Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Enable FrontDoor managed certificates for wildcard domains

      Right now FrontDoor accepts wildcard domains but we have to bring our own certificates.

      https://docs.microsoft.com/en-us/azure/frontdoor/front-door-wildcard-domain

      Currently, only using your own custom SSL certificate option is available for enabling HTTPS for wildcard domains. Front Door managed certificates cannot be used for wildcard domains.

      Having FD manages all SSL matters is a time saver for us!

      65 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    2. Azure Front Door should automatically configure custom domains on backend app services

      When a custom domain is registered with Azure Front Door it should register that custom domain with backend app services.

      When backend app services do not have the same custom domain as AFD, app service session cookies are not passed back to the browser. Therefore session affinity is broken.

      Although there is a workaround that involves pointing the custom domain at the app services to register the domain, then pointing the custom domain back to AFD, it some cases that's just not feasible.

      We will be halting further rollout of AFD to our customers until this issue is resolved.

      62 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    3. API ability to determine when Azure Front Door replication has succeeded to the POP servers

      When making backend changes to Front Door, there is no way to determine when this change has succeeded, nor is there any SLA provided for how long this could take. There needs to be a way via API that we can know for sure replication to the POP servers has succeeded (or failed).

      51 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Native support for isolating traffic to a specific Front Door

      Most users are not aware that it is posible to bypass the specific Front Door instance by using another Front Door, see https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq#how-do-i-lock-down-the-access-to-my-backend-to-only-azure-front-door

      What I would like is native support for validating the X-Azure-FDID header in ex. an Application Gateway. With no native Azure service able to allow or deny traffic based on that specific header, it is left to the application developers to do.

      51 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    5. Private Endpoint support in Front Door

      Front Door is useful for private networking scenarios as well as public. For example we are beginning to use it as a routing for Blue/Green Deployments of our internal apps.

      To keep the apps secure, we want to have a private traffic route into the Front Door and also out to the backends.

      This could be by the new Private Endpoints. There is also a separate feature request on here for VNet support.

      51 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. Add X-Azure-Client-IP-Country header to headers set by Front Door

      It would be really nice to have the country of the originating IP adress of the request available in the request headers, similar to Cloudflare's X-CF-IPCountry header.

      While Azure Front Door does provide routing rules depending on country, in my case the route is accessible globally but validation depends on the country of the originating IP address. Having it available in the header saves me an additional call to an IP Geolocation service.

      46 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    7. Azure Front Door - cache Key Vault sourced certificates

      We use Front Door to host multiple clients under the same domain, and configured HTTPS with a wildcard certificate sourced from Azure Key Vault. The same source Key Vault, secret name and secret version is used for all frontend endpoints configured.
      Customer DNS records:
      customer1.domain.com -> frontdoorname.azurefd.net
      customer2.domain.com -> frontdoorname.azurefd.net
      customer3.domain.com -> frontdoorname.azurefd.net

      Wildcard certificate in Key Vault *.domain.com

      Every time a new client front end is added and HTTPS configured for it, the certificate is deployed again, which takes 20 minutes. Front Door should recognize that the same version of the same certificate is already been uploaded before and…

      43 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    8. Make Front Door work correctly for Azure B2C sign into a aspnet core web app

      I have a aspnet core web app which uses Azure B2C for storing registered users data. Registration and sign in for the app works as expected.

      I tried to configure the site to work with Front Door. however, we noticed Correlation Failed exceptions being logged immediately after the user had signed in. They were not then being redirected correctly to the next view.

      Further investigation showed that Front Door was stripping cookies from a key response being returned from Azure B2C. These were the very cookies used to complete the sign in process for B2C. this explained the failure.

      In…

      38 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Add option to detach specific files from the Azure Front Door dynamic cache

      When you host a SPA (Single Page Application) on an Azure Blob storage with Azure Front Door (with dynamic caching activated):

      Everytime you release a new version of the app, users have to force-reload the page in order to get the new version.
      Because the links to the new assets (like main.***.js, ...) are located in the index.html, which has been cached.

      I was able to solve it:
      1. Let the Azure CLI set the Cache-Control header to "no-cache" on the index.html after pushing it to the blob storage:
      az storage blob update --account-name $(storageAccount) --container $web --name index.html --content-cache-control…

      37 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    10. Azure Front Door - Routing based on Query string parameters

      It seems Azure Front Door does not support Pattern matching on the basis of Query string parameters.

