Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Web Application Firewall Exact Exculsion Does Not Work With Full Stops Bug

      Fix the bug whereby an exclusion in the Web Application Firewall WAF which uses an Exact match where the name contains a full stop / period does not work.

      My work around is to use Starts With instead which does not seem to care about the full stops.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Support server-sent events

      Azure Application Gateway apparently does not support server-sent events. This surprised me, since SSE really is just http. However after quite a bit of testing, and asking on the forum, I can confirm it does not.

      SSE is an arguably better way of doing server push than websockets, which is a lot more complex. We rely heavily on it, so hope it will be prioritized.

      Best regards,
      Alf

      179 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  9 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Support URL encryption


      1. URL encryption =contoso.com/dco/c/p/index.jsp?a=value1&b=value2 -> /[encrypted URL]

      2. QUERY encryption =contoso.com/dco/c/p/index.jsp?a=value1&b=value2 -> /dco/c/p/index.jsp?[encrypted query]

      With encryption enabled, the URLs look like the follows:

      https://contoso.com/uEtTrCjpfK6TArw28wkIKR859knsmcdYxxHjBvJZrcCEoEYKhgZDzfwzt2cUhYVR7ggTvZKPFdCnvHSnyyg_tsvOXlx5UwJevvAIMaKtDycZz-fF8Q3Nr3NJV0w$$~UuE

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Pathbased rules are case sensitive for WAF_v2

      Hello,
      It seems as the 'Paths' of Pathbased rules of Azure Application Gateway with tier 'WAF_v2' are case sensitive.

      f.eks: when pathbased rule path is /foo, only 'http://gatwaydns:port/foo' will fire that path rule while 'http://gatwaydns:port/Foo' will not.

      this can become blocking if there exist multiple clients where case sensitivity has not been of consirn.

      Please fix.
      Thanks.

      26 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. v2 Invalid Header support

      As V2 is built on NGINx, it's resulted in at least one undocumented breaking change.
      AGW v2 has the NGINX flag ignoreinvalidheaders flag enabled. This results in headers containing a period being dropped.

      Whilst this might not be best practice, they're not technically invalid and this is something we have for historic reasons and makes it impossible to move to v2 without changing a lot of code.

      Making this setting configurable or disabling by default for backward compatibility with v1 would be welcome as I'm sure v1 App Gateways will be retired at some point.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Application Gateway

      The notification for all the processes is generic. For example - if you are updating a listener or you are updating a Backend HTTP Pool, the notification is generic, and it is not possible to distinguish as to which process is taking how much time, or which process is currently in progress.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Application Gateway -- Option to Stop/Start from Azure Portal

      It would be nice if we have the option to Start/Stop the Application Gateway from Azure Portal

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. The web application firewall (WAF) currently doesn't show the activated rules correctly.

      The web application firewall (WAF) currently doesn't show the activated rules correctly.
      If it is activated - a-- internal rules are active as well.
      This is not shown in the UI and is confusing.
      This should be changed.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    9. Add Application Gateway support for Azure DevOps tasks

      Add Application Gateway support for Azure DevOps tasks. Currently public IP address is needed for release pipeline tasks like copying files and running PowerShell on Azure VM's.

      Here's a link to the statement that VM's are not supported behind Application Gateways: https://github.com/Microsoft/azure-pipelines-tasks/issues/3235#issuecomment-448126585

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. AppGw WAF_v2 Undo breaking change with case sensitivity for PathbasedRules

      between older SKUs and WAF_v2 has been a breaking change
      regarding case sensitivity of Rules.

      Starting with v2 Rules are now Case sensitive.

      Having a SaaS - offering with public API,

      This is
      - breaking existing REST-APIs published to customers and partners
      - completely unexpected for Windows-Users
      - a source for many customer-problems and support-calls

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Add support for Remote Desktop to the Azure Application Gateway

      Add Azure Application Gateway (With WAF) support for RD Gateway traffic.

      Currently I can only route traffic for RD Web through the application gateway. It would be useful if I could route all RD traffic through the application gateway and not have to have multiple public IPs and Traffic Manager profiles and split RD Broker/Web and RD Gateway traffic.

      At the moment I can't even route RD Gateway traffic through Application Gateway even with WAF disabled.

      46 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Application Gateway should support OAuth2 and/or JWT token validation

      Azure Application Gateway should support OAuth2 and/or JWT token validation so it can be used as a reverse proxy.

      55 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Add ACI Containers to Application Gateway Backend Pool Targets

      Currently the only way to set the backend pool targets for ACI containers within a private VNET is by IP address. When stopping and starting ACI containers there is no guarantee that they will re-use the same IP address.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Azure AppGateway same port cant be used on both private and public IP

      Currently we have an app gateway deployed, we have several listeners that are on a private IP address, (for internal users) the plan was to also make these sites available on an external IP on the same app gateway.

      However it appears once a port has been assigned in a listener, it can not be assigned to another listener with a different front end port.

      A ticket was raised with MS ref: :118062518450635.

      68 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    15. Add a way to test the configuration of Application Gateway before update

      When updating an application gateway (example changing to a different backend). It would be useful to be able to test the configuration of the application gateway before saving.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    16. WAF file size limit to be increased

      Currently as the WAF limit is set to 100mb, we cannot process our large files which could hit 500mb for example.

      Can you please increase the WAF file silze limit? To possibly 1GB / 2GB

      159 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Application Gateway Web App Slot Support as Backend Pool

      We would like to protect our staging environment (Web App Slots) the same way we protect our production environment (Web App) by putting the Slot Deployments behind the Application Gateway.

      34 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Application Gateway WAF: update to OWASP CRS 3.0.2

      The 'OWASP 3.0' (3.0.0) WAF rule set generates a lot of false positives, even on random base64 payloads. The only option is to disable many rules.

      2 examples which frequently trigger on SAML authentication exchanges are 932140 (https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/671) and 941120 (https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/675).

      OWASP CRS 3.0.2 reworked some rules, in order to reduce some of these false positives. Please support CRS 3.0.2 (either as an in-place upgrade for 3.0.0, or as a new option).

      125 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      13 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Maximum Internet Traffic supported by Application Gateway . Sometimes there will be a performance test conducted . So it is better to know

      Would be great if there is some information on the maximum traffic supported by Application gateway

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    20. Azure Application gateway multiple Frontend ip addresses

      Azure Application Gateway allows multiple listeners over port 80 (HTTP), but it only allows 1 listener over port 443. You protect multiple websites using HTTP port (80), but only 1 using HTTPs (443). I propose the possibility of multiple IP frontend or just support multiple listeners over 443 (HTTPs). Trust me, is hard when you need an Application Gateway for each Azure web app...

      Best,

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base