Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Add Custom Apex (Naked) Domains as front end hosts for Azure Front Door Service

      Azure Front Door Service is currently missing the ability to onboard Apex (Naked) Domains e.g. https://contoso.com https://example.com

      It runs on Anycast IP addresses that seem globally consistent for the Frontend host (something.azurefd,net)

      So why not allow me to onboard an Apex domain to the service by creating DNS A and / or AAAA records at the custom zone apex that point to the allocated Anycast IPs? (CNAMEs are not supported at the Zone Apex)

      If the answer is that the Anycast IPs aren't allocated in perpetuity please fix that first then add this feature!

      88 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        started  ·  7 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow an HTTP to HTTPS redirect on Azure Front Door

        Allow an HTTP to HTTPS redirect on Azure Front Door.

        80 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          started  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
        • Custom error pages in Azure Front Door

          As for Application Gateway, we need to be able to customize the error page displayed when the access to an url is refused by an ip restriction rule.

          See : https://feedback.azure.com/forums/217313-networking/suggestions/18749326-application-gateway-custom-error-pages

          72 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            planned  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
          • Support wildcard hosts in custom hostnames

            Many of current SaaS applications enable customers to select it`s own subdomain in order do have a personalized url.

            So let's say I own contoso.com and I let my customers select any subdomain (*.contoso.com) like:

            foo.contoso.com
            bar.contoso.com

            That's cool with a couple customers but when you have a large system it's not doable setup one by one, even that you can automate that.

            The ideal solution would be allowing custom hostname field to bind a wildcard domain, in this example *.contoso.com

            There's a similar idea for Application Gateway that has been for a while (https://feedback.azure.com/forums/217313-networking/suggestions/19527121-application-gateway-support-wildcard-hosts-in-lis)

            Similar products on…

            67 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              planned  ·  1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
            • Enable OWASP secure headers on Azure FrontDoor service

              Requesting Front Door be supporting OWASP secure headers (https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers)?
              Currently, our POC website using Azure FrontDoor fails many OWASP header tests, especially when Front Door would claim to protect against few OWASP attacks.
              Appreciate that these be on the FrontDoor roadmap in very near future.

              OWASP HTTP Secure Headers
              ------------------------------
              HTTP Strict Transport Security (HSTS)
              Public Key Pinning Extension for HTTP (HPKP)
              X-Frame-Options
              X-XSS-Protection
              X-Content-Type-Options
              Content-Security-Policy
              X-Permitted-Cross-Domain-Policies
              Referrer-Policy
              Expect-CT
              Feature-Policy

              32 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                planned  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
              • Allow front door service URL Rewrite to file instead of path

                Allow URL Rewrite to rewrite a path to a file. This would enable users to host single page applications using front door.

                18 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  started  ·  3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
                • Provide option to change which TLS versions are supported

                  Provide option to change which TLS versions are supported - similar to the Azure App Service. This will allow for use of Front Door with PCI compliant apps.

                  17 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    planned  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow configurable timeout period for Front Door

                    Currently Front Door forces a 30 second timeout for backend requests. This can severely restrict the usefulness of the service in production systems. It would be great to have the timeout period configurable to allow for a longer period of time. My understanding is that the Azure Load Balancer, which sits in a similar space as Front Door, defaults to a 4 minute timeout period.

                    16 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      started  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
                    • Provide list of internal Front Door IPs so we can whitelist them in downstream systems

                      Provide list of internal Front Door IPs so we can whitelist them in downstream systems. Currently there is no way to verify if traffic comes from AFD or from someone bypassing it.

                      Alternatively you can implement AFD Service Tag for NSGs.

                      15 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        started  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add additional Authorized CA for custom Certificate in Azure Front Door

                        Actually it is possible to bring a custom certificate for custom domain name in Azure Front Door. Unfortunately, there is a restricted list of authorized CA (cf. https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https). CA like Lets Encrypt (https://letsencrypt.org/) are not in the list. Is possible to add it ?

                        7 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
                        • [Azure Front Door Service]Support password protected PFX

                          Support password protected PFX for HTTPS

                          4 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
                          • Confirguration of caching rules in Front Door

                            Allow configuration of content caching rules similar to how Azure CDN (Akamai) and Azure CDN (Verizon). This will allow better support of leveraging Front Door with Azure Storage Static Websites where it is impractical to set cache-control on a per-item basis.

                            4 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              planned  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
                            • Azure Front Door service is incompatible with blob storage if using Azure storage's shared key authentication method

                              We found Azure Front Door service is incompatible with Azure blob storage if using Azure storage's shared key authentication method. The root cause is AFD will add some x-ms-* headers into the request to storage backend, storage backend will use all headers begin with “x-ms-“ to calculate the MAC signature. So the request will be rejected by storage service if forwarded by AFD.

                              4 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                started  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
                              • Azure Front Doors drain Application insights

                                I've enabled Azure Front Doors for a test/dev scenario to a web app that has application insights enabled. It started draining heavily as all frontdoors hearbeats are logged and are causing AppInsights log analytics to be pricey. There should be a way to disable that?

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
                                • Make Front Door work correctly for Azure B2C sign into a aspnet core web app

                                  I have a aspnet core web app which uses Azure B2C for storing registered users data. Registration and sign in for the app works as expected.

                                  I tried to configure the site to work with Front Door. however, we noticed Correlation Failed exceptions being logged immediately after the user had signed in. They were not then being redirected correctly to the next view.

                                  Further investigation showed that Front Door was stripping cookies from a key response being returned from Azure B2C. These were the very cookies used to complete the sign in process for B2C. this explained the failure.

                                  In…

                                  2 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
                                  • 1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Don't see your idea?

                                    Feedback and Knowledge Base