      Is there a way i can redirect requests bases on value of url parameter?

      ex: https://www.contoso.com/api/page1?type=EU

      Parameter "type" can have multiple values, if the value is "EU", the AFD should redirect to https://eu.contoso.com.
      if the value is "US", the AFD should redirect to https://us.contoso.com.

      37 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. give FrontDoor health probes an identifiable user agent to enable traffice to be filtered in Application Insights

      Health Probe requests from Azure FrontDoor should have an identifiable user agent string, which ideally should be included in the default ApplicationInsights.Config filters section.

      Any user of FD whose sites us AI are going to find their telemetry feeds flooded with multiple requests a minute otherwise, and all suggestions given from other users or MS have been workarounds for what should be a standard filter being missing

      35 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    12. Azure Front Door WAF should scan POST requests with content-type multipart

      At the moment the Azure Front Door WAF does not scan for XSS threats when the request going through FD is of content-type multipart. This was advised this is the case by the Microsoft Support team. For example, if I send the following request through Azure Front Door with OWASP DefaultRuleSet enabled on its WAF:
      POST:

      content-type: multipart/form-data; boundary=----WebKitFormBoundaryriZKfNGOPKHI8rWO

      Form Data:
      958127ef-8053-4054-811e-49d54be8a09f: <script>alert('hello');</script>

      The WAF does not detect the XSS threat simply because of the content-type.

      This is fundamental to have in a service dedicated to protect backend systems. I am conscious this is currently being worked, however what is…

      34 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Provide a lower starting cost for Front Door

      I have a simple static web page with HTML and JavaScript and a simple azure function working with a cosmos db, with very little traffic. Static web and function costs only cents and cosmos for ~23$. Adding a azure Front Door to this setup, will tripple the price (need two rules). I really like a to use Front Door, but adding this to my setup is to costly in relation to the other costs.

      34 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    14. Add support for Let's Encrypt as a CA in Azure Front Door

      Add support for allowing Let's Encrypt as valid CA.

      Buying SSL Certificate is an expensive affair and having Let's Encrypt as valid CA would increase Front Door's adoption.

      One situation it will be really helpful is while using an Apex domain with Front Door.

      33 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. More Front Door routing options - based on headers and/or IP addresses

      Currently, it looks that Front Door only supports routing based on URL path. It would be nice to be able to route traffic according to headers and/or IP addresses as well.

      E.g.,
      Forward traffic coming from 6.7.8.9 to backend pool X.
      or
      Forward traffic with the header User-Agent containing googlebot to backend pool Y. (not promoting cloaking here at all, but dynamic rendering instead https://developers.google.com/search/docs/guides/dynamic-rendering)

      32 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    16. Front Door support Range headers where the client asks for more bytes than is available from the origin

      When the Facebook sharing service reaches out to get the metadata for a page, it asks for the first 512Kb of the page. However, most of the pages on our site are 21Kb, so Front Door kicks out the request with a 503 because the Content-Length headers do not match. Please support Range requests for files smaller than the requested size as well as cache those requests as well.

      27 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    17. 26 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    18. Add support for Azure Static Web Apps in Azure Frontdoor

      Add Azure Static Web Apps as Backend host type in Azure Frontdoor. Would be nice to be able to combine Azure Static Web Apps with advanced features in Azure Frontdoor.

      https://docs.microsoft.com/en-us/azure/static-web-apps/

      24 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    19. Azure FrontDoor support for custom ports

      Front Door currently only supports ports 80 and 443. In case a custom ports needs to be supported, other solutions like load balancer don't provide global distribution which is not restricted to a region. We would like to be able to configure Front Door with custom ports and different backends for each allowing simpler conversion of on-prem applications to Cloud without changing the integrated systems.

      23 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    20. Increase header value character limit for rules engine

      Currently the AFD rules engine has a header value limitation of 128 characters.
      This limitation prevents using the rules engine for useful security headers like Content-Security-Policy which are often larger.

      There is even a documentation (https://docs.microsoft.com/en-us/azure/frontdoor/front-door-security-headers) on using this approach for security headers but they use a shorter CSP so don't hit the limit.

      21 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base