Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Set headers detailing TLS handshake

      Additional x-azure-{x} headers which provide details about the TLS handshake between the client and front door, such as the selected cipher, TLS version and key length. This will help provide operational insight about the client base.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    2. Ability to skip specific rules in Font Door WAF without skipping all rules

      There are a number of managed rules that trigger false-positives in Front Door's Web Application Firewall. For example, Google will attach a "gclid" URL parameter onto links for tracking, however, due to the randomness of this value, it can trigger the SQLI 942450 rule.

      The only options to prevent this from affecting customer are either:

      a) Remove the rule altogether, thereby reducing overall security across your backend hosts.

      or, b) Add in a custom rule to skip ALL rules when the "gclid" parameter is set (ie. Allow traffic). This is perhaps even worse than option (b), since you've effectively removed…

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    3. Disable IPv6 on Front Door

      Hello Team,

      Can you please add feature to turn off IPv6 announcement for AFD frontend?

      Thanks!

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Log failed requests due to TLS / Cipher Mismatch

      It's difficult to troubleshoot requests that are rejected due to TLS version or cipher suite support mismatch. Can those events be logged (as desired) to help rule out other networking related issues?

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    5. Azure FrontDoor support for custom ports

      Front Door currently only supports ports 80 and 443. In case a custom ports needs to be supported, other solutions like load balancer don't provide global distribution which is not restricted to a region. We would like to be able to configure Front Door with custom ports and different backends for each allowing simpler conversion of on-prem applications to Cloud without changing the integrated systems.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow Front Door Services to be moved between subscriptions

      Allow Front Doors to be moved between subscriptions.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    7. Provide an identifiable user agent for Front Door health probe requests

      HTTP requests sent by Azure FD for health probes should provide an identifiable User Agent, enabling application insights to filter these as synthetic traffic.

      Given the volume of requests this is going to be a problem for every Front Door user who uses AI telemetry

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    8. Add support for Azure Static Web Apps in Azure Frontdoor

      Add Azure Static Web Apps as Backend host type in Azure Frontdoor. Would be nice to be able to combine Azure Static Web Apps with advanced features in Azure Frontdoor.

      https://docs.microsoft.com/en-us/azure/static-web-apps/

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Azure Front Door needs to do name checking on custom Azure web app SSL certificates

      If you have an Azure web app with a custom domain certificate, that has been working fine for a long time, then you move that wep app behind an Azure Front Door front end, the SSL certificate presently bound to the web app breaks Front Door. Front Door "add a front end" should check that the name used by the HTTPS probe to determine back end health matches the name on the custom domain certificate at that moment.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. Add support for Let's Encrypt as a CA in Azure Front Door

      Add support for allowing Let's Encrypt as valid CA.

      Buying SSL Certificate is an expensive affair and having Let's Encrypt as valid CA would increase Front Door's adoption.

      One situation it will be really helpful is while using an Apex domain with Front Door.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. Make backend host header field behave consistently with portal

      Currently the behavior of a backend's "Backend Host Header" field behaves differently when you use the azure portal compared to when you use automation like ARM or Terraform.

      The documentation here states: https://docs.microsoft.com/en-us/azure/frontdoor/front-door-backend-pool#feedback

      > For example, a request made for www.contoso.com will have the host header www.contoso.com. If you use Azure portal to configure your backend, the default value for this field is the host name of the backend. If your backend is contoso-westus.azurewebsites.net, in the Azure portal, the autopopulated value for the backend host header will be contoso-westus.azurewebsites.net. However, if you use Azure Resource Manager templates or another…

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    12. Increase header value character limit for rules engine

      Currently the AFD rules engine has a header value limitation of 128 characters.
      This limitation prevents using the rules engine for useful security headers like Content-Security-Policy which are often larger.

      There is even a documentation (https://docs.microsoft.com/en-us/azure/frontdoor/front-door-security-headers) on using this approach for security headers but they use a shorter CSP so don't hit the limit.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Allow HTTP/2 to be disabled in favour of HTTP/1.1

      We would like to deploy FD but are unable to because of support for some legacy applications that are already deployed in the field.

      For reasons when they are allowed to communicate via HTTP/2 the change of case of header keys through the Front Door causes those legacy applications to misbehave. We would like to downgrade FD to use HTTP/1.1 and hence preserve the case of the header keys.

      It is not possible to reach out to the deployed desktop clients and get them to explicitly request HTTP/1.1

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    14. Support Condition element in Front Door ARM Templates

      The condition element allows more general purpose templates to be authored, for example a single template that supports parameterising whether a custom front end is created. Currently when trying to use the Condition element on the Front End Endpoint as per the ARM snippet below the following error is received

      Template deployment returned the following errors:
      12:40:27 - 12:40:26 PM - Resource Microsoft.Network/frontdoors 'fd-uks-########-01' failed with message '{
      12:40:27 - "error": {
      12:40:27 - "code": "InvalidResource",
      12:40:27 - "message": "The property 'condition' does not exist on type 'Microsoft.Azure.FrontDoor.Models.DeepCreatedResource_1OfFrontdoorFrontendEndpoint'. Make sure to only use property names that are defined by the…

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. Allow Azure Front Door API call result show updating state

      Hello team,

      Recently we found that if we use API call to put backend hosts in AFD, we cannot get the state that whether the operation was in updating state or succeed. Even though we run the get command, the AFD resource still updating, thus we cannot proceed other operation.

      Could you please kindly add result in PS/CLI/API command to show whether the resource was in updating state? Thank you!

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    16. Add an ability to process responses in the Front Door Rules Engine

      It would be great to be able to intercept certain responses from back-ends and parse them through the rules engine, doing things like redirect the user to another URL if the back-end responds with a 400 or 500 level https status code.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    17. Redirect user if Front Door backend timeout occurs

      Rather than returning a 500 "Our services are unavailable" default page, it would be great to be able to set a URL that the user could be redirected to so we can present them with a nicer looking page. Ideally include the tracking ID as a header in that redirect so we can capture and present it nicely in the destination page.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    18. Validate Token like APIM at Azure Front Door Level

      Can we validate Security Token At Front Door like API Management Service?

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    19. Exclusions required in config of Frontdoor WAF

      Please implement match exclusions in the Frontdoor WAF similar to how exclusions are handled in Application Gateway WAF. We need to ignore a cookie value where randomized session strings seem to trip WAF regularly.

      Thanks
      Ben.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    20. Configurable Timeout when route caching is enabled

      Front Door currently has a sendRecvTimeoutSeconds to configure the timeout for backend requests. However as spoken to a Microsoft technician (after raising an Azure ticket), this setting does not apparently apply to when the Front Door routing has caching enabled. If so it defaults to 30 seconds.

      This behaviour is very misleading and should be documented on this page https://docs.microsoft.com/en-us/azure/frontdoor/front-door-troubleshoot-routing#503-response-from-front-door-after-a-few-seconds .

      Furthermore, it is a huge downside to using Front Door if caching routes timeout within 30 seconds and this is not configurable.

      The Microsoft technician mentioned this issue is being addressed, however can we expect this to be available?

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base