search close

Azure App Service Site Extension

access_time Updated Dec 5, 2022

Note: The Signal Sciences site extension for Azure App Service does not currently support Azure Functions.

The Azure site extension for Signal Sciences adds the Signal Sciences Next-Gen Web Application Firewall (WAF) to any IIS web application hosted on Azure App Service.

The Signal Sciences Azure site extension downloads and installs the Signal Sciences agent and IIS module. The extension also registers the IIS module to the IIS web server in Azure App Service by generating the XML transformation file, applicationHost.xdt. XML transformations are currently the only way to edit the IIS configuration file, applicationHost.config.

The Signal Sciences IIS module and agent are configured by using environment variables. Environment variables are set in the web app configuration in the Azure Portal.

Module and agent binaries are extracted into a directory in the App Service environment with the name derived from the downloaded zip file. Agent and module binaries may not be deleted if the site is running.

Signal Sciences Agent Access Keys configuration

Before adding the Signal Sciences site extension, you must first set the Signal Sciences Agent Access Key and Secret Key by setting environment variables in the application settings on https://portal.azure.com/.

  1. Log in to the Azure Portal.

  2. Click App Services. The App Services menu page appears.

  3. Select your web app.

  4. Click Configuration. The Configuration menu page appears.

  5. Click Application settings. The Application Settings menu page appears.

  6. Click New application setting. The New Application Setting menu page appears.

  7. Locate the Agent Keys for your Signal Sciences site:

    1. Log in to the Signal Sciences console.

    2. Select a site if you have more than one site.

    3. Click Agents in the navigation bar. The agents page appears.

    4. Click View agent keys. The agent keys window appears.

      The 'View agent keys' button.
    5. Copy the Agent Access Key and Agent Secret Key.

      The agent keys window.
  8. In the New Application Setting menu page of the Azure Portal, add the following variables as two name/value pairs:

    Name: SIGSCI_ACCESSKEYID
    Value: <accesskeyid from Signal Sciences console>
    
    Name: SIGSCI_SECRETACCESSKEY
    Value:<secretaccesskey from Signal Sciences console>
    
  9. Click Save.

  10. Click on Overview in the side bar. The Overview menu page appears.

  11. Click the Stop button and then the Start button to restart the web app.

Install the Signal Sciences WAF site extension

Note: The site extension will take a few minutes to download and install. During this time, the web application may be unavailable or display a 502 error until the site extension is installed.

  1. Log in to the Azure Portal.

  2. Click App Services. The App Services menu page appears.

  3. Select your web app.

  4. Click on Overview in the side bar. The Overview menu page appears.

  5. Click the Stop button to stop the web app.

  6. Click Extensions in the sidebar. The Extensions menu page appears.

  7. Click Add. The Add Extension menu page appears.

  8. Click Choose Extension. The Choose Extension menu page appears.

  9. Select the Signal Sciences WAF. The Signal Sciences WAF extension page appears.

  10. Click OK.

  11. Click on Overview in the side bar. The Overview menu page appears.

  12. Click the Start button to start your web app.

Managing the Signal Sciences WAF site extension

Uninstalling the Signal Sciences WAF site extension

  1. Log in to the Azure Portal.

  2. Click App Services. The App Services menu page appears.

  3. Select your web app.

  4. Click on Overview in the side bar. The Overview menu page appears.

  5. Click the Stop button to stop the web app.

  6. Click Extensions in the sidebar. The Extensions menu page appears.

  7. Select the Signal Sciences WAF. The Signal Sciences WAF extension menu page appears.

  8. Click Delete.

Upgrading the Signal Sciences agent and module

There are two methods for upgrading the Signal Sciences agent and module:

  • reinstalling the extension
  • using the Azure CLI

Reinstalling the extension

In the Azure Portal, uninstall and reinstall the Signal Sciences WAF site extension. When the extension is reinstalled, the latest version of the Signal Sciences agent and IIS module will be downloaded and installed.

Using the Azure CLI

Open the Azure CLI and run the install.cmd script in the site extension directory. This method can also be used in a PowerShell script for automating the upgrade of multiple agents.

  1. Log in to the Azure Portal.

  2. Click App Services. The App Services menu page appears.

  3. Select your web app.

  4. Click on Console in the sidebar. The Console page appears.

  5. In the Windows cmd shell run the install script:

    cd D:\home\SiteExtensions\SignalSciences.Azure.Site.Extension
    install.cmd
    

Troubleshooting

  • All private site extensions can be disabled by setting WEBSITE_PRIVATE_EXTENSIONS to 0 in “Application Settings”.

    Note: Restart the web app after saving the setting to reflect the changes.

  • Windows event log can be viewed at https://APP.scm.azurewebsites.net/DebugConsole/?shell=powershell, replacing “APP” with the name of your web app.

    Click on LogFiles and select eventlog.xml.