Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Enable OWASP secure headers on Azure FrontDoor service

      Requesting Front Door be supporting OWASP secure headers (https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers)?
      Currently, our POC website using Azure FrontDoor fails many OWASP header tests, especially when Front Door would claim to protect against few OWASP attacks.
      Appreciate that these be on the FrontDoor roadmap in very near future.

      OWASP HTTP Secure Headers
      ------------------------------
      HTTP Strict Transport Security (HSTS)
      Public Key Pinning Extension for HTTP (HPKP)
      X-Frame-Options
      X-XSS-Protection
      X-Content-Type-Options
      Content-Security-Policy
      X-Permitted-Cross-Domain-Policies
      Referrer-Policy
      Expect-CT
      Feature-Policy

      150 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    2. Support wildcard hosts in custom hostnames

      Many of current SaaS applications enable customers to select it`s own subdomain in order do have a personalized url.

      So let's say I own contoso.com and I let my customers select any subdomain (*.contoso.com) like:

      foo.contoso.com
      bar.contoso.com

      That's cool with a couple customers but when you have a large system it's not doable setup one by one, even that you can automate that.

      The ideal solution would be allowing custom hostname field to bind a wildcard domain, in this example *.contoso.com

      There's a similar idea for Application Gateway that has been for a while (https://feedback.azure.com/forums/217313-networking/suggestions/19527121-application-gateway-support-wildcard-hosts-in-lis)

      Similar products on…

      138 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    3. Custom error pages in Azure Front Door

      As for Application Gateway, we need to be able to customize the error page displayed when the access to an url is refused by an ip restriction rule.

      See : https://feedback.azure.com/forums/217313-networking/suggestions/18749326-application-gateway-custom-error-pages

      109 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow configurable timeout period for Front Door

      Currently Front Door forces a 30 second timeout for backend requests. This can severely restrict the usefulness of the service in production systems. It would be great to have the timeout period configurable to allow for a longer period of time. My understanding is that the Azure Load Balancer, which sits in a similar space as Front Door, defaults to a 4 minute timeout period.

      82 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  6 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    5. Add additional Authorized CA for custom Certificate in Azure Front Door

      Actually it is possible to bring a custom certificate for custom domain name in Azure Front Door. Unfortunately, there is a restricted list of authorized CA (cf. https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https). CA like Lets Encrypt (https://letsencrypt.org/) are not in the list. Is possible to add it ?

      71 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. Support WebSocket connections on Azure Front Door

      Add support for WebSocket connections with load balancing on Azure Front Door

      65 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    7. Configurable back-end health check aggressiveness

      Related thread:
      https://social.msdn.microsoft.com/Forums/en-US/75cfb536-71f6-4c88-ac80-ec693f3e6229/azure-front-door-healthcheck-frequency?forum=WAVirtualMachinesVirtualNetwork

      Behind my frontdoor are two "back-ends", each consists of a single web app.

      For each back-end I have configured a health check with interval of 120 seconds. My expectation was that this leads to roughly 30 requests per hour.

      In reality, my application insights shows 64000 requests in the past 24 hours, that's more than 40 requests per minute! A live traffic log confirms this: I see health check requests come in almost every second...

      With the current behavior there is hardly any correlation with the configured "Interval" setting.

      It would be great if there was an…

      48 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  5 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    8. Provide option to change which TLS versions are supported

      Provide option to change which TLS versions are supported - similar to the Azure App Service. This will allow for use of Front Door with PCI compliant apps.

      39 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Intermediate CNAME for custom domain on FrontDoor

      Custom domains on Front Door and App service do not work the same way.

      Custom domains on Front Door and App service do not check DNS records for custom domains in the same way.

      My usecase:
      - I have hundreds of clients with custom domains they have registered on their own (like myclient.com)
      - My clients use www.myclient.com to access our services
      - My company owns mycompany.com
      - I've asked them to add a CNAME like this: www IN CNAME client.mycompany.com
      - I've setup this record: client.mycompany.com IN CNAME mycompany.azurewebsites.net
      - We are using custom domains on App service with…

      30 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. Confirguration of caching rules in Front Door

      Allow configuration of content caching rules similar to how Azure CDN (Akamai) and Azure CDN (Verizon). This will allow better support of leveraging Front Door with Azure Storage Static Websites where it is impractical to set cache-control on a per-item basis.

