You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/app-service/app-service-web-configure-tls-mutual-auth.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -94,7 +94,7 @@ For ARM templates, modify the properties `clientCertEnabled`, `clientCertMode`,
94
94
When you enable mutual auth for your application, all paths under the root of your app require a client certificate for access. To remove this requirement for certain paths, define exclusion paths as part of your application configuration.
95
95
96
96
> [!NOTE]
97
-
> Using any client certificate exclusion path triggers TLS renegotiation for the app.
97
+
> Using any client certificate exclusion path triggers TLS renegotiation for incoming requests to the app.
98
98
99
99
1. From the left navigation of your app's management page, select **Configuration** > **General Settings**.
100
100
@@ -123,11 +123,11 @@ To disable TLS renegotiation and to have the app negotiate client certificates d
123
123
### Uploading large files with TLS renegotiation
124
124
Client certificate configurations that use TLS renegotiation cannot support incoming requests with large files greater than 100 kb due to buffer size limitations. In this scenario, any POST or PUT requests over 100 kb will fail with a 403 error. This limit isn't configurable and can't be increased.
125
125
126
-
To address the 100 kb limit, consider to these alternative solutions:
126
+
To address the 100 kb limit, consider these alternative solutions:
127
127
128
-
1. Update your app's client certificate configuration with _all_ these requirements:
129
-
- Set client certificate mode to either "Required" or "Optional"
130
-
- Remove all client certificate exclusion paths
128
+
1. Update your app's client certificate configuration with _all_ these settings:
129
+
- Set client certificate mode to either "Required" or "Optional"
130
+
- Remove all client certificate exclusion paths
131
131
1. Send a HEAD request before the PUT/POST request. The HEAD request will handle the client certificate.
132
132
1. Add the header `Expect: 100-Continue` to your request. This will cause the client to wait until the server responds with a `100 Continue` before sending the request body, which bypasses the buffers.
0 commit comments