How can we improve Azure Networking?

Application Gateway: Support wildcard hosts in listeners

Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)

So, to support this, we have a wildcard SSL certificate for each zone e.g. *.z1.contoso.com, *.z2.contoso.com.

In order to have Application Gateway provide SSL termintation for us, we obviously need to create Multi-site listeners for port 443. Unfortuantely, the 'Host' field on the Multi-site listener does not accept wildcard entries. Furthermore, specifying the host name 'z1.contoso.com' does not appear to cover all subdomains on z1.contoso.com.

So, in order to support this flow, we would be forced to to create a new Listener for *each* customer DNS zone we create. And as I'm sure you're aware, this is a **SLOW** operation, and presents scaling/throttling issues.

The inability to specify wildcards in the multi-site listener's Host field is preventing us from adopting Application Gateway.

589 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Steven shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

26 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Benjamin Mitchell commented  ·   ·  Flag as inappropriate

    Nearly 2 years later and this is only planned.. I'm not sure why you would even release AppGW without this functionality. Like many other commentators - we've ended up on nginx+modsecurity for a working solution.

  • Martin Francis commented  ·   ·  Flag as inappropriate

    I completely agree. The lack of wild card support in "hostname" field is a major hindrance.
    Here is what I want to use AG for.
    I want to front end AG for several AKS (Kubernetes clusters). I want to be able to route http(s) traffic to individual AKS clusters depending on wild card in the hostname.
    For instance: I want to
    route *.ecom.constoso.com --> AKS Cluster1
    *.b2b.constoso.com ---> AKS Cluster 2
    currently AG can not do that. So I am having to specify each and every hostname in the Application gateway.
    for instance
    shippingsvc.ecom.contoso.com --> AKS Cluster1
    receivingsvc.ecom.contoso.com --> AKS Cluster1
    orderingsvc.ecom.contoso.com --> AKS Cluster1

    This is painful and not productive.

  • GG commented  ·   ·  Flag as inappropriate

    Give us a schedule for this show-stopper feature please.

  • J commented  ·   ·  Flag as inappropriate

    I agree, this is a major blocker and should be prioritized on the product team's backlog.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This is a major blocker to implementing on Azure. We have 100's or 1000's of mini-sites with custom sub-domains to distinguish them. Application Gateway is not scalable - dead in the water.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This is a showstopper for us and app gateway. We have a saas app with many subdomains.

  • Mike Ripberger commented  ·   ·  Flag as inappropriate

    This has been planned for over a year! This is really necessary for SaSS types of apps. It's unclear if you can even do this at scale with APIs.

  • Naveen Kanukuntla commented  ·   ·  Flag as inappropriate

    I have SharePoint Web front Ends that host apps and they need a wildcard domain to route app traffic. To be able to use Application Gateway for my SharePoint Farm I need to be able to route wildcarded subdomain to a specific set of IPs and due to this I am not able to host my SharePoint Farm in Azure.

  • David Schlum commented  ·   ·  Flag as inappropriate

    Just ran into this today. I have a multi-site CMS that supports subdomains for different sites. It would be ideal to be able to configure *.domain.com so that I don't have to set up separate listeners for every site. I also like the idea of at least giving me the option of specifying multiple hosts per listener. AND, why in the world am I only limited to 20 listeners??

  • Chris Bennett commented  ·   ·  Flag as inappropriate

    Is there any update on this? Seems to have been in planned for a while now and is certainly a feature we would appreciate right now.

  • Ryan Kelley commented  ·   ·  Flag as inappropriate

    Any updates on the status of this? We run a saas application that has thousands of subdomains, this appears to be the only limiting factor keeping us from being able to utilize Application gateway

  • Pedro Costa commented  ·   ·  Flag as inappropriate

    Yup, during R&D just stumbled upon this one myself, can't use Application Gateway until it's implemented.

  • iyerusad commented  ·   ·  Flag as inappropriate

    In the vein of wildcard for host name, I would ask for support of multiple host names per listener (ie. website.com and promowebsite.com). Creating individual listeners per hostname is wasteful and cludgy from a maintenance perspective given a scenario where you want multiple hostnames to direct to same configuration.

← Previous 1

Feedback and Knowledge Base