Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Application Gateway WAF: update to OWASP CRS 3.0.2

      The 'OWASP 3.0' (3.0.0) WAF rule set generates a lot of false positives, even on random base64 payloads. The only option is to disable many rules.

      2 examples which frequently trigger on SAML authentication exchanges are 932140 (https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/671) and 941120 (https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/675).

      OWASP CRS 3.0.2 reworked some rules, in order to reduce some of these false positives. Please support CRS 3.0.2 (either as an in-place upgrade for 3.0.0, or as a new option).

      147 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      15 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Azure Application Gateway WAF Mode Increase Limit on SecRequestBodyLimit

      When we have the WAF set to prevention mode some of our HTTP post are denied with code 413.

      Request body no files data length is larger than the configured limit (131072).. Deny with code (413)

      Can you make these two settings configurable on the WAF?

      SecRequestBodyLimit
      SecRequestBodyNoFilesLimit

      Thanks
      Mark

      803 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      50 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Allow paths in Application Gateway rules to be defined as regular expression

      Currently, Application Gateway rules support only path matches with a wildcard at the end of the string.

      For us it means to rework our routing strategy as the first part of our route is dynamic /<domain>/<controller> (eg. /sales/process). The controllers are shared among domains. Domains can be dynamically created, what disallow us to directly use the current feature to separate only 'process' controller to standalone backend pool.

      We would prefer to be able to define something like '/[a-z]]+/process.*' as a matching criterion.

      139 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  17 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Azure Application Gateway - support for default route through NVA FW

      An Azure Application Gateway subnet can't have a UDR with a default route through an Network Virtual Appliance FW or Backend Health will be "unknown" This is due to asynchronous routing between the Azure Monitoring Service, the App Gateway, and the NVA FW. We need a way to create a route exception in the UDR for the Azure Monitoring Services traffic.

      88 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Support for drainstop in Azure App Gateway

      Traditional loadbalancers support the following states, to facilitate performing maintenance on a system of multiple nodes gracefully:
      Enabled (All traffic allowed)
      Disabled (Only persistant or active connections allowed)
      Force Offline (only active connections allowed)

      When a application gateway node is "unhealthy" it only allows active connections. We are looking for a way to force a node into an "unhealthy" state.

      The currently supported method is to use a custom probe that checks a file/path. I would like a solution that doesn't involve making changes on the server going into maintenance mode.

      46 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Need a function to disable the timestamp in TCP option in Application Gateway

      In some cases, the timestamp in TCP option is concerned about a security risk.

      So I want a function to make it disable in Application Gateway.

      TCP option is the setting in OS layer, so it may need a change in OS for Application Gateway.

      13 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Application gateway

      Hi MS team,

      Could you enable the 'Edit' option for the Listeners we are configuring in the Application gateway. This will be really helpful if we decide to change our certificate.

      Although we can do a workaround of deleting the listener and creating new one, but that needs some time investigating it, so I feel Edit option is a much better and easy approach for clients.

      Thanks,
      Thulasidas

      16 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Need a function to URL path rewriting in Application Gateway

      Currently, I know Azure Application Gateway has a function for redirection of URL path based.

      Now, I need a function for rewriting URL path during redirecting a request to backend server.

      For example, When Application Gateway received a HTTP request to http://www.contoso.com/test/*, it redirects the request as /images/* to backend server.

      In other words, I want to set a URL path for backend server in PathRuleConfig in Application Gateway.

      79 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      URL rewrite for Application Gateway v2 is currently in public preview! With this, you can now rewrite URL path and query string parameters based on a condition. The condition will be on request or response parameters.

      Also, you get the ability to choose the routing to a backend pool based on the original URL or the rewritten URL.

      We’d love for you to try it out and let us know your valuable feedback. Learn more here – https://aka.ms/urlrewritepreview and https://aka.ms/urlrewriteconfiguration

    9. Improve SSL Certificate Installs

      The process of updating your existing SSL certificates on an application gateway is overly complicated. Focus on making this a better user experience that doesn't require power shell and with clear instructions and documentation. Renewing SSL certificates isn't a task anyone wants to do and today's poor user experience is a detriment to the product.

      24 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. To improve portal user experience for Application Gateway configuration

      Application Gateway is a combination of backend pool, backend HTTP settings, listeners, custom probes and rules. Most of the time, to make changes, it is necessary to update more than one of the above mentioned settings (pool, HTTP setting, listeners, rules). Each settings are placed on different UI blades and takes nearly 3 - 10 mins to make single setting change getting reflected.

      Feedback: Make a Wizard kind of interaction that will enable to specify all desired setting changes at once, then let apply these changes in a single shot behind the scenes.

      9 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Make default ssl settings more secure (https://www.ssllabs.com gives only B-rate).

      When we deploy SSL listener with default settings, ssl configuration in not very secure (although acceptable for some services). Popular checker https://www.ssllabs.com gives just B-rate for this. You can check recommendations for example looking at report for our sample AGW deployed with default settings https://www.ssllabs.com/ssltest/analyze.html?d=tb-ag-dev.textback.io

      9 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow multiple hostnames in the same Listener Application Gateway

      Sometimes we share differents hostnames with the same web site.
      Currently, this means that we have to deploy differents listeners in order to provide access to the same backend pool.

      With a 20 listeners limit this solution is a bit expensive...

      Would it be possible to add multiple hostnames/sitenames to listener?

      Thanks in advance

      102 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Support in Azure Security Center for Web Apps behind a WAF inside App Services.

      Support in Azure Security Center for Web Apps behind a WAF inside App Services.

      4 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Direct Traffic to External web page when all nodes in a pool are down

      Ability to redirect incoming request to external webpage when all nodes in the backends pool are shutdown. Users will get this information information during maintenance/outage.

      12 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Ability to enable/disable vm members on a pool without reconfiguring the gateway

      Occasionally we need to take one of the member in the pool for troubleshooting/debugging. This require to bring down the gateway at least 15-30 minutes. If possible to quickly enable/disable the member vm without long downtime.

      9 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Adding/removing backend pool member would not affect live traffic – even while updates are ongoing. Updates on the gateway today are slow and we are working on enhancing this experience. We have a private preview program ongoing currently, for quicker updates and you can sign up for it by emailing me.

      Thanks,
      Amit [MSFT]

    16. Need more information from Log Analytics for App Gateway.

      We see 400 errors in Log Analytics. We don't see these connections on the web servers. We think the App gateway is dropping traffic. Support doesnt seem to know why this happens. We don't have enough good information to track these issues. requestQuery_s is blank, MS support cannot tell me what this is, let alone what it means if it is blank.
      We need more information.

      7 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Add more metrics to better analyse capacity, firewall violations, etc

      Analysis via Log Analytics is useful, but it'd be nice to have some predefined reports or "blades" in Azure Portal to analyse events, throughput, capacity/utilization.

      21 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Increase Url query size for Application Gateway

      The size of Url for Application Gateway is 8k. But the size of Url query (as a part of Url) is only 2k.
      It will be great if there are no limits for query size in Url.

      7 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. support ESI (Edge Side Includes) in the Application Gateway and CDN like Vanish or Akamai.

      ESI can be a great feature for server side content based integration ( transclude of html fragments ) in a microservice architecture. For more information please read : ( https://gustafnk.github.io/microservice-websites/#integrating-on-content ).

      26 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Capability to apply WAF rules to each path rule.

      One of the customer wants capability to apply WAF rules to each path. Can you consider that?

      31 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base