web

You’re offline. This is a read only version of the page.

Microsoft Azure | Share your Ideas

Community

Loading...

This forum

Home
Networking

Networking

405 Ideas

Most votes



Application Gateway: Support wildcard hosts in listeners

Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)

Application Gateway

Company Response

Wildcard host names in listeners for Application Gateway v2 is now general availability! You can configure host names with wildcard characters (* and ?) and up to 5 host names per listener with comma separated values. More details can be found here: https://docs.microsoft.com/azure/application-gateway/multiple-site-overview#wildcard-host-names-in-listener

Azure Application Gateway WAF Mode Increase Limit on SecRequestBodyLimit

When we have the WAF set to prevention mode some of our HTTP post are denied with code 413.

Application Gateway

Company Response

Thanks for your feedback. This is planned as part of global waf configurable parameters.

TLS 1.3 and HSTS Support for Azure Application Gateway

This is about a feature request for an Azure Application Gateway to support TLS 1.3 and HSTS. At least HSTS is just a secure header which should be trivial to implement. I'm looking forward to feedback. Mod Edit: Fixed typos

Application Gateway

Company Response

TLS 1.3 support is now in GA phase. Please visit https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-ssl-policy-overview for details.

Hibernate/pause a resource group or subscription

After talking to one of your Senior Support Engineers, they suggested I made a feature request for this.

Application Gateway

Idea collection

Application gateway V2 subnet to support UDR

Currently Standard v2 and WAF v2 application gateway must have a public IP to work. Please make it be able to work only with private IP address. This capability is available in standard sku and waf sku but not in standard v2 and waf v2 sku.

Application Gateway

Company Response

Application Gateway v2 sku now has capabilities to enable private IP frontend only, full route table control, and full network security group control. More information can be found here: https://learn.microsoft.com/azure/application-gateway/application-gateway-private-deployment

Increase listener limit for Application Gateway

Application gateway has a very low listener limit (20 listeners / certificates). This severely limits it's usefulness for multi-tenant/domain applications where a web farm / service hosts many endpoints. IIS itself has no such small limit, but due to constraints on certificate deployment in cloud services, Application Gateway is the only clear path to wide scale SNI based SSL hosting. With it's low limit, it does not come close to meeting our use case. I would suggest the limit be removed or set to a very high limit like 10k+ so many certificates could be bound to host many different domains.

Application Gateway

Company Response

We have raised the limit to 100 recently. We are regularly reviewing the limits and will continue to look for opportunities to raise the limits even further. Stay tuned :)

Enable Multiple IP addresses for Azure Application Gateway

Azure Application Gateway is a nice Service for Load Balancing Layer 7 HTTP and HTTPS traffic. Today, we can only attribute one IP address (Public or Private) to the Application Gateway Deployment. It is fundamental that a Load Balancer can support multiple IP addresses to provide flexibility (Based on many customers feedback)

Application Gateway

Company Response

Support for both public and private IP at the same time is available on both V1 and V2 SKUs. Moreover, customers can host multiple sites behind the same IP and port using the Multisite (hostname-based) listener today.Beyond this, if you are looking for multiple public (or private) frontend IPs per gateway, please comment below with details of the use-case to help us understand better.

Idea collection

Enable cookie rewrite for Application Gateway Affinity Cookie

Scenario 1: Our security team is telling us that the cookie from the application gateway is failing security scans because the secure and httponly flags are not set. Scenario 2: When a request for contoso.com hits an Azure App Gateway and the back end is routed to contoso.azurewebsites.com, the set ARRAffinity cookie response includes the optional domain attribute (as per RFC6225 Page 22) that specifies contoso.azurewebsites.net. causing the user agent to never write the cookie since the Domain attribute doesn't match the requested domain.

Application Gateway

Company Response

Here is an update. Thanks for your patience.Scenario 1: You can now set these flags yourself by using the Rewrite headers feature - https://learn.microsoft.com/azure/application-gateway/application-gateway-secure-flag-session-affinity. This solution could not be recommended earlier due to a limitation when handling multiple headers with the same name. Scenario 2: A new configuration in App Services is now available to make App Service's Session Affinity (ARR) cookie compatible for use with Application Gateway & Front Door. You can enable this setting by referring to https://aka.ms/SessionaffinityproxyClosing this thread.

Authentication support for application gateway

For lift & shift of legacy systems, application gateway is very useful as we have different kinds of backends (VMs, service fabric, other PaaS services, etc.). The only missing capability is authentication, so we have to implement and configure authentication in various services, which is a big overhead. Otherwise, we have to give up application gateway but set up Nginx VMs instead.

Application Gateway

Company Response

Thank you for all the votes. We would like your feedback on what type of authentication you'd like to see. Modern Authentication (OAuth, OpenID, etc.) and/or legacy authentication (Kerberos, NTLM, etc.). Please voice your support in the comments.

Support server-sent events

Azure Application Gateway apparently does not support server-sent events. This surprised me, since SSE really is just http. However after quite a bit of testing, and asking on the forum, I can confirm it does not.

Application Gateway

Company Response

Server-Sent Events (SSE) is supported on Application Gateway V2 SKUs in Preview.

Filters (1)

Categories (1)



(Select all)



Application Gateway



Application Gateway for Containers



Azure Firewall



Azure Front Door Service

Stages



(Select all)



Archived



Completed



Declined



Need More Information

Powered by Dynamics 365 Customer Service. Learn more here.

Privacy Terms of use

© Microsoft 2021