I've been troubleshooting a really strange issue on my Application Gateway and my Azure Web Application behind.
A month ago, I've set up my application gateway with an web application and all seemed to work well, passing the header I need correctly. But now I have a problem fetching the header "X-ARR-ClientCert" which shall be (and was) present in each request that authenticated successfully. The header is not present in the requests anymore...
The Application Gateway is receiving HTTPS and route it in HTTP to my web app. The listener is configured to use my SSL Profile, as an example of access log I have:
{ "timeStamp": "2021-09-13T13:42:53+00:00", "resourceId": "/SUBSCRIPTIONS/D33C8661-DE39-4265-8526-6C2B32160154/RESOURCEGROUPS/MHS-AG/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/MHS-AG", "listenerName": "gw-dev", "ruleName": "gw-dev", "backendPoolName": "dev", "backendSettingName": "http-dev", "operationName": "ApplicationGatewayAccess", "category": "ApplicationGatewayAccessLog", "properties": {"instanceId":"appgw_0","clientIP":"77.205.111.223","clientPort":57595,"httpMethod":"GET","originalRequestUriWithArgs":"\/v1\/transactions\/?acq_to_dl=0&implant_mac=99:99:99:99:90:50&timezone=8","requestUri":"\/v1\/transactions\/","requestQuery":"acq_to_dl=0&implant_mac=99:99:99:99:90:50&timezone=8","userAgent":"Python\/3.8 aiohttp\/3.7.4.post0","httpStatus":403,"httpVersion":"HTTP\/1.1","receivedBytes":1506,"sentBytes":542,"timeTaken":0.915,"transactionId":"ba23f8606b2718e7d132a27e6bf0df2a","sslEnabled":"on","sslCipher":"ECDHE-RSA-AES256-GCM-SHA384","sslProtocol":"TLSv1.2","sslClientVerify":"SUCCESS","sslClientCertificateFingerprint":"d35719cfe802e02b90b3fa2f48d2f96c605f774c","sslClientCertificateIssuerName":"DC=https:\/\/bridge-dev.snhtest.online,O=Sentinhealth,L=Grenoble,ST=Is\\\\C3\\\\A8re,C=FR","serverRouted":"40.89.141.103:80","serverStatus":"403","serverResponseLatency":"0.916","originalHost":"bridge-dev.snhtest.online","host":"bridge-dev.snhtest.online"}}
So it look likes the validation is successfull, but I do not receive an header with the certificate.
Is there any documentation on the headers created by application gateway on successfull verification ?
Did something changed lastly ?
Thanks for your help !
I found the problem and fixed it finally with the help of Microsoft forums:
I think there was a change a little ago that removed the X-ARR-Client-Cert on application gateway to use only the rewrite headers or something like that since I never used the rewrite rules before.