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. Frontdooor - TLS mutual authentication - X-ARR-ClientCert

      Allow Frontdoor to inject the client certificate into request header: X-ARR-ClientCert similar to App Services.

      https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    12. Front Door Managed SSL for Apex Domain

      While you can add an apex domain by changing your name servers to Azure DNS and utilizing an alias record (similar to traffic manager), front door does not allow for "Front Door Managed" SSLs for the apex domain. As this will be one of the most required SSLs (since it's very rare for a company not to redirect the apex to www.***.com or vice versa), it would be very useful to not have to purchase a cert for this purpose since free managed SSL is a very big selling point for Front Door. Please add this, otherwise almost all customer…

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    13. Azure Front Door support for self-signed certificates on backend origins

      It would be great to be able to use self-signed certificates on the backend pool VM's, Cloud Services, etc, but continue to use a Public CA signed certificate for the Frontend host.
      Especially for Dev/Test environments where the default *.azurefd.net front-end domain/certificate is suitable for testing purposes and traffic to the back-end pool should be across https. It would save needing to buy and install certificates for dev/test environments.
      Or, perhaps long-life "origin certs" could be issued by Front Door to be used on the back-end pool. Similar to Cloudflare's Origin Certs concept where the issued certs are trusted by…

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    14. Increase limit of custom domains per front door

      There is a limit of 100 custom domains per front door.
      This works well for apps that only require only a handful of domains, but SaaS applications often require it's customers to be on their own domain. This limitation currently prevents SaaS platforms using Azure FrontDoor.

      Alternative platforms such as Cloudflare or AWS Cloudfront already support a very large number of custom domains.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. Add option to detach specific files from the Azure Front Door dynamic cache

      When you host a SPA (Single Page Application) on an Azure Blob storage with Azure Front Door (with dynamic caching activated):

      Everytime you release a new version of the app, users have to force-reload the page in order to get the new version.
      Because the links to the new assets (like main.***.js, ...) are located in the index.html, which has been cached.

      I was able to solve it:
      1. Let the Azure CLI set the Cache-Control header to "no-cache" on the index.html after pushing it to the blob storage:
      az storage blob update --account-name $(storageAccount) --container $web --name index.html --content-cache-control…

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    16. [Azure Front Door Service]Support password protected PFX

      Support password protected PFX for HTTPS

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    17. Allow adding custom hostnames before DNS CNAME is set up on Azure Front Door

      Allow adding custom hostnames before DNS CNAME is set up. That way we could prepare the Front Door configuration before setting it live on our domain. This is useful for scenarios when some transitions to Front Door (for example from Traffic Manager) with a domain which is already in use in production.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    18. Azure Front Door to support certificates from SwissSign CA

      We use SwissSign as our certificate vendor. These certificates are trusted by most devices and operating systems, incuding Windows 10 and Azure Application Gateway.

      When it comes to Azure Front Door they don't seem to be trusted.

      For us to be able to buy/use the Azure Front Door service we need for it to support our certificates that we use on our backend servers.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    19. Challenges in making AFD Work as a CDN for on prem resources

      We would like to use the AFD's WAFs capability and CDN for protecting our on premise farm

      We will need to create the service on AFD and have Backend access via an IP and Backend header
      Conceptually and by design the service should be able to do it
      Challenges:

      0. On a single IP we have many Names that are published in HTTPS only, a single certificate with SAN entry for all the names
      The IP address normally does not respond to any request and give a 403

      We have modified the IP to respond with 200 for HTTP
      but…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    20. Custom error pages for Azure Frontdoor

      Allow us to configure custom error pages in Frontdoor. Ie, whenever I deploy my app, there's a momentary blip on the restart where Frontdoor displays a generic "Our services aren't available now". It would be nice to be able to configure this - either a custom message or fully link over to a static page in a storage account.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1
    • Don't see your idea?

    Feedback and Knowledge Base