Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow RegEx Search Patterns for URL Path Patterns in Front Door Rules, and Multiple Wildcards

      Right now, Azure Front Door URL Path Patterns support matching through only one wildcard (asterisk)
      that currently must be preceded by a slash and must appear at the very end of the URL Path Pattern.
      This is still true as of September 1, 2019.

      For some use cases, it is crucial to have much more control over each URL path pattern, than the current existing functionality in Azure Front Door.

      We would like to see the possibility to have more versatile rules in Azure Front Door, including both of the following:

      1) The ability to place more than one wildcard…

      86 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    2. Front Door Managed SSL for Apex Domain

      While you can add an apex domain by changing your name servers to Azure DNS and utilizing an alias record (similar to traffic manager), front door does not allow for "Front Door Managed" SSLs for the apex domain. As this will be one of the most required SSLs (since it's very rare for a company not to redirect the apex to www.***.com or vice versa), it would be very useful to not have to purchase a cert for this purpose since free managed SSL is a very big selling point for Front Door. Please add this, otherwise almost all customer…

      155 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    3. Add support for Azure Static Web Apps in Azure Frontdoor

      Add Azure Static Web Apps as Backend host type in Azure Frontdoor. Would be nice to be able to combine Azure Static Web Apps with advanced features in Azure Frontdoor.

      https://docs.microsoft.com/en-us/azure/static-web-apps/

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Validate Token like APIM at Azure Front Door Level

      Can we validate Security Token At Front Door like API Management Service?

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    5. Azure Front Door - Routing based on Query string parameters

      It seems Azure Front Door does not support Pattern matching on the basis of Query string parameters.

      Is there a way i can redirect requests bases on value of url parameter?

      ex: https://www.contoso.com/api/page1?type=EU

      Parameter "type" can have multiple values, if the value is "EU", the AFD should redirect to https://eu.contoso.com.
      if the value is "US", the AFD should redirect to https://us.contoso.com.

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. Add additional Authorized CA for custom Certificate in Azure Front Door

      Actually it is possible to bring a custom certificate for custom domain name in Azure Front Door. Unfortunately, there is a restricted list of authorized CA (cf. https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https). CA like Lets Encrypt (https://letsencrypt.org/) are not in the list. Is possible to add it ?

      235 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      15 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    7. Support Condition element in Front Door ARM Templates

      The condition element allows more general purpose templates to be authored, for example a single template that supports parameterising whether a custom front end is created. Currently when trying to use the Condition element on the Front End Endpoint as per the ARM snippet below the following error is received

      Template deployment returned the following errors:
      12:40:27 - 12:40:26 PM - Resource Microsoft.Network/frontdoors 'fd-uks-########-01' failed with message '{
      12:40:27 - "error": {
      12:40:27 - "code": "InvalidResource",
      12:40:27 - "message": "The property 'condition' does not exist on type 'Microsoft.Azure.FrontDoor.Models.DeepCreatedResource_1OfFrontdoorFrontendEndpoint'. Make sure to only use property names that are defined by the…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    8. Private Endpoint support in Front Door

      Front Door is useful for private networking scenarios as well as public. For example we are beginning to use it as a routing for Blue/Green Deployments of our internal apps.

      To keep the apps secure, we want to have a private traffic route into the Front Door and also out to the backends.

      This could be by the new Private Endpoints. There is also a separate feature request on here for VNet support.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Make backend host header field behave consistently with portal

      Currently the behavior of a backend's "Backend Host Header" field behaves differently when you use the azure portal compared to when you use automation like ARM or Terraform.

      The documentation here states: https://docs.microsoft.com/en-us/azure/frontdoor/front-door-backend-pool#feedback

      > For example, a request made for www.contoso.com will have the host header www.contoso.com. If you use Azure portal to configure your backend, the default value for this field is the host name of the backend. If your backend is contoso-westus.azurewebsites.net, in the Azure portal, the autopopulated value for the backend host header will be contoso-westus.azurewebsites.net. However, if you use Azure Resource Manager templates or another…

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. Azure FrontDoor support for custom ports

      Front Door currently only supports ports 80 and 443. In case a custom ports needs to be supported, other solutions like load balancer don't provide global distribution which is not restricted to a region. We would like to be able to configure Front Door with custom ports and different backends for each allowing simpler conversion of on-prem applications to Cloud without changing the integrated systems.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. Allow adding custom hostnames before DNS CNAME is set up on Azure Front Door

      Allow adding custom hostnames before DNS CNAME is set up. That way we could prepare the Front Door configuration before setting it live on our domain. This is useful for scenarios when some transitions to Front Door (for example from Traffic Manager) with a domain which is already in use in production.

