Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Expand Azure Front Door Compression Support

      Currently AFD only performs compression when CDN caching is enabled and when the cached files are 8MB or less in size.

      These two limitations create problems in some scenarios - especially when large 3rd party JavaScript libraries are being leveraged and an external CDN can't be used for those libraries.

      Please allow for compression to be enabled independently of caching, and allow for files larger than 8MB to be compressed.

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    2. Make Front Door work correctly for Azure B2C sign into a aspnet core web app

      I have a aspnet core web app which uses Azure B2C for storing registered users data. Registration and sign in for the app works as expected.

      I tried to configure the site to work with Front Door. however, we noticed Correlation Failed exceptions being logged immediately after the user had signed in. They were not then being redirected correctly to the next view.

      Further investigation showed that Front Door was stripping cookies from a key response being returned from Azure B2C. These were the very cookies used to complete the sign in process for B2C. this explained the failure.

      In…

      32 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    3. Add option to detach specific files from the Azure Front Door dynamic cache

      When you host a SPA (Single Page Application) on an Azure Blob storage with Azure Front Door (with dynamic caching activated):

      Everytime you release a new version of the app, users have to force-reload the page in order to get the new version.
      Because the links to the new assets (like main.***.js, ...) are located in the index.html, which has been cached.

      I was able to solve it:
      1. Let the Azure CLI set the Cache-Control header to "no-cache" on the index.html after pushing it to the blob storage:
      az storage blob update --account-name $(storageAccount) --container $web --name index.html --content-cache-control…

      31 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    4. Azure Front Door should automatically configure custom domains on backend app services

      When a custom domain is registered with Azure Front Door it should register that custom domain with backend app services.

      When backend app services do not have the same custom domain as AFD, app service session cookies are not passed back to the browser. Therefore session affinity is broken.

      Although there is a workaround that involves pointing the custom domain at the app services to register the domain, then pointing the custom domain back to AFD, it some cases that's just not feasible.

      We will be halting further rollout of AFD to our customers until this issue is resolved.

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    5. More Front Door routing options - based on headers and/or IP addresses

      Currently, it looks that Front Door only supports routing based on URL path. It would be nice to be able to route traffic according to headers and/or IP addresses as well.

      E.g.,
      Forward traffic coming from 6.7.8.9 to backend pool X.
      or
      Forward traffic with the header User-Agent containing googlebot to backend pool Y. (not promoting cloaking here at all, but dynamic rendering instead https://developers.google.com/search/docs/guides/dynamic-rendering)

      26 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. Azure Front Door WAF should scan POST requests with content-type multipart

      At the moment the Azure Front Door WAF does not scan for XSS threats when the request going through FD is of content-type multipart. This was advised this is the case by the Microsoft Support team. For example, if I send the following request through Azure Front Door with OWASP DefaultRuleSet enabled on its WAF:
      POST:

      content-type: multipart/form-data; boundary=----WebKitFormBoundaryriZKfNGOPKHI8rWO

      Form Data:
      958127ef-8053-4054-811e-49d54be8a09f: <script>alert('hello');</script>

      The WAF does not detect the XSS threat simply because of the content-type.

      This is fundamental to have in a service dedicated to protect backend systems. I am conscious this is currently being worked, however what is…

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    7. Provide a lower starting cost for Front Door

      I have a simple static web page with HTML and JavaScript and a simple azure function working with a cosmos db, with very little traffic. Static web and function costs only cents and cosmos for ~23$. Adding a azure Front Door to this setup, will tripple the price (need two rules). I really like a to use Front Door, but adding this to my setup is to costly in relation to the other costs.

      24 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    8. 22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Azure Front Door - Routing based on Query string parameters

      It seems Azure Front Door does not support Pattern matching on the basis of Query string parameters.

      Is there a way i can redirect requests bases on value of url parameter?

      ex: https://www.contoso.com/api/page1?type=EU

      Parameter "type" can have multiple values, if the value is "EU", the AFD should redirect to https://eu.contoso.com.
      if the value is "US", the AFD should redirect to https://us.contoso.com.

