Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support chunked file transfers through Azure Application Gateway + WAF

      This is an issue with the WAF's configuration of OWASP.

      When the WAF is in protection mode, it is currently not possible to use the js File API to upload files in a chunked manner to an application behind the Application Gateway. Some of the "chunks" get blocked by the firewall (see attached). This doesn't happen to all chunks but it is common enough that a 100mb file will probably encounter the issue.

      I have created a barebones test website which reproduces the issue here: https://github.com/elexisvenator/AzureWAF-chunked-upload-test

      I have contacted the OWASP ModSecurity project, who have responded that the Firewall rule…

      179 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. WAF file size limit to be increased

      Currently as the WAF limit is set to 100mb, we cannot process our large files which could hit 500mb for example.

      Can you please increase the WAF file silze limit? To possibly 1GB / 2GB

      172 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Monitor Application Gateway Load

      Provide a way to monitor Application Gateway CPU/Memory in order to track load. It's hard to know only based on current access/http errors when the WAF is under heavy preasure and we need to scale it up.

      160 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      There is no plan currently to offer these system level metrics for Application Gateway Standard (V1). However, we are planning to offer more observability with our new Autoscaling version (V2) of Application Gateway/WAF. We already offer Capacity Units as a metric which gives you a sense of the traffic load on your Application Gateway. More are planned for V2. Please send in your specific feedback via https://aka.ms/ApplicationGatewayCohort

    4. Add X-Forwarded-For information in Application Gateway Access log

      If we have other Layer 7 Load Balancer like Cloudflare load balancer uses in front of AppGw, we are not able to obtain real client IP. Imagine Cloudflare load balancer inserts X-Forwarded-For info before forwarding request to AppGw, can we add X-Forwarded-For information in Application Gateway Access log?

      147 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Application Gateway WAF: update to OWASP CRS 3.0.2

      The 'OWASP 3.0' (3.0.0) WAF rule set generates a lot of false positives, even on random base64 payloads. The only option is to disable many rules.

      2 examples which frequently trigger on SAML authentication exchanges are 932140 (https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/671) and 941120 (https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/675).

      OWASP CRS 3.0.2 reworked some rules, in order to reduce some of these false positives. Please support CRS 3.0.2 (either as an in-place upgrade for 3.0.0, or as a new option).

      147 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      15 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Application gateway V2 subnet to support UDR

      We need to support UDR association with Appgw V2 subnet, since as of now it's not yet support while Appgw V1 does support. Please add this feature.

      141 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Allow paths in Application Gateway rules to be defined as regular expression

      Currently, Application Gateway rules support only path matches with a wildcard at the end of the string.

      For us it means to rework our routing strategy as the first part of our route is dynamic /<domain>/<controller> (eg. /sales/process). The controllers are shared among domains. Domains can be dynamically created, what disallow us to directly use the current feature to separate only 'process' controller to standalone backend pool.

      We would prefer to be able to define something like '/[a-z]]+/process.*' as a matching criterion.

      136 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  16 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow ACL on Application Gateway for IP filtering via X-FORWARDED-FOR header

      We have requirements from customers to restrict access via their company subnets. It would be very nice if the App Gateway supported not only the SSL offload but the ability to apply ACLs to allow or deny access via a defined network range using X-FORWARDED-FOR headers.

      135 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  12 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Reorder the Listeners on the Application Gateway

      Recently I was in the need to register additional listeners to an App Gateway. The issue is that the rules and Listeners should be created (at least using the portal) on correct order and the portal don't have any options to change this order.
      As the process of update changes on the Gateway takes a few minutes, this type of change requires a few hours to create a new record, remove, add it again, create rules, etc.
      Using a pattern similar to the NSG where we define a value for the order would save a lot of time.

      128 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Add functionality to Application Gateway for routing based on HTTP headers

      The ability to route traffic to backend pools depending on HTTP headers would be much appreciated. At the moment the only way to do this is with a function app.

