Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
Increase Url query size for Application Gateway
The size of Url for Application Gateway is 8k. But the size of Url query (as a part of Url) is only 2k.
It will be great if there are no limits for query size in Url.1 vote -
support ESI (Edge Side Includes) in the Application Gateway and CDN like Vanish or Akamai.
ESI can be a great feature for server side content based integration ( transclude of html fragments ) in a microservice architecture. For more information please read : ( https://gustafnk.github.io/microservice-websites/#integrating-on-content ).
4 votes -
Capability to apply WAF rules to each path rule.
One of the customer wants capability to apply WAF rules to each path. Can you consider that?
1 vote -
Application Gateway firewall log needs to include the site/host name of the request
The Application Gateway firewall log only contains the request URI starting after the domain name. When using the Application Gateway in a multi-site scenario, there is no way in the log to determine which site the request was sent to. Can you please include the hostname or full URI in the logs?
7 votes -
Support SSL certificates stored in Key Vault secrets for listeners and backend HTTP settings on Application Gateway
Azure Web Apps support the ability to store an SSL certificate in a Key Vault secret. A certificate resource can be created that references the Key Vault secret. The App service will periodically check for an updated SSL certificate in the Key Vault. The Application Gateway needs to have the same support for storing the SSL certificates in the Key Vault. It should be able to reference a Key Vault secret that contains the SSL certificate in the listener and backend HTTP settings configuration. This capability will allow the management of SSL certificates for Application Gateway and the Web Apps…
4 votes -
Application Gateway : Support portal edit feature for webapps.
Application Gateway lately started to support webapps as backend. But as this point, we have to use Azure PowerShell to register/edit for related resources on Application Gateway. (For example, Probe or BackendHttpSettings).
Can you add the feature which enables us to create / edit resources for Webapps?
0 votes -
Streamline SSL Certificate Renewal
I have a SAN SSL certificate that contains 6 different addresses, these each have their own listeners etc. To apply a renewed certificate today I've spent 4hours with Azure support, adding the new certificate, updating each site to use the new certificate one by one, and then going through the HTTPSettings and changing the certificate over in there for each site as well.
In IIS this is much simpler, I add the new certificate and update the binding on one website and all sites are updated - done, in 1minute.
In summary making it quicker and simpler to update a…3 votesThank you for your feedback. We are looking into this ask and will update shortly.
-Amit
-
Support EV SSL cerrtificates in application gateway
Please support EV SSL certificates in Application Gateway. What is the reason they aren't supported already?
16 votesThank you for your feedback. This is part of product roadmap. We will send notification once this is completed.
Thanks,
Amit -
Allow Static Public IP Address
Hi,
We currently have VMSS running inside a public Load Balancer, that ensures all the apps have the same Public IP address. This is important for us, as we need to be able to publish our IP Addresses for all clients to whitelist.We really want to move to using the Application Gateway, but can't because it doesn't support static Public IP addresses.
I don't believe there is a work around either?
27 votesThank you for your feedback. This is part of product roadmap.
-Amit -
Application Gateway Public IP to be allocated to existing Virtual Machine
We want Application Gateway Public IP to be used and associated with Virtual machine. If we remove application Gateway , its public IP should be retailed.
1 vote -
Application Gateway WAF support EV certificates
Application Gateway WAF does not support EV certificates
7 votes -
Application Gateway WAF support gzipped content in the request body
Application Gateway WAF does not support gzipped content in the request body.
1 vote -
Support for dropping port out of x-forwarded-for header
Hi,
I've seen some compatibility issues with the x-forwarded-for header as it comes in on the format IP:Port rather than just IP. It would be useful to be able to adjust this header to just provide IP without the port. I think this should be adjustable, so IP:Port or just IP being available options rather than just one or the other.
This would help x-forwarded-for being easy to parse on systems that only expect the IP to be sent through.
Thanks,
Neil
47 votes -
Support for temporary removing nodes through REST API
It would be great if there was a REST API or something similar we could use to take a node out of rotation without being dependent on the probe detecting it.
Usecase: We run SF behind the Application Gateway. When we update our front-end service, we would like to take it out of rotation before the service is updated. This does not seem possible today, since we have to rely on the probe detecting that a node has gone down. Since the probes have a lag (it probes on a given interval), some users will have a bad experience when…
21 votes -
Support traffic fork/shadowing/mirror on application gateway.
Support traffic fork/shadowing/mirror on application gateway. Sometimes we need send shadow traffic to a testing/staging environment, and the best place to do this is layer 7 load balancer..
4 votes -
Retry policy for failed requests on Application Gateway
To reduce the number of 502 bad gateway requests that are served up Application Gateway should have a retry policy for failed requests, allowing it to move the the next available server. This would be especially useful when used in front of Service Fabric where services are moved between servers.
2 votes -
Application Gateway: Support wildcard hosts in listeners
Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)
So, to support this, we have a wildcard SSL certificate for each zone e.g. *.z1.contoso.com, *.z2.contoso.com.
In order to have Application Gateway provide SSL termintation for us, we obviously need to create Multi-site listeners for port 443. Unfortuantely, the 'Host' field on the Multi-site listener does not accept wildcard entries. Furthermore, specifying the host name 'z1.contoso.com' does not appear…
27 votes -
Increase backend http setting limit on Application Gatway
Application gateway has a backend http setting limit of 20.
We want to use it in front of Service Fabric and legacy cloud applications.
Each of our service fabric apps runs on its own port and so requires a probe, http setting and url rule.
We exceeded the 20 fairly rapidly.53 votesThanks for your feedback. What is the increased number which would suffice your scenario?
-
Faster configuration updates
I'm experimenting with using App Gateway as a frontend server to do URL routing to one Windows App Service and one Linux App Service, via the portal. I'm an hour in to this process because each and every step takes many minutes to complete.
38 votesThanks for your feedback. We are working on improving the update experience to make it faster. As an alternate suggestion, please note that multiple configuration steps can be combined into a single update via PowerShell or ARM template for faster updates.
-
Show domain in logs
The access logs for the application gateway only show the routes. We use a single gateway to host multiple sites and some have similar folder structures, this makes evaluating access and tracing issues a bit difficult. It would be great if the actual domain (http://www.something.com) was listed in there too.
10 votes
- Don't see your idea?