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. Header value character limit in Azure Front Door rules engine

      I'm trying to use the new rules engine configuration in Front Door to append a Content-Security-Policy header to a static website hosted in Azure Storage. Currently there is a limit of 128 characters for the "Header value", a limit you reach quickly if you have a couple of external scripts/style/image/etc sources.

      The character limit needs to be significantly increased to support anything other than the most basic CSPs.

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. Add X-Azure-Client-IP-Country header to headers set by Front Door

      It would be really nice to have the country of the originating IP adress of the request available in the request headers, similar to Cloudflare's X-CF-IPCountry header.

      While Azure Front Door does provide routing rules depending on country, in my case the route is accessible globally but validation depends on the country of the originating IP address. Having it available in the header saves me an additional call to an IP Geolocation service.

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    12. Handle passthrough of ARR affinity cookied when routing through FrontDoor

      Given that the ARR affinity at App service level relies on a cookie in the domain of the service's host name binding, FrontDoor renders this effectively dead when serving the URL differently externally. Some form of cookie passthrough/rewriting for this would allow for app-level affinity to still be possible

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Tag Front Door

      Allow tagging an existing Front Door. Currently is possible to tag a front door only during creation.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    14. give FrontDoor health probes an identifiable user agent to enable traffice to be filtered in Application Insights

      Health Probe requests from Azure FrontDoor should have an identifiable user agent string, which ideally should be included in the default ApplicationInsights.Config filters section.

      Any user of FD whose sites us AI are going to find their telemetry feeds flooded with multiple requests a minute otherwise, and all suggestions given from other users or MS have been workarounds for what should be a standard filter being missing

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. Add a URL Shortener / Short URL service to Front Door

      I have a map of rules that require redirects (301) and more flexible links for future maintenance -- similar to aka.ms or https://redirectiontool.trafficmanager.net tool that Microsoft uses internally.

      It'd be useful to have a service in Azure that provides these redirects backed by the CDN network (just how Azure Front Door works).

      I have thousands of these rules -- the costing per Routing rule would be too expensive to justify. Costing wise, perhaps redirects with no rewrites could be excluded from Routing Rules costs (or at least significantly cheaper)?

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    16. Native support for isolating traffic to a specific Front Door

      Most users are not aware that it is posible to bypass the specific Front Door instance by using another Front Door, see https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq#how-do-i-lock-down-the-access-to-my-backend-to-only-azure-front-door

      What I would like is native support for validating the X-Azure-FDID header in ex. an Application Gateway. With no native Azure service able to allow or deny traffic based on that specific header, it is left to the application developers to do.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    17. Set headers detailing TLS handshake

      Additional x-azure-{x} headers which provide details about the TLS handshake between the client and front door, such as the selected cipher, TLS version and key length. This will help provide operational insight about the client base.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    18. Provide an identifiable user agent for Front Door health probe requests

      HTTP requests sent by Azure FD for health probes should provide an identifiable User Agent, enabling application insights to filter these as synthetic traffic.

      Given the volume of requests this is going to be a problem for every Front Door user who uses AI telemetry

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    19. Azure Front Door needs to do name checking on custom Azure web app SSL certificates

      If you have an Azure web app with a custom domain certificate, that has been working fine for a long time, then you move that wep app behind an Azure Front Door front end, the SSL certificate presently bound to the web app breaks Front Door. Front Door "add a front end" should check that the name used by the HTTPS probe to determine back end health matches the name on the custom domain certificate at that moment.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    20. Improve Front Door WAF Bot100200 managed rule (stop blocking Google crawlers)

      Currently the Front Door WAF Bot100200 managed rule blocks Google crawlers. This has resulted in pages being de-listed, and Ads being disapproved.

      This rule does, however, block malicious traffic, so disabling it completely (which is the only option) results in more malicious attempts on the backend hosts.

      This could also be fixed by putting Google crawlers into the "Good" bots rule which overrides the Bot100200. Why this hasn't happened, is anyone's guess. In its current state, this rule is unsuable.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base