Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Affinity cookie persistence between pools in application gateway

      Argument is: Application gateway cookie persistence for different backend pool

      I have already rise an SR for this issue.

      If you have a configuration like:

      domain/app1 forward to pool1 (server1, server2)
      domain/app2 forward to pool2 (server3,server4)

      A page that call resources in /app1 e /app2 everytime a different pool is hit from the same browser session a new affinity cookie is generated.

      To summarize:

      There is no persistence of affinity cookie between calls on different pools.

      The affinity cookie should take care about server in different pool for session persistence. So if i have affinity cookie X this should be…

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Support for header content size configuration

      After many issues we run into an unsolvable 502 Bad Gateway error, simular to https://stackoverflow.com/questions/48964429/net-core-behind-nginx-returns-502-bad-gateway-after-authentication-by-identitys where the content size is too large in sign-oidc for open id connect post.

      Please add support to edit the values that end up into nginx.conf

      For now we cannot use the Application Gateway and looking into Cloudflare or Nginx Plus with WAF.

      86 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Allow control of the ARRAffinity set cookie response header

      Problem:
      When a request for contoso.com hits an Azure App Gateway and the back end is routed to contoso.azurewebsites.com, the set ARRAffinity cookie response includes the optional domain attribute (as per RFC6225 Page 22) that specifies "contoso.azurewebsites.net". causing the user agent to never write the cookie since the Domain attribute doesn't match the requested domain.

      Proposed Solutions:
      Solution #1
      Give us a way to disable the Set Cookie: domain attribute similar to the way we can add a "Arr-Disable-Session-Affinity" response header to disable the cookie entirely. I'm suggesting an "Arr-Disable-Session-Affinity-Strict-Domain" response header to tell the ARR proxy not to write…

      71 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Pathbased rules are case sensitive for WAF_v2

      Hello,
      It seems as the 'Paths' of Pathbased rules of Azure Application Gateway with tier 'WAF_v2' are case sensitive.

      f.eks: when pathbased rule path is /foo, only 'http://gatwaydns:port/foo' will fire that path rule while 'http://gatwaydns:port/Foo' will not.

      this can become blocking if there exist multiple clients where case sensitivity has not been of consirn.

      Please fix.
      Thanks.

      26 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Search feature when selecting App Services for Backend Pool

      When setting app services on the backend pool having a search bar to filter down the preferred set of App Services.

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Deployment Slot support within the Application Gateway

      The Web App deployment slots are a great feature, really useful however, they don't really work elegantly when the site is protected by an application gateway.

      The current behaviour means that the app gateway needs to be “aware” of the active deployment slot, this really isn't something that it should be aware of.

      For example:

      Website:
      Slots:
      Production
      Staging
      Development

      By default, the URLs would be something like:
      client.azurewebsites.com
      client-staging.azurewebsites.com
      client-development.azurewebsites.com

      The application gateway would be configured to listen for client.azurewebsites.com as this is the production URL.

      In order to switch staging to be the production site, two steps would…

      114 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Forward Request's Original Host

      This is useful when backend services need a way to recognize the client's requested domain (i.e. multitenant saas based on custom domains).

      X-Forwarded-Host or other custom header where we can get the original domain's name.

      Thanks!
      Luis

      15 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow multiple domains or wildcard hostnames in single listener

      Allow multiple domains or wildcard hostnames in single listener

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Hello, please, make sure that you let the customers know about the charges and the instances operations when configuring the WAF

      Hello, please, make sure that you let the customers know about the charges and the instances operations when configuring the WAF. Apparently, the number of instances is what is making this service extremely expensive and none of this is mentioned during the setup. Also, please remove this from the security list because it is listed with free extensions such as IAASMalware, Monitoring etc. Thanks!

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Accept request only from specific source IP address

      I'm raising this again as the original from someone else was declined, possibly due to lack of clarity on purpose.

      On an app gateway that has multiple listeners, there might be a need for listener A to be accessible from IP x and listener B to be accessible from IP y.

      Using an NSG, only the whole of the App Gateway can have rules associated with it. I can't have listener A accept from one IP and listener B from another as listeners do not have a distinct identity that can be referenced in an NSG.