      127 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Add REST APIs and SDK to manage Application Gateway child resources

      (following github issue https://github.com/Azure/azure-rest-api-specs/issues/8252)

      Hi,

      Currently, REST API and SDK (go, javascript, ...) does not provide way to manage Application Gateway child resources (backend address pools, frontend ip configurations, load balancing rules, ...).

      However, it's possible with the AZ CLi.

      Could the REST APIs and SDK be updated to allow it?

      Regards,

      122 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Pure internal standard_v2 application gateway

      Currently standardv2 application gateway must have a public IP to work. Please make it be able to work only with private IP address. This capability is available in standard sku but not in standardv2.

      113 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Deployment Slot support within the Application Gateway

      The Web App deployment slots are a great feature, really useful however, they don't really work elegantly when the site is protected by an application gateway.

      The current behaviour means that the app gateway needs to be “aware” of the active deployment slot, this really isn't something that it should be aware of.

      For example:

      Website:

                  Slots:
      
      Production
      Staging
      Development

      By default, the URLs would be something like:

                  client.azurewebsites.com
      
      client-staging.azurewebsites.com
      client-development.azurewebsites.com

      The application gateway would be configured to listen for client.azurewebsites.com as this is the production URL.

      In order to switch staging to be the production site, two steps would…

      111 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Azure AppGateway same port cant be used on both private and public IP

      Currently we have an app gateway deployed, we have several listeners that are on a private IP address, (for internal users) the plan was to also make these sites available on an external IP on the same app gateway.

      However it appears once a port has been assigned in a listener, it can not be assigned to another listener with a different front end port.

      A ticket was raised with MS ref: :118062518450635.

      108 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    15. Add effective route for gateway subnet UDR

      Allow effective routes to be viewed for troubleshooting when a UDR is applied to a gateway subnet

      107 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Remove NSG validation from App Gateway V2 deployment

      This is more of a bug report than an idea.
      I tried deploying new WAF_V2 app gateway through ARM templates. My gateway subnet has a hardened NSG applied.
      Validation is applied to check whether certain traffic is blocked to the gateway. I have many problems with this:

      1) The validation is never satisfied with my rules. It will only be satisfied when I have my entire VNET way too open.
      I am refering to this error message when deploying:
      "Network security group <NSGID> blocks incoming internet traffic on ports 65200 - 65535 to subnet <SUBNETID>, associated with Application…

      104 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      10 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Allow multiple hostnames in the same Listener Application Gateway

      Sometimes we share differents hostnames with the same web site.
      Currently, this means that we have to deploy differents listeners in order to provide access to the same backend pool.

      With a 20 listeners limit this solution is a bit expensive...

      Would it be possible to add multiple hostnames/sitenames to listener?

      Thanks in advance

      95 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Application Gateway (WAF) - document how to get firewall logs

      Please create documentation about how to retrieve Azure App GW firewall log.

      Microsoft does not mention a word about this. - Correct me if I'm wrong. Finally I found a solution on third party (!!!) site: http://francescomolfese.it/en/2018/07/azure-application-gateway-come-monitorarlo-con-log-analytics/.

      Application GW produces these types of logs:
      1. ApplicationGatewayAccessLog
      2. ApplicationGatewayPerformanceLog
      3. ApplicationGatewayFirewallLog – the most important one as it contains logs about security operations (reasons for blocking connections, etc...)

      To retrieve these logs (or at least first 2 of the 3 mentioned above), you have to do this:
      o Go to Log Analytics workspaces in Azure portal --> create or choose…

      93 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Application Gateway WAF support gzipped content in the request body

      Application Gateway WAF does not support gzipped content in the request body.

      91 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Content Compression and Response Caching in App Gateway

      I'd like to see a feature in Application Gateway that allows configuring Content Compression and Response Caching per backend rule. This would be similar to, for example, what Nginx supports through "proxycache", "proxycachevalid" and "proxycache_path" directives.

      89 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base