Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support WebSocket connections on Azure Front Door

      Add support for WebSocket connections with load balancing on Azure Front Door

      999 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      29 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    2. Front Door: Geo-based traffic routing

      Our application suite currently relies on Azure Traffic Manager to direct traffic from clients to App Services in different Azure Regions based on the clients' geographical origin (IP location).

      Traffic Manager works on the DNS name resolution level, not on the HTTP level, and therefore Traffic Manager has no way to identify the CLIENT IP address, rather the DNS SERVER that the client is configured to use through its IP-configuration (that was typically assigned to the CLIENT in the DHCP IP Lease).

      Since Traffic Manager can't detect clients' IP adresses and thereby geolocations, this is not precise enough or us;…

      74 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    3. Vnet Support for FrontDoor

      Vnet support for Ftrontdoor. The same way as with a WebApp in Azure.

      84 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow Azure Tags to be updated after the Azure Front Door has been created

      Currently Azure Front Door only supports adding Tags when the AFD resource is created. Ideally, and inline with all other Azure Resources it should allow tags to be updated at any point during the resources lifetime.

      174 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    5. Enable FrontDoor managed certificates for wildcard domains

      Right now FrontDoor accepts wildcard domains but we have to bring our own certificates.

      https://docs.microsoft.com/en-us/azure/frontdoor/front-door-wildcard-domain
      > Currently, only using your own custom SSL certificate option is available for enabling HTTPS for wildcard domains. Front Door managed certificates cannot be used for wildcard domains.

      Having FD manages all SSL matters is a time saver for us!

      40 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow front door service URL Rewrite to file instead of path

      Reopening https://feedback.azure.com/forums/217313-networking/suggestions/36442486-allow-front-door-service-url-rewrite-to-file-inste as it was marked as closed when it is not supported

      As original idea:
      "Allow URL Rewrite to rewrite a path to a file. This would enable users to host single page applications using front door."

      In a SPA application (Angular, Vue or React), we need requests paths to be rewritten to a single file (i.e. /index.html) as routing is managed by the application itself in JS code.

      The problem occurs when someone tries to access SPA URLs. Azure Front Door forwards to resources which don't exist and 404 response is returned which causes serious issues with many…

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    7. Expand Azure Front Door Compression Support

      Currently AFD only performs compression when CDN caching is enabled and when the cached files are 8MB or less in size.

      These two limitations create problems in some scenarios - especially when large 3rd party JavaScript libraries are being leveraged and an external CDN can't be used for those libraries.

      Please allow for compression to be enabled independently of caching, and allow for files larger than 8MB to be compressed.

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    8. API ability to determine when Azure Front Door replication has succeeded to the POP servers

      When making backend changes to Front Door, there is no way to determine when this change has succeeded, nor is there any SLA provided for how long this could take. There needs to be a way via API that we can know for sure replication to the POP servers has succeeded (or failed).

      36 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Frontdooor - TLS mutual authentication - X-ARR-ClientCert

      Allow Frontdoor to inject the client certificate into request header: X-ARR-ClientCert similar to App Services.

      https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth

      293 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      10 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    10. Azure Front Door needs to do name checking on custom Azure web app SSL certificates

      If you have an Azure web app with a custom domain certificate, that has been working fine for a long time, then you move that wep app behind an Azure Front Door front end, the SSL certificate presently bound to the web app breaks Front Door. Front Door "add a front end" should check that the name used by the HTTPS probe to determine back end health matches the name on the custom domain certificate at that moment.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. Support rewriting HTTP headers

      In order to have more control over accessing multiple services through one facade provided by Front Door it'd be nice to have an opportunity to rewrite/add some HTTP headers when it's needed. Using rewriting it'd be possible to protect apps by creating some checks on added header value (e.g. 'x-frontdoor-key') on the app side. It'd make possible to be sure that all request are coming through WAF

      90 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  6 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    12. Azure Front Door WAF should scan POST requests with content-type multipart

      At the moment the Azure Front Door WAF does not scan for XSS threats when the request going through FD is of content-type multipart. This was advised this is the case by the Microsoft Support team. For example, if I send the following request through Azure Front Door with OWASP DefaultRuleSet enabled on its WAF:
      POST:

      content-type: multipart/form-data; boundary=----WebKitFormBoundaryriZKfNGOPKHI8rWO

      Form Data:
      958127ef-8053-4054-811e-49d54be8a09f: <script>alert('hello');</script>

      The WAF does not detect the XSS threat simply because of the content-type.

      This is fundamental to have in a service dedicated to protect backend systems. I am conscious this is currently being worked, however what is…

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Enable Azure Front Door managed certificates in ARM Templates

      Azure Front Door is GA. We really want to use it throughout our build/release cycles. We are not able to do so because it is not possible to setup the custom domain AFD managed certs via ARM templates. When will this be available.

      151 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    14. Intermediate CNAME for custom domain on FrontDoor

      Custom domains on Front Door and App service do not work the same way.

      Custom domains on Front Door and App service do not check DNS records for custom domains in the same way.

      My usecase:
      - I have hundreds of clients with custom domains they have registered on their own (like myclient.com)
      - My clients use www.myclient.com to access our services
      - My company owns mycompany.com
      - I've asked them to add a CNAME like this: www IN CNAME client.mycompany.com
      - I've setup this record: client.mycompany.com IN CNAME mycompany.azurewebsites.net
      - We are using custom domains on App service with…

      221 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. HTTP -> HTTPS redirect routing shouldn't count in the price

      The current pricing of Azure Front door service is $0.03 per hour per routing rule (~27$ per month per routing rule). Adding a rule for simple HTTP -> HTTPS redirect immediately increases the cost by $27 per month.
      Who am I to suggest prices, but I think it would be nice if a simple HTTP -> HTTPS redirect didn't count in pricing.

      95 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    16. Add X-Azure-Client-IP-Country header to headers set by Front Door

      It would be really nice to have the country of the originating IP adress of the request available in the request headers, similar to Cloudflare's X-CF-IPCountry header.

      While Azure Front Door does provide routing rules depending on country, in my case the route is accessible globally but validation depends on the country of the originating IP address. Having it available in the header saves me an additional call to an IP Geolocation service.

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    17. Allow RegEx Search Patterns for URL Path Patterns in Front Door Rules, and Multiple Wildcards

      Right now, Azure Front Door URL Path Patterns support matching through only one wildcard (asterisk)
      that currently must be preceded by a slash and must appear at the very end of the URL Path Pattern.
      This is still true as of September 1, 2019.

      For some use cases, it is crucial to have much more control over each URL path pattern, than the current existing functionality in Azure Front Door.

      We would like to see the possibility to have more versatile rules in Azure Front Door, including both of the following:

      1) The ability to place more than one wildcard…

      78 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    18. Front Door Managed SSL for Apex Domain

      While you can add an apex domain by changing your name servers to Azure DNS and utilizing an alias record (similar to traffic manager), front door does not allow for "Front Door Managed" SSLs for the apex domain. As this will be one of the most required SSLs (since it's very rare for a company not to redirect the apex to www.***.com or vice versa), it would be very useful to not have to purchase a cert for this purpose since free managed SSL is a very big selling point for Front Door. Please add this, otherwise almost all customer…

      133 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    19. Azure Front Door - Routing based on Query string parameters

      It seems Azure Front Door does not support Pattern matching on the basis of Query string parameters.

      Is there a way i can redirect requests bases on value of url parameter?

      ex: https://www.contoso.com/api/page1?type=EU

      Parameter "type" can have multiple values, if the value is "EU", the AFD should redirect to https://eu.contoso.com.
      if the value is "US", the AFD should redirect to https://us.contoso.com.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    20. Add additional Authorized CA for custom Certificate in Azure Front Door

      Actually it is possible to bring a custom certificate for custom domain name in Azure Front Door. Unfortunately, there is a restricted list of authorized CA (cf. https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https). CA like Lets Encrypt (https://letsencrypt.org/) are not in the list. Is possible to add it ?

      223 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      14 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base