Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support SSL certificates stored in Key Vault secrets for listeners and backend HTTP settings on Application Gateway

      Azure Web Apps support the ability to store an SSL certificate in a Key Vault secret. A certificate resource can be created that references the Key Vault secret. The App service will periodically check for an updated SSL certificate in the Key Vault. The Application Gateway needs to have the same support for storing the SSL certificates in the Key Vault. It should be able to reference a Key Vault secret that contains the SSL certificate in the listener and backend HTTP settings configuration. This capability will allow the management of SSL certificates for Application Gateway and the Web Apps…

      482 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      28 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      This is available now. Now users can reference SSL certificates from Key Vault in the Application Gateway. Also, it periodically checks for any updated certificate in the Key Vault and updates the certificate automatically (auto renewal). Read more about it here: https://docs.microsoft.com/en-us/azure/application-gateway/key-vault-certs

      Note: This is only supported for SSL Certificates in the listener and not for Backend authentication certificates or Trusted root certificates.

    2. Application Gateway Custom Error pages

      When all instances in the backendpool of the Application Gateway are failing health check the default response is a default error 502 page.

      It would be nice if this error is customable so that a page in a cool customer templace can be shown

      342 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      19 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Support for HTTP to HTTPS redirection for Application Gateway

      When using an Application Gateway to provide SSL offloading for applications hosted on IIS / IaaS, there is no native option to redirect HTTP requests to HTTPS. Without redirection or a listener on 80 for the host name, users receive a 404 response. This leads to developing a more complex network topology to handle inbound HTTP request to the host name.

      Possibly allow for an additional option on a listener, that will allow for returning a redirect HTTP code with the proper HTTPS URL, creating a clean/seamless experience for the end user.

      316 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      16 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Increase backend http setting limit on Application Gatway

      Application gateway has a backend http setting limit of 20.
      We want to use it in front of Service Fabric and legacy cloud applications.
      Each of our service fabric apps runs on its own port and so requires a probe, http setting and url rule.
      We exceeded the 20 fairly rapidly.

      311 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      25 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Integration with Key Vault Certificates

      It should be possible to select HTTPS certificates from Azure Key Vault. Since Azure Key Vault support auto-renewal of certificates, Application Gateway should also automatically update the certificates.

      231 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow Static Public IP Address

      Hi,
      We currently have VMSS running inside a public Load Balancer, that ensures all the apps have the same Public IP address. This is important for us, as we need to be able to publish our IP Addresses for all clients to whitelist.

      We really want to move to using the Application Gateway, but can't because it doesn't support static Public IP addresses.

      I don't believe there is a work around either?

      199 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Allow customization of Application Gateway WAF rule matching

      I would like to be able to selectively remove some cookies and some HTTP headers from all rule application scans, on a case by case basis.

      Problem Statement:
      The web application firewall functionality of the application gateway scans the entire HTTP message, without the ability to customize where the scan will occur.

      This leads to false positives where scan pattern matches will detect suspicious characters in URL encoded blobs like security or access tokens, or in other arbitrary places like cookies.

      The following Microsoft tools have caused this problem on my environment:
      - Kudu tools for web applications
      - API…

      175 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      20 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Add HTTP/2 support to Azure Application Gateway

      Add HTTP/2 support to Azure Application Gateway. HTTP/2 has been around for long enough that this should be supported by now. We were disappointed once again after spending time investigating Azure Application Gateway that this is not supported. We shouldn't have to go backwards to use this service.

      168 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Support for dropping port out of x-forwarded-for header

      Hi,

      I've seen some compatibility issues with the x-forwarded-for header as it comes in on the format IP:Port rather than just IP. It would be useful to be able to adjust this header to just provide IP without the port. I think this should be adjustable, so IP:Port or just IP being available options rather than just one or the other.

      This would help x-forwarded-for being easy to parse on systems that only expect the IP to be sent through.

