Using the KUDU Console in Azure add the file applicationhost.xdt to D:\home\site.

<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-   Transform">
 <system.applicationHost>
<sites>
  <site name="%XDT_SITENAME%" xdt:Locator="Match(name)">
           <virtualDirectoryDefaults xdt:Transform="Insert" allowSubDirConfig="false" />
           </site>
</sites>

This does the job, but has an unfortunate side effect, in that any web.config in any application subdirectory was ignored. For our side, this had the effect of not loading any static files which meant the site did not work properly.

This will work fine for any site having a single web.config at root level.

If you are running a .NET application, then this is caused by ASP.NET HTTP runtime, more specifically by its request filtering feature.

If the URL path contains any of the disallowed characters (<,>,*,%,&,:,\\,?), the runtime throws the exception and because of the exception the IIS returns error code 500.

System.Web.HttpException: A potentially dangerous Request.Path value was detected from the client (:).

You can configure disallowed characters in your web.config file.

<system.web>
    <httpRuntime targetFramework="4.5" requestPathInvalidCharacters="*,%" />
</system.web>

But i would be careful, because there might be some security implications of such change.