Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Improve Front Door WAF Bot100200 managed rule (stop blocking Google crawlers)

      Currently the Front Door WAF Bot100200 managed rule blocks Google crawlers. This has resulted in pages being de-listed, and Ads being disapproved.

      This rule does, however, block malicious traffic, so disabling it completely (which is the only option) results in more malicious attempts on the backend hosts.

      This could also be fixed by putting Google crawlers into the "Good" bots rule which overrides the Bot100200. Why this hasn't happened, is anyone's guess. In its current state, this rule is unsuable.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    2. Exclusions required in config of Frontdoor WAF

      Please implement match exclusions in the Frontdoor WAF similar to how exclusions are handled in Application Gateway WAF. We need to ignore a cookie value where randomized session strings seem to trip WAF regularly.

      Thanks
      Ben.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    3. Support User-agent http header for Azure FrontDoor

      Support for User-Agent http Header.
      It could be very usefull to be able to redirect to specific backend using the User-Agent header (ios ...).

      Actually the only way i found to achieve this is to put another Ngnix in front of Front Door to redirect to specific Host.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Challenges in making AFD Work as a CDN for on prem resources

      We would like to use the AFD's WAFs capability and CDN for protecting our on premise farm

      We will need to create the service on AFD and have Backend access via an IP and Backend header
      Conceptually and by design the service should be able to do it
      Challenges:


      1. On a single IP we have many Names that are published in HTTPS only, a single certificate with SAN entry for all the names
        The IP address normally does not respond to any request and give a 403

      We have modified the IP to respond with 200 for HTTP
      but HTTPS…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    5. Front Door support Range headers where the client asks for more bytes than is available from the origin

      When the Facebook sharing service reaches out to get the metadata for a page, it asks for the first 512Kb of the page. However, most of the pages on our site are 21Kb, so Front Door kicks out the request with a 503 because the Content-Length headers do not match. Please support Range requests for files smaller than the requested size as well as cache those requests as well.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. Provide ability to enforce baseline rules across Azure tenant for Azure Front Door WAF

      Providing the ability to define a baseline set of rules for Azure Front Door WAF will help enterprise security teams keep a consistent security posture for endpoints no matter who owns the deployment of the Azure Front Door instance. Ideally this could be configured to enforce this baseline across all Azure Front Door instances within an Azure tenant.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    7. Why does front door remove Authorization Headers when we do a Redirect?

      I have a set of APIs built using web service (legacy) and I have created a new set of APIs using Azure functions. Now I want all my legacy API to route to Azure Function.

      I tried the Azure Front Door service redirect to achieve the functionality. I was able to redirect but the request headers are missing in the redirected requests. Not sure why Azure Front Door is removing them?

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    8. Front Door: TM’s FQDN is reflecting in drop down menu mutiple times when adding app services to a front door backend pool

      Currently if i have multiple app services connected to a traffic manager and i want to have a Azure Front door, TM's FQDN reflects in the dropdown while adding these appservices in Front door backend pool.

      For eg. Say xyz.azurewesites.net and pqr.azurewebsites.net are connected to tm.trafficmanager.net. When I create a front door and try to add these appservices to the pool, tm.trafficmanager.net shows up two times instead of real appservice names.

      This is a issue where if I want add app services among multiple backend pools say one for read and one for write, there would be no way to…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Front door t-msedge.net add ipv6 to auth nameservers.

      Front door cname domain fails to load in a IPv6 only scenario, since the auth nameservers for domain t-msedge.net is IPv4 only. Please add IPv6 to those nameservers ASAP.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. 2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. Log the violating field for Azure Frontdoor WAF logs

      Azure Front Door WAF logs currently indicate the violated rule name (ruleName_s) but it does not include the field (cookie name, query parameter name, etc) that was responsible for the action being invoked.

      This makes investigating false positives difficult.

      From what I can see in the Application Gateway documentation, its WAF looks like it does give you information about the details of the violation:
      https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-troubleshoot

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    12. Azure Front Door needs to do name checking on custom Azure web app SSL certificates

      If you have an Azure web app with a custom domain certificate, that has been working fine for a long time, then you move that wep app behind an Azure Front Door front end, the SSL certificate presently bound to the web app breaks Front Door. Front Door "add a front end" should check that the name used by the HTTPS probe to determine back end health matches the name on the custom domain certificate at that moment.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Provide Example to connect Front Door with Azure Load Balancer

      Currently no example is provided to showcase connectivity between Azure Front Door and Azure Load Balancer - although your FaQ states it should work there is no proof anywhere and any combinations tried in a live subscription to make this work lead nowhere.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    14. Add support for Let's Encrypt as a CA in Azure Front Door

      Add support for allowing Let's Encrypt as valid CA.

      Buying SSL Certificate is an expensive affair and having Let's Encrypt as valid CA would increase Front Door's adoption.

      One situation it will be really helpful is while using an Apex domain with Front Door.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. Query string does not support without value in Azure FrontDoor

      Currently, the query string parameter in Frontdoor does not support a key withou value, it only supports format key=value. However, in RFC, it does not mandate the format with key=value. Is there any load map to have FD supports this feature?

      https://tools.ietf.org/html/rfc3986#section-3.4

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    1 3 Next →
    • Don't see your idea?

    Feedback and Knowledge Base