search close

Azure App Service Site Extension

access_time Updated Sep 21, 2021

Note: The Signal Sciences site extension for Azure App Service does not currently support Azure Functions.

The Azure site extension for Signal Sciences adds Signal Sciences' next-gen Web Application Firewall (WAF) to any IIS web application hosted on Azure App Service.

The Signal Sciences Azure site extension downloads and installs the Signal Sciences agent and IIS module. The extension also registers the IIS module to the IIS web server in Azure App Service by generating the XML transformation file, applicationHost.xdt. XML transformations are currently the only way to edit the IIS configuration file, applicationHost.config.

The Signal Sciences IIS module and agent are configured by using environment variables. Environment variables are set in the web app configuration in the Azure Portal.

Module and agent binaries are extracted into a directory in the App Service environment with the name derived from the downloaded zip file. Agent and module binaries may not be deleted if the site is running.

Signal Sciences Agent Access Keys Configuration

Before adding the Signal Sciences site extension, you must first set the Signal Sciences Agent Access Key and Secret Key by setting environment variables in the application settings on https://portal.azure.com/

  1. In the Azure Portal, go to App Services and select your web app

  2. Set environment variables

    • Click on Configuration > Application settings > New application setting and set the following variables as two name/value pairs.

        Name: SIGSCI_ACCESSKEYID
        Value: <accesskeyid from Signal Sciences console>
              
        Name: SIGSCI_SECRETACCESSKEY
        Value:<secretaccesskey from Signal Sciences console>
      
    • The Agent Access Key and Agent Secret Key for your site are listed within the Signal Sciences console by going to Agents > View agent keys:

      The 'View agent keys' button.
    • The Agent Access Key and Agent Secret Key will be visible within the modal window:
      The agent keys window.

    • Click on Save after adding the application settings
  3. Restart the web app by clicking on Overview in the side bar and then clicking on the Stop and Start buttons

Install the Signal Sciences Site Extension

  1. In the Azure Portal, go to App Services and select your web app

  2. Stop the web app by clicking on Overview in the side bar and then clicking on the Stop button

  3. Add the site extension by going to Extensions in the sidebar and clicking on Add > Choose Extension > Signal Sciences WAF > OK

  4. Start the web app again by clicking on Overview in the side bar and then clicking on the Start button

Note: The site extension will take a few minutes to download and install. During this time, the web application may be unavailable or display a 502 error until the site extension is installed.

Managing the Signal Sciences Site Extension

Uninstalling the Signal Sciences Site Extension

  1. In the Azure Portal, go to App Services and select your web app

  2. Stop the web app by clicking on Overview in the side bar and then clicking on the Stop button

  3. Delete the site extension by clicking on Extensions in the sidebar and clicking on Signal Sciences WAF > Delete.

Upgrading the Signal Sciences Agent and Module

There are two methods for upgrading the Signal Sciences agent and module that are downloaded when the site extension is first installed:

  • Uninstall and reinstall the site extension. When the extension is reinstalled, the latest version of the Signal Sciences agent and IIS module will be downloaded and installed.

OR

  • Open the Azure CLI and run the install.cmd script in the site extension directory. This method could also be used in a PowerShell script for automating the upgrade of multiple agents.

    1. Open the windows cmd shell by clicking on Console in the sidebar

    2. Run the install script:

    cd D:\home\SiteExtensions\SignalSciences.Azure.Site.Extension
    install.cmd
    

Troubleshooting

  • All private site extensions can be disabled by setting WEBSITE_PRIVATE_EXTENSIONS to 0 in “Application Settings”.

    Note: Restart the web app after saving the setting to reflect the changes.

  • Windows event log can be viewed at https://.scm.azurewebsites.net/DebugConsole/?shell=powershell

    Click on LogFiles > eventlog.xml