Availability test does not catch when the website is down

Oleg Tserkovnyuk 541 Reputation points
2024-04-19T10:03:47.3366667+00:00

Hello,

 

I have created an availability test for my web app using “Application insights > Availability“.

That is how I configured the test:

User's image

I let the test run for a 30 minutes to get some data and than I stopeed my web app.

My web app started to return 403 instead of 200.

But the test showed that everything was fine. Web app was stopped at 12:16PM:

User's image

I clicked on the latest result in the availability chart and got this:

User's image

Does this mean that test shows an obsolete result?

Did I miss something in my configuration?

 

The web application I test is protected by the Azure Front Door and uses custom domain. My test is targeted to this custom domain. Once I stopped the web application I confirmed that the custom domain I use returned 403 instead of login page.

I run few more tests and found that in some cases my site still responds fine (loads the login page). I assume this is related to the cache created by Azure Front Door.

If this is the case what is a correct way to monitor sites protected by the AFD?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,805 questions
Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
576 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,901 questions
0 comments
Accepted answer
  1. Deepanshu katara 4,905 Reputation points
    2024-04-20T05:30:54.2833333+00:00

    Hello Oleg ,

    Issue --> what is a correct way to monitor sites protected by the AFD?

    Solution --> there is no native Azure solution to monitor web apps protected by AFD if caching is enabled and configured with no restrictions or exclusion but we can have below work around solutions

    1. Enabled diagnostic logging on AFD and create alert based on the custom query but it is not in context with Tests 
         AzureDiagnostics
   | where TimeGenerated > ago(5m)
   | where Category == "FrontDoorAccessLog"
   //| where httpStatusCode_s == 403
   | where httpStatusCode_s != "200"
   | where requestUri_s matches regex "https://portal.company.com*"
   | summarize Count=count() by httpStatusCode_s
   | where Count > 2
    2. Custom Monitoring Endpoint: Implement a custom monitoring endpoint within your web application that provides a simple health check response. This endpoint should return a status code indicating the health of your application (e.g., 200 for healthy, 5xx for errors). Then, configure your availability test to target this custom monitoring endpoint instead of the main application URL. This approach allows you to bypass caching and obtain real-time health status directly from your application
    3. Adjust Cache-Control Headers: Configure appropriate Cache-Control headers for your web application responses to control caching behavior at the Azure Front Door level. By setting shorter cache durations or disabling caching for sensitive endpoints, you can ensure that Azure Front Door serves fresh content and accurately reflects the availability of your application. Please check and try and let us know, kindly accept if it helps

    Kindly accept answer , if it helps , Thanks!

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deepanshu katara 4,905 Reputation points
    2024-04-19T10:41:45.49+00:00

    Hi, Welcome to MS Q&A

    It appears that your availability test may not accurately reflect the status of your web application due to caching mechanisms, particularly if your web application is behind Azure Front Door (AFD). Azure Front Door may serve cached content even if the origin server (your web app) is not reachable or returns an error.

    To monitor sites protected by Azure Front Door effectively, you can consider the following approaches:

    Probe the Origin: Instead of directly monitoring the front-end URL exposed by Azure Front Door, you can configure your availability test to probe the origin server directly. By doing so, you bypass the caching mechanisms of Azure Front Door and obtain a more accurate representation of your web application's availability.

    Custom Monitoring Endpoint: Implement a custom monitoring endpoint within your web application that provides a simple health check response. This endpoint should return a status code indicating the health of your application (e.g., 200 for healthy, 5xx for errors). Then, configure your availability test to target this custom monitoring endpoint instead of the main application URL. This approach allows you to bypass caching and obtain real-time health status directly from your application.

    Adjust Cache-Control Headers: Configure appropriate Cache-Control headers for your web application responses to control caching behavior at the Azure Front Door level. By setting shorter cache durations or disabling caching for sensitive endpoints, you can ensure that Azure Front Door serves fresh content and accurately reflects the availability of your application.Please check and try and let us know, kindly accept if it helps

  2. Oleg Tserkovnyuk 541 Reputation points
    2024-04-19T15:09:46.71+00:00

    I think I found a possible solution.

    Enabled diagnostic logging on AFD and create alert based on the custom query:

    AzureDiagnostics
| where TimeGenerated > ago(5m)
| where Category == "FrontDoorAccessLog"
//| where httpStatusCode_s == 403
| where httpStatusCode_s != "200"
| where requestUri_s matches regex "https://portal.company.com*"
| summarize Count=count() by httpStatusCode_s
| where Count > 2

    It catches all 403 and ignores cache.