ARR Reverse Proxy on Azure Website removes WebSockets response header 'Sec-WebSocket-Accept'

Question

I'm trying to setup ARR inside of an Azure Website. I have a working implementation on an Azure VM, but would like to move to a Website so I don't have to actively manage the VM.

The issue I am having is specific to the SignalR WebSockets connection request and response that passes through my ARR reverse proxy.

Response on server before passing through ARR via IIS Request Tracing:

Upgrade: Websocket
Server: Microsoft-IIS/8.0
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
Sec-WebSocket-Accept: IVoaaOhRLbaSxQzHV1TRkwHbtFc=**
Connection: Upgrade
X-FE-DATA: AppId:Unknown-StatusCode
X-Powered-By: ASP.NET
DWAS-Handler-Name: EXECUTE|101|0|0x0|CONFIG_SUCCESS|ApplicationRequestRoutingHandler|::1|\\100.68.100.59\volume-21-default\be0a77feeba577989612\3323291baecf417bb67a391f58af8a90\

Response as seen by the client:

HTTP/1.1 101 Switching Protocols
Upgrade: Websocket
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Connection: Upgrade

As you can see, the Sec-WebSocket-Accept header is being stripped out of the response. This means that the client fails the connection and defaults to long-polling instead of websockets protocol.

Any idea why this header is being removed? ARR 3.0 is being used which has native websockets support, and websockets is enabled in the Azure Website configuration panel.

Answer 1

Did you specify the flag to preserveHostHeaders="true" in the proxy config?

 <proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="true" reverseRewriteHostInResponseHeaders="true" />