Sitecore

Host not resolving when behind Azure WAF

- by Phil Paris

Recently I had to stand up a site that was behind a WAF. A WAF is a web application firewall that provides a huge amount of out of the box security protections. In this instance we are using Azure App Services and an Application Gateway in a Sitecore Managed Cloud tenant.

When configuring the WAF, you tell the WAF where to forward requests. And so, when the WAF does this it changes the headers of the HTTP_HOST to be the url of the Azure App Service.

But in Sitecore, we need to resolve the site based on the actual hostname you want for the site.

Here is an illustration of the problem:

  1. DNS resolves Site1.com and says to go the WAF.
  2. The WAF says, i know about Site1.com because i’ve been configured to forward my requests to the app service hosting it.
    • In the process of doing this, the WAF changes the HTTP_HOST to the azure url of the App Service it’s forwarding the request to and adds a new HTTP_ORIGINAL_HOST header that contains Site1.com, the orignal requested hostname.
  3. When Sitecore sees *.azurewebsites.net in the HTTP_HOST, it doesn’t know about it and the site doesn’t get resolved.

The Solution is to rewrite the HTTP_HOST header

Using Advanced tools, add an “applicationHost.xdt” file next to the wwwroot folder of the app service if it’s not there.

In the applicationHost, add the following xml markup. This make the HTTP_HOST header available to the app service and the .net application running on it.

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <system.webServer>
    <rewrite>
      <allowedServerVariables>
        <add name="HTTP_HOST" xdt:Transform="InsertIfMissing" />
      </allowedServerVariables>
    </rewrite>
  </system.webServer>
</configuration>

Next, open the web.config. inside the <rewrite><rules> element add the following rule. This will take the contents of the HTTP_ORIGINAL_HOST header and set that same value for the HTTP_HOST. Sitecore will now resolve the site properly because the HTTP_HOST header is set with the correct host, Site1.com

<rule name="Set HOST header based on X-Original-Host header">
      <match url="(.*)"></match>
      <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
         <add input="{HTTP_X_ORIGINAL_HOST}" pattern="^$" negate="true" />
      </conditions>
      <serverVariables>
         <set name="HTTP_HOST" value="{HTTP_X_ORIGINAL_HOST}"></set>
      </serverVariables>
</rule>

To view the headers on your Sitecore environment, create an “headers.aspx” file inside the wwwroot. Add in the following markup. This will show you the server variables and whether your changes are working properly. 

<%@ Page Language="C#" AutoEventWireup="true" %>

<!DOCTYPE html>

<html>
  <head runat="server">
    <title>Headers</title>
  </head>
  <body>
    <form id="form1" runat="server">
      <div>
        <p>HTTP_HOST: <%=Request.ServerVariables["HTTP_HOST"]%></p>
        <p>
          HTTP_X_ORIGINAL_HOST:
          <%=Request.ServerVariables["HTTP_X_ORIGINAL_HOST"]%>
        </p>
      </div>
    </form>
  </body>
</html>

Related Posts

CORS issue for fonts in XM Cloud Local Experience Editor

Use Visual Studio to view your Docker containers and view XM Cloud CM files in the container.

In XM Cloud disable password requirement for Powershell

About Phil Paris

Hi, my name is Phil Paris and I’m a Sitecore Architect and general Sitecore enthusiast. I’ve been working with Sitecore since 2013. Through this blog I will be sharing Sitecore insights, tips and tricks, best practices and general knowledge with the hopes to further the community at large. Please feel free to reach out to me at any time!

View all posts by Phil Paris →