Timeout settings for Azure Application Gateway and App Services

Findings about various timeout settings available in Azure Application Gateway and Azure App Services

I'm setting up a CI script for one of our Azure web apps, and I want to use deployment slots to enable per-branch deployments of the app into our development subscription. I'm able to create the deployment slot easily, and I've had some success configuring app settings via PowerShell. The New-AzWebAppSlot cmdlet creates an Azure Web App Slot in a given a resource group that uses the specified App Service plan and data center. This cmdlet specifies the names of app settings and connection strings that will be treated as slot settings, meaning that they will remain with the slot during swap. Set the app setting values on web app and on its slots.

requestTimeout in Azure Application Gateway

Azure Application Gateway is a load balancer and web application firewall (WAF) in Azure, used for load distrubution, SSL termination, prevention against web based attacks (like Cross-site scripting, SQL Injection, etc) and its other features. Typically the Azure Application Gateway would be configured to route the requests to backend App Service instances to service the request.

The Application Gateway provides settings to timeout / terminate incoming requests if the backend App Service instance takes longer to process request. Following Azure CLI 2.0 based commands can be used to list the timeouts configured in the Application Gateway.

Timeouts in Azure App Service (applicationHost)

Azure App Services (including Mobile apps, Web apps, Logic apps, and others) typically run latest version of Internet Information Services (IIS 10) tweaked for Azure. Some of the basic settings for this IIS instance could be configured via Azure Portal - App Service blade. Timeout settings in Application Host level (<system.applicationHost>) can be configured via below means.

connectionTimeout in system.applicationHost/webLimits of applicationHost.config

The webLimits element in applicationHost.config specifies a default connection time out of 2 minutes. This setting could not be changed directly in the applicationHost.config file as Azure App Service does not allow to edit the file, instead supports a mechanism called XML Document Transform (XDT) which allows to append/update values to the default applicationHost.config files.

The App Service merges the default applicationHost.config and the user defined file applicationHost.xdt and uses the merged file for its configuration. Following XML content can set the connectionTimeout of webLimits to 5 minutes. Note - this XDT content need to be uploaded to the file path D:homesiteapplicationHost.xdt on the App Service instance.

connectionTimeout in system.applicationHost/sites/site of applicationHost.config

The limits element in applicationHost.config applies site wide connection timeout and defaults to 2 minutes. This can be updated using the XDT merging mechanism. Following is XDT directive for setting connectionTimeout of site limits to 6 minutes and is to be kept in the file D:homesiteapplicationHost.xdt. Note - if there is an existing applicationConfig.xdt file, the element sites and its child elements from below XDT content can be added to the <system.applicationHost> in existing applicationConfig.xdt file.

Timeouts in Azure App Service (webServer)

Using IIS’s Delegating Configuration feature, App Service lets user to override some of the IIS settings. This can be done via custom config file, named web.config, placed in root folder of the site’s default application (typically this path will be D:homesitewwwrootweb.config). This user defined web.config supports configuring <system.webServer> and many of its child elements.

Az Web App Slots App

Following Azure CLI 2.0 and cURL calls to Azure Kudu VFS API commands can be used to get currently configured values in web.config

The default path to application web.config would be https://{myapp}.scm.azurewebsites.net/api/vfs/site/wwwroot/web.config. In case if you have multiple virtual path or changed default physical path, the following command can be used to get all paths that can have application level web.config file in the App Service instance.

Following command can be used to get the contents of web.config

Az Web App Slots No Deposit

request, activity and idle timeout for fastCgi based Python and PHP apps in Azure App Service

fastCgi directive in <system.webServer> configures the FastCGI module for executing requests using Python or PHP runtime and is used for running Python applications like Django, Flask, etc as well as PHP applications.

requestTimeout, activityTimeout and idleTimeout attributes of <fastCgi>/<application> can be used to control timeouts for the Python or PHP application.

Changes to the web.config can be uploaded back to App Service through your deployment process or through cURL commands (see invoking Azure Kudu API URL end points using cURL).

request, activity and idle timeout for Java apps running in Tomcat or Jetty container in Azure App Service

Az Web App Slots Real Money

App Service IIS supports HttpPlatformHandler directive that can be used to configure Tomcat or Jetty as an external process that can inturn run Java Web Apps. The schema for the HttpPlatformHandler directive is available here. The requestTimeout can be changed via below web.config entry;

Az Web App Slots Games

Other limits

Az Webapp Slot

• If you have setup App Services Web Server (IIS) to invoke external process, you may have to watch out startupTimeLimit / pingResponseTime settings in the processModel configuration