Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Let's Encrypt Integration for HTTPS certificates

      It should be possible to define a list of SSL hostnames. Application Gateway should automatically acquire and renew certificates for all given hostnames (most probably through the HTTP domain validation process).

      For every request, Application Gateway should use the correct certificate based on the hostname.

      Supporting multiple hostnames is critical to use Let's Encrypt with multi-site routing.

      508 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. WAF file size limit to be increased

      Currently as the WAF limit is set to 100mb, we cannot process our large files which could hit 500mb for example.

      Can you please increase the WAF file silze limit? To possibly 1GB / 2GB

      142 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Support chunked file transfers through Azure Application Gateway + WAF

      This is an issue with the WAF's configuration of OWASP.

      When the WAF is in protection mode, it is currently not possible to use the js File API to upload files in a chunked manner to an application behind the Application Gateway. Some of the "chunks" get blocked by the firewall (see attached). This doesn't happen to all chunks but it is common enough that a 100mb file will probably encounter the issue.

      I have created a barebones test website which reproduces the issue here: https://github.com/elexisvenator/AzureWAF-chunked-upload-test

      I have contacted the OWASP ModSecurity project, who have responded that the Firewall rule…

      106 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Support server-sent events

      Azure Application Gateway apparently does not support server-sent events. This surprised me, since SSE really is just http. However after quite a bit of testing, and asking on the forum, I can confirm it does not.

      SSE is an arguably better way of doing server push than websockets, which is a lot more complex. We rely heavily on it, so hope it will be prioritized.

      Best regards,
      Alf

      94 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Add effective route for gateway subnet UDR

      Allow effective routes to be viewed for troubleshooting when a UDR is applied to a gateway subnet

      57 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. When Azure-application-gateway will update with support of TLS 1.3

      Akamai-CDN recommended with TLS 1.3 but Azure-application-gateway is not available with the same.
      Due to this issue, we have see url-access issue over Akamai.
      So we have moved to Azure-traffic-manager\Azure-Load balancer.

      56 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Feature request: Changing idle timeout for Application Gateway with private IP address.

      Currently we can specify timeout only to a public IP address of Application Gateway. But we can’t change the timeout of a private IP of Application Gateway. Can you add a new feature to allow us to specify timeout for private IP address too.

      51 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. There is no way for us to find the private IP assigned for the application gateway in the back end. Hence please improve this feature.

      There is no way for us to find the private IP assigned for the application gateway in the back end. Hence please improve this feature. Please have it enabled for the GUI, so that this can be use full to troubleshoot any network issues.

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Capability to apply WAF rules to each path rule.

      One of the customer wants capability to apply WAF rules to each path. Can you consider that?

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Application Gateway should support OAuth2 and/or JWT token validation

      Azure Application Gateway should support OAuth2 and/or JWT token validation so it can be used as a reverse proxy.

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. HEAD requests to monitor health

      It would be nice to be able to use HEAD requests for health monitoring instead of full GET

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Is it possible to disable http 1.0 protocol in Azure App Gateway?

      If the request is sent as HTTP 1.0 with a blank host header, the server may respond with its own internal IP (10.x.x.x) in the Location Header. This results in the internal IP address of the Real Server being exposed.

      E.g.
      Location: https://10.19.xx.***/

      17 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Add MTOM support to the Microsoft WAF

      We currently have a use case for utilizing MTOM to more efficiently transmit binary data in a SOAP-based service.

      We are also trying to place the application behind a Microsoft WAF in Azure, but are unable to do so due with the WAF in prevention mode as the WAF does not currently support/allow MTOM requests.

      We reached out to Azure support and were told that:

      "MTOM is not supported and it's not yet on implementations plans".

      We are requesting that the Microsoft WAF team add support for making MTOM calls to a service that go through the WAF.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. support ESI (Edge Side Includes) in the Application Gateway and CDN like Vanish or Akamai.

      ESI can be a great feature for server side content based integration ( transclude of html fragments ) in a microservice architecture. For more information please read : ( https://gustafnk.github.io/microservice-websites/#integrating-on-content ).

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Application Gateway Disable Probe

      It's impossible to host non-HTTP processes behind an application gateway due to the health probes. I run a Service Fabric cluster and want the TCP management endpoint (19000) to be available through the gateway so I can take advantage of other offerings. The endpoint is marked as dead since it doesn't respond to HTTTP/S requests. If the AGW could support TCP health checks or allow marking a service as always-up I could accomplish my goal.

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Show domain in logs

      The access logs for the application gateway only show the routes. We use a single gateway to host multiple sites and some have similar folder structures, this makes evaluating access and tracing issues a bit difficult. It would be great if the actual domain (http://www.something.com) was listed in there too.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Support traffic fork/shadowing/mirror on application gateway.

      Support traffic fork/shadowing/mirror on application gateway. Sometimes we need send shadow traffic to a testing/staging environment, and the best place to do this is layer 7 load balancer..

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Application Gateway: SSL Offload: OWASP Header support

      Application Gateway: SSL Offload: OWASP Header support

      When using an Application Gateway to provide SSL offloading, there are no OWASP security header options. Without them, sites using ssl offloading will remain vulnerable to multiple attacks.

      Adding a security headers section to the WAF rules area will allow these to be set for SSL offload sites (and ssl passthrough ideally also). Alternately, these could be tied to each listener or the ssl policy.

      This would allow sites that depend on these headers for COMPLIANCE in their industry to use this product without having to configure an expensive workaround for this basic…

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Headers to identify health monitoring requests

      My ApplicationInsights logs show all the health requests done by AG to monitor the health of the system.
      I'd like to have the possibility to recognize health requests through specific headers so that I can skip standard HTTP pipeline and immediately return 200 status code, without logging the request

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Streamline SSL Certificate Renewal

      I have a SAN SSL certificate that contains 6 different addresses, these each have their own listeners etc. To apply a renewed certificate today I've spent 4hours with Azure support, adding the new certificate, updating each site to use the new certificate one by one, and then going through the HTTPSettings and changing the certificate over in there for each site as well.
      In IIS this is much simpler, I add the new certificate and update the binding on one website and all sites are updated - done, in 1minute.
      In summary making it quicker and simpler to update a…

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1
    • Don't see your idea?

    Feedback and Knowledge Base