      The only way around…

      22 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Application Gateway, App Service and ARRAffinity

      We are trying to route all our app service traffic through application gateway.

      We have the apservice running on multiple instances and arraffinity is enabled on the appservice

      When we route the traffic through applicationgateway i note that the arraffinity cookie is being removed, as such user sessions switch across appservice instances and our application does nto work correctly

      I tried enabling session affinity on the http setting but it still doesnt work

      What is the correct setup to allow app gateway to be used with appservice and arraffinity

      31 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. azure application gateway websockets latency metric

      When using websockets together with Azure Application Gateway, you end up with artifically increased latencyd in the ApplicationGatewayPerformanceLog. Indeed, all the 101 (websockets) connections remain pending, which is a normal behavior and their duration gets recorded by the gateway. The problem is this normal behavior increases the average latency of all requests (including non-101) and there is no way to filter 101 out of the ApplicationGatewayPerformanceLog logs...Therefore, if we setup an alert on latencyd, this will raise a lot of false positives...While this metric is very useful in the ApplicationGatewayAccessLog because it allows for calculation of average user…

      2 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. 1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Application Gateway Web App Slot Support as Backend Pool

      We would like to protect our staging environment (Web App Slots) the same way we protect our production environment (Web App) by putting the Slot Deployments behind the Application Gateway.

      52 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Is it possible to disable http 1.0 protocol in Azure App Gateway?

      If the request is sent as HTTP 1.0 with a blank host header, the server may respond with its own internal IP (10.x.x.x) in the Location Header. This results in the internal IP address of the Real Server being exposed.

      E.g.
      Location: https://10.19.xx.***/

      17 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Monitor Application Gateway Load

      Provide a way to monitor Application Gateway CPU/Memory in order to track load. It's hard to know only based on current access/http errors when the WAF is under heavy preasure and we need to scale it up.

      160 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      There is no plan currently to offer these system level metrics for Application Gateway Standard (V1). However, we are planning to offer more observability with our new Autoscaling version (V2) of Application Gateway/WAF. We already offer Capacity Units as a metric which gives you a sense of the traffic load on your Application Gateway. More are planned for V2. Please send in your specific feedback via https://aka.ms/ApplicationGatewayCohort

    17. Add support for Remote Desktop to the Azure Application Gateway

      Add Azure Application Gateway (With WAF) support for RD Gateway traffic.

      Currently I can only route traffic for RD Web through the application gateway. It would be useful if I could route all RD traffic through the application gateway and not have to have multiple public IPs and Traffic Manager profiles and split RD Broker/Web and RD Gateway traffic.

      At the moment I can't even route RD Gateway traffic through Application Gateway even with WAF disabled.

      52 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Is it possible to expose Azure blob storage via Application Gateway

      Expose Azure blob storage via Application Gateway.

      I would like to remove public access for Azure Blob and only make it accessible via virtual network. The Azure Application Gateway will be public facing which does the SSL termination and forwards the request to blob.

      This would allow scanning for malicious content via virtual appliances before content is stored in blob.

      185 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Application Gateway Disable Probe

      It's impossible to host non-HTTP processes behind an application gateway due to the health probes. I run a Service Fabric cluster and want the TCP management endpoint (19000) to be available through the gateway so I can take advantage of other offerings. The endpoint is marked as dead since it doesn't respond to HTTTP/S requests. If the AGW could support TCP health checks or allow marking a service as always-up I could accomplish my goal.

      49 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Application Gateway needs to be faster and capable of greater transaction throughput

      Currently, Application Gateway is the only service on Azure that supports offloading certificates for SSL, but Application Gateway can take a long time to provision and update with changes, and is unable to handle the high stress levels imposed by some apps. Application Gateway should be quick to provision and update after configuration changes, and it should be able to handle large numbers of requests per minute (e.g., 6,000 per minute).

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      We recently introduced changes which make any updates to Gateway complete in less than a minute. We are also working on reducing provisioning time. Regarding SSL offload performance – you should be able to increase the number of instances to scale out and handle increased load. 6000 new SSL connections per minute is not a lot and should be able to be served by a single Large instance. Please open a support ticket if you are seeing issues with performance at this scale.

    • Don't see your idea?

    Feedback and Knowledge Base