension also registers the IIS module to the IIS web server in Azure App Service by generating the XML transformation file, applicationHost.xdt
. XML transformations are currently the only way to edit the IIS configuration file, applicationHost.config
.
The Signal Sciences IIS module and agent are configured by using environment variables. Environment variables are set in the web app configuration in the Azure Portal.
Module and agent binaries are extracted into a directory in the App Service environment with the name derived from the downloaded zip file. Agent and module binaries may not be deleted if the site is running.
Signal Sciences Agent Access Keys configuration
Before adding the Signal Sciences site extension, you must first set the Signal Sciences Agent Access Key and Secret Key by setting environment variables in the application settings on https://portal.azure.com/.
Log in to the Azure Portal.
Click App Services. The App Services menu page appears.
Select your web app.
Click Configuration. The Configuration menu page appears.
Click Application settings. The Application Settings menu page appears.
Click New application setting. The New Application Setting menu page appears.
Locate the Agent Keys for your Signal Sciences site:
Log in to the Signal Sciences console.
From the Sites menu, select a site if you have more than one site.
Click Agents in the navigation bar. The agents page appears.
Click View agent keys. The agent keys window appears.
Copy the Agent Access Key and Agent Secret Key.
In the New Application Setting menu page of the Azure Portal, add the following variables as two name/value pairs:
1$ Name: SIGSCI_ACCESSKEYID2$ Value: <accesskeyid from Signal Sciences console>34$ Name: SIGSCI_SECRETACCESSKEY5$ Value:<secretaccesskey from Signal Sciences console>Click Save.
Click on Overview in the side bar. The Overview menu page appears.
Click the Stop button and then the Start button to restart the web app.
Install the Signal Sciences WAF site extension
NOTE
The site extension will take a few minutes to download and install. During this time, the web application may be unavailable or display a 502
error until the site extension is installed.
- Log in to the Azure Portal.
- Click App Services. The App Services menu page appears.
- Select your web app.
- Click on Overview in the side bar. The Overview menu page appears.
- Click the Stop button to stop the web app.
- Click Extensions in the sidebar. The Extensions menu page appears.
- Click Add. The Add Extension menu page appears.
- Click Choose Extension. The Choose Extension menu page appears.
- Select the Signal Sciences WAF. The Signal Sciences WAF extension page appears.
- Click OK.
- Click on Overview in the side bar. The Overview menu page appears.
- Click the Start button to start your web app.
Managing the Signal Sciences WAF site extension
Follow these steps when managing the Signal Sciences WAF site extension.
Uninstalling the Signal Sciences WAF site extension
- Log in to the Azure Portal.
- Click App Services. The App Services menu page appears.
- Select your web app.
- Click on Overview in the side bar. The Overview menu page appears.
- Click the Stop button to stop the web app.
- Click Extensions in the sidebar. The Extensions menu page appears.
- Select the Signal Sciences WAF. The Signal Sciences WAF extension menu page appears.
- Click Delete.
Upgrading the Signal Sciences agent and module
There are two methods for upgrading the Signal Sciences agent and module:
- reinstalling the extension
- using the Azure CLI
Reinstalling the extension
In the Azure Portal, uninstall and reinstall the Signal Sciences WAF site extension. When the extension is reinstalled, the latest version of the Signal Sciences agent and IIS module will be downloaded and installed.
Using the Azure CLI
Open the Azure CLI and run the install.cmd
script in the site extension directory. This method can also be used in a PowerShell script for automating the upgrade of multiple agents.
Log in to the Azure Portal.
Click App Services. The App Services menu page appears.
Select your web app.
Click on Console in the sidebar. The Console page appears.
In the Windows
cmd
shell run the install script:cd D:\home\SiteExtensions\SignalSciences.Azure.Site.Extensioninstall.cmd
Troubleshooting
All private site extensions can be disabled by setting WEBSITE_PRIVATE_EXTENSIONS to
0
in Application Settings.NOTE
Restart the web app after saving the setting to reflect the changes.
Windows event log can be viewed at
https://APP.scm.azurewebsites.net/DebugConsole/?shell=powershell
, replacingAPP
with the name of your web app.Click on LogFiles and select eventlog.xml.
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.