How to see TLS version with incoming API request in Azure portal?
In the Microsoft Azure portal, is there a way to see request URLs along with the TLS version negotiated?
Background
I have a web app that includes an API that used by several third parties. I would like to set the minimum TLS version to TLS 1.2 in my web app settings.
Before I update the minimum TLS version, I want to see what requests are being made using old TLS versions.
I know with my storage account I also have, I can include logs in the log analytics to detect TLS versions, so I was hoping there was something similar I could use for my web app.
So far, all I can find for my web app is the Minimum TLS Version Checker under Diagnose & Solve Problems. This isn't very helpful since it only gives me the number of requests with no further detail. Surely the detail has to be available somewhere? I am not an expert in the Azure portal, so I am hoping there is an easy way to find the request URL + TLS version.
We can check TLS version with the incoming requests either in Application Insights or by using Diagnostic Setting.
Using Application Insights:
- I have configured Application Insights in my API Web App and deployed the app to Azure App service.
- Enable Application Insights for the deployed App service.
- We can send custom logs to Application Insights by retrieving the TLS version and URL of the app.
- Logs can be seen in transaction search.
I know with my storage account I also have, I can include logs in the log analytics to detect TLS versions
Another option is from Diagnostic Setting.
- Using Diagnostic Setting we can send the logs to Storage Account or Log Analytics Workspace for the Azure App Service.
- As you have already mentioned that you know how to check logs in
Log Analytics Workspace, same way you can send the WebApp logs to the selected workspace.
Update:
The TLS Version which is set in the Configuration section can be seen in
KUDU Console => Environment => HTTP headers and Server variables
- Use the below code to retrieve the value in the controller.
string ?tlsVersion= HttpContext.Request.Headers["X-Forwarded-TlsVersion"];
_logger.LogInformation($"TLS : {tlsVersion}" );
- Azure Service Plan - Convert Consumption App to Premium App
- No PK or FK when exporting SQL Server database
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How to create a dataset for Azure custom speech using spx (speechCLI)
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- Azure AI Search MultiIndex / Conditional Semantic search
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday