Application Gateway: Support wildcard hosts in listeners
Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)
So, to support this, we have a wildcard SSL certificate for each zone e.g. *.z1.contoso.com, *.z2.contoso.com.
In order to have Application Gateway provide SSL termintation for us, we obviously need to create Multi-site listeners for port 443. Unfortuantely, the 'Host' field on the Multi-site listener does not accept wildcard entries. Furthermore, specifying the host name 'z1.contoso.com' does not appear to cover all subdomains on z1.contoso.com.
So, in order to support this flow, we would be forced to to create a new Listener for *each* customer DNS zone we create. And as I'm sure you're aware, this is a **SLOW** operation, and presents scaling/throttling issues.
The inability to specify wildcards in the multi-site listener's Host field is preventing us from adopting Application Gateway.
We have started working on this feature and will announce this as soon as it’s ready.
Benjamin Mitchell commented
Nearly 2 years later and this is only planned.. I'm not sure why you would even release AppGW without this functionality. Like many other commentators - we've ended up on nginx+modsecurity for a working solution.
Fletcher Bayley commented
Is this still not implemented? Sadly, I've just come across the requirement for this feature too.
Martin Francis commented
I completely agree. The lack of wild card support in "hostname" field is a major hindrance.
Here is what I want to use AG for.
I want to front end AG for several AKS (Kubernetes clusters). I want to be able to route http(s) traffic to individual AKS clusters depending on wild card in the hostname.
For instance: I want to
route *.ecom.constoso.com --> AKS Cluster1
*.b2b.constoso.com ---> AKS Cluster 2
currently AG can not do that. So I am having to specify each and every hostname in the Application gateway.
shippingsvc.ecom.contoso.com --> AKS Cluster1
receivingsvc.ecom.contoso.com --> AKS Cluster1
orderingsvc.ecom.contoso.com --> AKS Cluster1
This is painful and not productive.
[Deleted User] commented
Lack of this feature in Application Gateway has forced us to use NGINX+ instead.
Give us a schedule for this show-stopper feature please.
I agree, this is a major blocker and should be prioritized on the product team's backlog.
This is a major blocker to implementing on Azure. We have 100's or 1000's of mini-sites with custom sub-domains to distinguish them. Application Gateway is not scalable - dead in the water.
Similar post that targets a wider scope than Application gateway, in our case we would need this feature on Front door service :
Cesar Laforet commented
Same here... implementation is dead without this.
Satish K Maila commented
It's a major blocker for our implementation. Like to know the status on this.
Any update on the status of this item?
This is a showstopper for us and app gateway. We have a saas app with many subdomains.
Mike Ripberger commented
This has been planned for over a year! This is really necessary for SaSS types of apps. It's unclear if you can even do this at scale with APIs.
Naveen Kanukuntla commented
I have SharePoint Web front Ends that host apps and they need a wildcard domain to route app traffic. To be able to use Application Gateway for my SharePoint Farm I need to be able to route wildcarded subdomain to a specific set of IPs and due to this I am not able to host my SharePoint Farm in Azure.
David Schlum commented
Just ran into this today. I have a multi-site CMS that supports subdomains for different sites. It would be ideal to be able to configure *.domain.com so that I don't have to set up separate listeners for every site. I also like the idea of at least giving me the option of specifying multiple hosts per listener. AND, why in the world am I only limited to 20 listeners??
Chris Bennett commented
Is there any update on this? Seems to have been in planned for a while now and is certainly a feature we would appreciate right now.
Ryan Kelley commented
Any updates on the status of this? We run a saas application that has thousands of subdomains, this appears to be the only limiting factor keeping us from being able to utilize Application gateway
Pedro Costa commented
Yup, during R&D just stumbled upon this one myself, can't use Application Gateway until it's implemented.
This is a major requirement for us and we are stuck. When is this going to be available do we have a date please
Amazon supports this with additional features:
In the vein of wildcard for host name, I would ask for support of multiple host names per listener (ie. website.com and promowebsite.com). Creating individual listeners per hostname is wasteful and cludgy from a maintenance perspective given a scenario where you want multiple hostnames to direct to same configuration.