Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support URL rewriting with Application Gateway

      PathBasedRouting is nice, but not super great without the ability to rewrite paths. I am trying to front a Service Fabric cluster, where multiple HTTP services live on http://+:80, at different path prefixes. Would be nice to use Application Gateway to direct https://api.company.com to http://cluster/api, and https://www.company.com to http://cluster/www

      831 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        started  ·  22 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow Mutual SSL Auth on Application Gateway

        At the moment SSL termination is possible with Application Gateway but it doesn't cater for instances where client authentication is required (mutual auth). So if client auth is required, SSL needs to be passed through and terminated on each of the web servers. This increases load across the server farm and makes management of certificates more difficult since all certs need to be maintained on all servers. I believe this function is available with API Management but the additional cost is hard to justify if one doesn't require the other additional features. So having mutual SSL auth capability built into…

        427 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          23 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
        • Application Gateway: Support wildcard hosts in listeners

          Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)

          So, to support this, we have a wildcard SSL certificate for each zone e.g. *.z1.contoso.com, *.z2.contoso.com.

          In order to have Application Gateway provide SSL termintation for us, we obviously need to create Multi-site listeners for port 443. Unfortuantely, the 'Host' field on the Multi-site listener does not accept wildcard entries. Furthermore, specifying the host name 'z1.contoso.com' does not appear…

          390 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            planned  ·  21 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
          • Let's Encrypt Integration for HTTPS certificates

            It should be possible to define a list of SSL hostnames. Application Gateway should automatically acquire and renew certificates for all given hostnames (most probably through the HTTP domain validation process).

            For every request, Application Gateway should use the correct certificate based on the hostname.

            Supporting multiple hostnames is critical to use Let's Encrypt with multi-site routing.

            378 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
            • Increase listener limit for Application Gateway

              Application gateway has a very low listener limit (20 listeners / certificates). This severely limits it's usefulness for multi-tenant/domain applications where a web farm / service hosts many endpoints. IIS itself has no such small limit, but due to constraints on certificate deployment in cloud services, Application Gateway is the only clear path to wide scale SNI based SSL hosting. With it's low limit, it does not come close to meeting our use case. I would suggest the limit be removed or set to a very high limit like 10k+ so many certificates could be bound to host many different…

              312 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                12 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
              • Increase backend http setting limit on Application Gatway

                Application gateway has a backend http setting limit of 20.
                We want to use it in front of Service Fabric and legacy cloud applications.
                Each of our service fabric apps runs on its own port and so requires a probe, http setting and url rule.
                We exceeded the 20 fairly rapidly.

                308 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  23 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                • Enable Multiple IP addresses for Azure Application Gateway

                  Azure Application Gateway is a nice Service for Load Balancing Layer 7 HTTP and HTTPS traffic. Today, we can only attribute one IP address (Public or Private) to the Application Gateway Deployment. It is fundamental that a Load Balancer can support multiple IP addresses to provide flexibility (Based on many customers feedback)

                  237 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                  • Support SSL certificates stored in Key Vault secrets for listeners and backend HTTP settings on Application Gateway

                    Azure Web Apps support the ability to store an SSL certificate in a Key Vault secret. A certificate resource can be created that references the Key Vault secret. The App service will periodically check for an updated SSL certificate in the Key Vault. The Application Gateway needs to have the same support for storing the SSL certificates in the Key Vault. It should be able to reference a Key Vault secret that contains the SSL certificate in the listener and backend HTTP settings configuration. This capability will allow the management of SSL certificates for Application Gateway and the Web Apps…

                    235 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      14 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                    • Azure Application Gateway WAF Mode Increase Limit on SecRequestBodyLimit

                      When we have the WAF set to prevention mode some of our HTTP post are denied with code 413.

                      Request body no files data length is larger than the configured limit (131072).. Deny with code (413)

                      Can you make these two settings configurable on the WAF?

                      SecRequestBodyLimit
                      SecRequestBodyNoFilesLimit

                      Thanks
                      Mark

                      197 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        10 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                      • Integration with Key Vault Certificates

                        It should be possible to select HTTPS certificates from Azure Key Vault. Since Azure Key Vault support auto-renewal of certificates, Application Gateway should also automatically update the certificates.

