Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Add Custom Apex (Naked) Domains as front end hosts for Azure Front Door Service

      Azure Front Door Service is currently missing the ability to onboard Apex (Naked) Domains e.g. https://contoso.com https://example.com

      It runs on Anycast IP addresses that seem globally consistent for the Frontend host (something.azurefd,net)

      So why not allow me to onboard an Apex domain to the service by creating DNS A and / or AAAA records at the custom zone apex that point to the allocated Anycast IPs? (CNAMEs are not supported at the Zone Apex)

      If the answer is that the Anycast IPs aren't allocated in perpetuity please fix that first then add this feature!

      195 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  12 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    2. Allow an HTTP to HTTPS redirect on Azure Front Door

      Allow an HTTP to HTTPS redirect on Azure Front Door.

      183 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  7 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    3. Enable OWASP secure headers on Azure FrontDoor service

      Requesting Front Door be supporting OWASP secure headers (https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers)?
      Currently, our POC website using Azure FrontDoor fails many OWASP header tests, especially when Front Door would claim to protect against few OWASP attacks.
      Appreciate that these be on the FrontDoor roadmap in very near future.

      OWASP HTTP Secure Headers
      ------------------------------
      HTTP Strict Transport Security (HSTS)
      Public Key Pinning Extension for HTTP (HPKP)
      X-Frame-Options
      X-XSS-Protection
      X-Content-Type-Options
      Content-Security-Policy
      X-Permitted-Cross-Domain-Policies
      Referrer-Policy
      Expect-CT
      Feature-Policy

      142 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Support wildcard hosts in custom hostnames

      Many of current SaaS applications enable customers to select it`s own subdomain in order do have a personalized url.

      So let's say I own contoso.com and I let my customers select any subdomain (*.contoso.com) like:

      foo.contoso.com
      bar.contoso.com

      That's cool with a couple customers but when you have a large system it's not doable setup one by one, even that you can automate that.

      The ideal solution would be allowing custom hostname field to bind a wildcard domain, in this example *.contoso.com

      There's a similar idea for Application Gateway that has been for a while (https://feedback.azure.com/forums/217313-networking/suggestions/19527121-application-gateway-support-wildcard-hosts-in-lis)

      Similar products on…

      113 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    5. Custom error pages in Azure Front Door

      As for Application Gateway, we need to be able to customize the error page displayed when the access to an url is refused by an ip restriction rule.

      See : https://feedback.azure.com/forums/217313-networking/suggestions/18749326-application-gateway-custom-error-pages

      95 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow configurable timeout period for Front Door

      Currently Front Door forces a 30 second timeout for backend requests. This can severely restrict the usefulness of the service in production systems. It would be great to have the timeout period configurable to allow for a longer period of time. My understanding is that the Azure Load Balancer, which sits in a similar space as Front Door, defaults to a 4 minute timeout period.

      59 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  6 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    7. Support WebSocket connections on Azure Front Door

      Add support for WebSocket connections with load balancing on Azure Front Door

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow front door service URL Rewrite to file instead of path

      Allow URL Rewrite to rewrite a path to a file. This would enable users to host single page applications using front door.

      38 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  7 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Add additional Authorized CA for custom Certificate in Azure Front Door

      Actually it is possible to bring a custom certificate for custom domain name in Azure Front Door. Unfortunately, there is a restricted list of authorized CA (cf. https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https). CA like Lets Encrypt (https://letsencrypt.org/) are not in the list. Is possible to add it ?

      37 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. Provide option to change which TLS versions are supported

      Provide option to change which TLS versions are supported - similar to the Azure App Service. This will allow for use of Front Door with PCI compliant apps.

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. Configurable back-end health check aggressiveness

      Related thread:
      https://social.msdn.microsoft.com/Forums/en-US/75cfb536-71f6-4c88-ac80-ec693f3e6229/azure-front-door-healthcheck-frequency?forum=WAVirtualMachinesVirtualNetwork

      Behind my frontdoor are two "back-ends", each consists of a single web app.

      For each back-end I have configured a health check with interval of 120 seconds. My expectation was that this leads to roughly 30 requests per hour.

      In reality, my application insights shows 64000 requests in the past 24 hours, that's more than 40 requests per minute! A live traffic log confirms this: I see health check requests come in almost every second...

      With the current behavior there is hardly any correlation with the configured "Interval" setting.

      It would be great if there was an…

      30 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    12. Intermediate CNAME for custom domain on FrontDoor

      Custom domains on Front Door and App service do not work the same way.

      Custom domains on Front Door and App service do not check DNS records for custom domains in the same way.

      My usecase:
      - I have hundreds of clients with custom domains they have registered on their own (like myclient.com)
      - My clients use www.myclient.com to access our services
      - My company owns mycompany.com
      - I've asked them to add a CNAME like this: www IN CNAME client.mycompany.com
      - I've setup this record: client.mycompany.com IN CNAME mycompany.azurewebsites.net
      - We are using custom domains on App service with…

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Frontdooor - TLS mutual authentication - X-ARR-ClientCert

      Allow Frontdoor to inject the client certificate into request header: X-ARR-ClientCert similar to App Services.

      https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    14. Azure Front Doors drain Application insights

      I've enabled Azure Front Doors for a test/dev scenario to a web app that has application insights enabled. It started draining heavily as all frontdoors hearbeats are logged and are causing AppInsights log analytics to be pricey. There should be a way to disable that?

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. Confirguration of caching rules in Front Door

      Allow configuration of content caching rules similar to how Azure CDN (Akamai) and Azure CDN (Verizon). This will allow better support of leveraging Front Door with Azure Storage Static Websites where it is impractical to set cache-control on a per-item basis.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    16. Azure Front Door service is incompatible with blob storage if using Azure storage's shared key authentication method

      We found Azure Front Door service is incompatible with Azure blob storage if using Azure storage's shared key authentication method. The root cause is AFD will add some x-ms-* headers into the request to storage backend, storage backend will use all headers begin with “x-ms-“ to calculate the MAC signature. So the request will be rejected by storage service if forwarded by AFD.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    17. [Azure Front Door Service]Support password protected PFX

      Support password protected PFX for HTTPS

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    18. Azure Front Door support for self-signed certificates on backend origins

      It would be great to be able to use self-signed certificates on the backend pool VM's, Cloud Services, etc, but continue to use a Public CA signed certificate for the Frontend host.
      Especially for Dev/Test environments where the default *.azurefd.net front-end domain/certificate is suitable for testing purposes and traffic to the back-end pool should be across https. It would save needing to buy and install certificates for dev/test environments.
      Or, perhaps long-life "origin certs" could be issued by Front Door to be used on the back-end pool. Similar to Cloudflare's Origin Certs concept where the issued certs are trusted by…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    19. Add Telia as allowed CA for Front Door

      Add TeliaSonera CA Root v1 as allowed CA for Azure Front Door.
      https://repository.trust.teliasonera.com/

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    20. Challenges in making AFD Work as a CDN for on prem resources

      We would like to use the AFD's WAFs capability and CDN for protecting our on premise farm

      We will need to create the service on AFD and have Backend access via an IP and Backend header
      Conceptually and by design the service should be able to do it
      Challenges:

      0. On a single IP we have many Names that are published in HTTPS only, a single certificate with SAN entry for all the names
      The IP address normally does not respond to any request and give a 403

      We have modified the IP to respond with 200 for HTTP
      but…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    ← Previous 1
    • Don't see your idea?

    Feedback and Knowledge Base