      Thanks,

      Neil

      160 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Remove Server/Framework Headers From Application Gateway Responses

      For the sake of security, it would great if we could get the following tags removed from the AG responses:

      < Server: Microsoft-IIS/8.5
      < X-Powered-By: ARR/3.0
      < X-Powered-By: ASP.NET

      104 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. App Gateway to support an URL length which is greater than 2048 characters

      When running MVC applications with federated authentication with IdPs like Azure AD B2C, the OAuth response coming back from AD is always greater than 2048 character url length. This becomes limitation of AG as AG can not be used for application doing federated authentication with various IdPs including Azure AD B2C.

      Please remove the 2048 character limitation as well any other request size limitation which could truncate url as well as request body including cookies etc.

      102 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Support HSTS (HTTP Strict Transport Security) on Application Gateway

      There are no support concerning HSTS today, this is requested by many customers and they have to use 3rd party for accomplish it.

      101 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      This can now be accomplished using the new Header Rewrite capability in the V2 SKU. Please see the documentation here https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers#implement-security-http-headers-to-prevent-vulnerabilities
      Additionally, if you would like to get in touch with us to discuss your specific scenarios, please fill this form: https://aka.ms/ApplicationGatewayCohort

    13. Support EV SSL cerrtificates in application gateway

      Please support EV SSL certificates in Application Gateway. What is the reason they aren't supported already?

      97 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Azure Application Gateway x-forwarded-for remove port information

      x-forwarded-for header set by Azure Application Gateway now will have random port information along with client ip. It makes no sense. Please help to remove that.

      81 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      The port information can now be removed by rewriting the X-Forwarded-For header using the Header Rewrite capability (https://azure.microsoft.com/en-us/blog/rewrite-http-headers-with-azure-application-gateway) available with Application Gateway’s V2 SKU. Please see details here:
      https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers#remove-port-information-from-the-x-forwarded-for-header.

      Thanks,
      Abhave

    15. Custom error page for Application Gateway.

      I want to use custom page instead of deault error page (403) in APPGW.

      Use application gateway with prevent mode and SQL injection send to application gateway and then default error page (403) will be displayed.

      I want to use custom page instead of that default page.
      I hope that application gateway can have a feature to use custom page.

      73 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. About Idle Timeout on Application Gateway

      In case when the connection is done via Application Gateway, it shows no response when HTTP connection takes over 4 minutes.
      I predict the root cause of this issue is due to Azure’s Load Balancer, as it depends on limitations.
      Therefore, I ask you to change it so we can make the limitation optional.

      (Japanese)
      Application Gateway を経由した通信の場合、 4 分間を超える HTTP 通信が発生すると、応答を返さなくなる。
      この動作は、Load Balancer の制限に依存すると思われるが、これを任意で変更できるようにしてほしい。

      47 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Faster configuration updates

      I'm experimenting with using App Gateway as a frontend server to do URL routing to one Windows App Service and one Linux App Service, via the portal. I'm an hour in to this process because each and every step takes many minutes to complete.

      47 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      completed  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Enable configurable encryption cipher suites and priorities

      Legacy client applications that call our services are stuck on antiquated platforms like Java 1.6. These clients cannot use the latest/greatest TLS ciphers. There is no intersection of supported ciphers between vanilla Java 1.6 and those ciphers permitted by Application Gateway.

      Fighting to get customers to patch and upgrade their ERP and other systems in the name of security is often a time-consuming and losing battle.

      The ability to enable the ciphers of our choice, perhaps (dare I dream?) by source IP, would be an amazing boon to supporting legacy clients.

      38 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Allow web apps to be backend pools in application gateways

      Instead of requiring an App Service Environment, or Virtual Machines running IIS, allow us to put in the FQDN/IP Address of our Azure App Services.

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Display probe status in Application Gateway

      Troubleshooting 502 error is hard. It would be good to show probe status (success or fail) in somewhere.
      In case of custom probes, displaying an icon on each probe would be great. Green checkmarks for success or yello exclamation mark for failure.

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      completed  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base