Issue when using Azure App Service health checks with Kentico Xperience (especially MVC sites), particularly due to:
- Azure only using the default domain (*.azurewebsites.net) for health probes
- Kentico requiring a valid site alias and license for domains
- The health check endpoint failing if the default domain isn’t mapped or licensed properly
Try this ways -
1. Add a License and Domain Alias for the Default Domain - You do need to add the mysite.azurewebsites.net domain as a site alias in Kentico and include it in your license (even if only for health check usage)
- Restrict Public Access to the Default Domain - Using Web.config Rewrite Block or App Gateway or Azure Front Door
sample :
<rule name="Block default Azure domain" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^yoursite\.azurewebsites\.net$" />
<add input="{REQUEST_URI}" pattern="^/health$" negate="true" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
This allows /health
endpoint only for azurewebsites.net
, and blocks everything else.