                        191 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                        • Allow Static Public IP Address

                          Hi,
                          We currently have VMSS running inside a public Load Balancer, that ensures all the apps have the same Public IP address. This is important for us, as we need to be able to publish our IP Addresses for all clients to whitelist.

                          We really want to move to using the Application Gateway, but can't because it doesn't support static Public IP addresses.

                          I don't believe there is a work around either?

                          163 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                          • Hibernate/pause a resource group or subscription

                            After talking to one of your Senior Support Engineers, they suggested I made a feature request for this.

                            I'd like to be able to pause, hibernate or otherwise stop a resource group or subscription so that it incurs minimal costs when not in use. I'm suggesting resource group or subscription as one may be easier to implement than the other. Ideally this would be done through ARM but I’d settle for doing it via PowerShell if needed.

                            I appreciate that VMs can be deallocated but we found that a customer's solution was still using approximately £200 a month due to…

                            156 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                            • Allow customization of Application Gateway WAF rule matching

                              I would like to be able to selectively remove some cookies and some HTTP headers from all rule application scans, on a case by case basis.

                              Problem Statement:
                              The web application firewall functionality of the application gateway scans the entire HTTP message, without the ability to customize where the scan will occur.

                              This leads to false positives where scan pattern matches will detect suspicious characters in URL encoded blobs like security or access tokens, or in other arbitrary places like cookies.

                              The following Microsoft tools have caused this problem on my environment:
                              - Kudu tools for web applications
                              - API…

                              151 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                15 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                              • Support for dropping port out of x-forwarded-for header

                                Hi,

                                I've seen some compatibility issues with the x-forwarded-for header as it comes in on the format IP:Port rather than just IP. It would be useful to be able to adjust this header to just provide IP without the port. I think this should be adjustable, so IP:Port or just IP being available options rather than just one or the other.

                                This would help x-forwarded-for being easy to parse on systems that only expect the IP to be sent through.

                                Thanks,

                                Neil

                                131 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  under review  ·  7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                • WAF file size limit to be increased

                                  Currently as the WAF limit is set to 100mb, we cannot process our large files which could hit 500mb for example.

                                  Can you please increase the WAF file silze limit? To possibly 1GB / 2GB

                                  122 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Authentication support for application gateway

                                    For lift & shift of legacy systems, application gateway is very useful as we have different kinds of backends (VMs, service fabric, other PaaS services, etc.). The only missing capability is authentication, so we have to implement and configure authentication in various services, which is a big overhead. Otherwise, we have to give up application gateway but set up Nginx VMs instead.

                                    I have also looked at Azure API Gateway, but it seems to be too specialized for public APIs but our services also service static contents and ever-changing private APIs without swagger definition.

                                    105 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Is it possible to expose Azure blob storage via Application Gateway

                                      Expose Azure blob storage via Application Gateway.

                                      I would like to remove public access for Azure Blob and only make it accessible via virtual network. The Azure Application Gateway will be public facing which does the SSL termination and forwards the request to blob.

                                      This would allow scanning for malicious content via virtual appliances before content is stored in blob.

                                      97 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Support chunked file transfers through Azure Application Gateway + WAF

                                        This is an issue with the WAF's configuration of OWASP.

                                        When the WAF is in protection mode, it is currently not possible to use the js File API to upload files in a chunked manner to an application behind the Application Gateway. Some of the "chunks" get blocked by the firewall (see attached). This doesn't happen to all chunks but it is common enough that a 100mb file will probably encounter the issue.

                                        I have created a barebones test website which reproduces the issue here: https://github.com/elexisvenator/AzureWAF-chunked-upload-test

                                        I have contacted the OWASP ModSecurity project, who have responded that the Firewall rule…

                                        77 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          under review  ·  2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Support EV SSL cerrtificates in application gateway

                                          Please support EV SSL certificates in Application Gateway. What is the reason they aren't supported already?

                                          76 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Support IPv6 in Application Gateway front-end public IP

                                            Support IPv6 in Application Gateway front-end public IP

                                            74 votes
                                            Vote
                                            Sign in
                                            Check!
                                            (thinking…)
                                            Reset
                                            or sign in with
                                            • facebook
                                            • google
                                              Password icon
                                              Signed in as (Sign out)
                                              You have left! (?) (thinking…)
                                              planned  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                            ← Previous 1 3 4 5
                                            • Don't see your idea?

                                            Feedback and Knowledge Base