      140 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    12. Add support for Let's Encrypt as a CA in Azure Front Door

      Add support for allowing Let's Encrypt as valid CA.

      Buying SSL Certificate is an expensive affair and having Let's Encrypt as valid CA would increase Front Door's adoption.

      One situation it will be really helpful is while using an Apex domain with Front Door.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Provide a lower starting cost for Front Door

      I have a simple static web page with HTML and JavaScript and a simple azure function working with a cosmos db, with very little traffic. Static web and function costs only cents and cosmos for ~23$. Adding a azure Front Door to this setup, will tripple the price (need two rules). I really like a to use Front Door, but adding this to my setup is to costly in relation to the other costs.

      24 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    14. Configurable Timeout when route caching is enabled

      Front Door currently has a sendRecvTimeoutSeconds to configure the timeout for backend requests. However as spoken to a Microsoft technician (after raising an Azure ticket), this setting does not apparently apply to when the Front Door routing has caching enabled. If so it defaults to 30 seconds.

      This behaviour is very misleading and should be documented on this page https://docs.microsoft.com/en-us/azure/frontdoor/front-door-troubleshoot-routing#503-response-from-front-door-after-a-few-seconds .

      Furthermore, it is a huge downside to using Front Door if caching routes timeout within 30 seconds and this is not configurable.

      The Microsoft technician mentioned this issue is being addressed, however can we expect this to be available?

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. More Front Door routing options - based on headers and/or IP addresses

      Currently, it looks that Front Door only supports routing based on URL path. It would be nice to be able to route traffic according to headers and/or IP addresses as well.

      E.g.,
      Forward traffic coming from 6.7.8.9 to backend pool X.
      or
      Forward traffic with the header User-Agent containing googlebot to backend pool Y. (not promoting cloaking here at all, but dynamic rendering instead https://developers.google.com/search/docs/guides/dynamic-rendering)

      26 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    16. Fallback to secondary region of RA-GRS storage endpoints for AzureFD

      With a storage account configured with RA-GRS. It would be nice that if Azure FD is using a backend point to a storage account it would use primary endpoint as Priority 1 and for the secondary endpoint be used as Priority 2, currently this needs configured manually with 'Custom Host' type

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    17. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    18. Custom error pages in Azure Front Door

      As for Application Gateway, we need to be able to customize the error page displayed when the access to an url is refused by an ip restriction rule.

      See : https://feedback.azure.com/forums/217313-networking/suggestions/18749326-application-gateway-custom-error-pages

      330 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  9 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    19. Enable OWASP secure headers on Azure FrontDoor service

      Requesting Front Door be supporting OWASP secure headers (https://www.owasp.org/index.php/OWASPSecureHeaders_Project#tab=Headers)?
      Currently, our POC website using Azure FrontDoor fails many OWASP header tests, especially when Front Door would claim to protect against few OWASP attacks.
      Appreciate that these be on the FrontDoor roadmap in very near future.

      OWASP HTTP Secure Headers

      HTTP Strict Transport Security (HSTS)
      Public Key Pinning Extension for HTTP (HPKP)
      X-Frame-Options
      X-XSS-Protection
      X-Content-Type-Options
      Content-Security-Policy
      X-Permitted-Cross-Domain-Policies
      Referrer-Policy
      Expect-CT
      Feature-Policy

      255 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  7 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    20. Azure Front Door - cache Key Vault sourced certificates

      We use Front Door to host multiple clients under the same domain, and configured HTTPS with a wildcard certificate sourced from Azure Key Vault. The same source Key Vault, secret name and secret version is used for all frontend endpoints configured.
      Customer DNS records:
      customer1.domain.com -> frontdoorname.azurefd.net
      customer2.domain.com -> frontdoorname.azurefd.net
      customer3.domain.com -> frontdoorname.azurefd.net

      Wildcard certificate in Key Vault *.domain.com

      Every time a new client front end is added and HTTPS configured for it, the certificate is deployed again, which takes 20 minutes. Front Door should recognize that the same version of the same certificate is already been uploaded before and…

      36 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base