Azure app service health check

James Phillips asked on June 12, 2025 13:28

I'm having trouble adding an endpoint that Azure health check can use to establish the health of the two site instances I'm running.

The Azure health check can seemingly only use the default domain of the app service when polling (e.g. mysitename.azurewebsites.net).

There is no place in azure where I can tell it to use my custom domain (e.g. mydomain.co.uk) for the health check probe.

This is forcing me to a place where we'll have to add a license and a domain alias for the default domain, which I don't want to do, as I don't want it to be visible to the public.

I've tried adding a dev license for the default domain, and a route.config entry to route to my health check controller. However I get a null reference exception as I haven't added the default domain as a live site alias:

    [NullReferenceException: Object reference not set to an instance of an object.]
   CMS.Membership.Internal.VirtualContextAuthenticationConfiguration.get_Audience() +11
   CMS.Membership.Internal.SecurityTokenManager`1..ctor(T tokenConfiguration, IJwtTokenService tokenService, IDateTimeNowService dateTimeNowService, IEventLogService eventLogService, IUserInfoProvider userInfoProvider) +109
   Kentico.Content.Web.Mvc.VirtualContextPrincipalRetriever..ctor() +55
   Kentico.Content.Web.Mvc.<>c.<Initialize>b__5_0(Object sender, EventArgs eventArgs) +30
   CMS.Base.AbstractHandler.CallEventHandler(EventHandler`1 h, TArgs e) +114
   CMS.Base.AbstractHandler.Raise(String partName, List`1 list, TArgs e, Boolean important) +1011
   CMS.Base.SimpleHandler`2.RaiseExecute(TArgs e) +144
   CMS.Base.SimpleHandler`2.StartEvent(TArgs e) +235
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +222
   System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +219
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +93

How do other people set up Azure Health check? I don't want people to access the default domain, yet I need Azure to access it.

Recent Answers


vasu yerramsetti answered on July 9, 2025 07:45

Issue when using Azure App Service health checks with Kentico Xperience (especially MVC sites), particularly due to:

  • Azure only using the default domain (*.azurewebsites.net) for health probes
  • Kentico requiring a valid site alias and license for domains
  • The health check endpoint failing if the default domain isn’t mapped or licensed properly

Try this ways - 1. Add a License and Domain Alias for the Default Domain - You do need to add the mysite.azurewebsites.net domain as a site alias in Kentico and include it in your license (even if only for health check usage)

  1. Restrict Public Access to the Default Domain - Using Web.config Rewrite Block or App Gateway or Azure Front Door

sample :

<rule name="Block default Azure domain" stopProcessing="true">
  <match url=".*" />
  <conditions>
    <add input="{HTTP_HOST}" pattern="^yoursite\.azurewebsites\.net$" />
    <add input="{REQUEST_URI}" pattern="^/health$" negate="true" />
  </conditions>
  <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>

This allows /health endpoint only for azurewebsites.net, and blocks everything else.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.