I have an .Net Core app published on Azure, the webapp has an endpoint that is publicly accesible.
When creating an HTTP POST request using the full url {azure-url}/results it works as expected. However a client needs to use this endpoint but his system transforms urls into IP addresses before creating a request (not sure why to be honest).
I've checked through Azure properties which is the IP address of the webapp which also matches when doing a nslookup. Problem is that when I replace the url with the IP address and make a request it returns 404.
Has anyone experienced something like this? I wonder if it's related to some Azure configuration I'm not aware of.
Azure App Service is a multi-tenant service. Meaning that other apps may share the same servers and thus the same inbound IPs. In order for your request to be routed properly to your app, it needs the domain name, not just the IP.
There is a way to get a static inbound IP by using a custom domain. I haven't tried that but I would assume even then you will not be able to call the service on that IP.
Related
I am very new to Cloudflare. So please bear with me. I need to access my website (hosted in Microsoft Azure - App Services) via IP address instead of the domain name.
To do this, I need to add HOST=www.mydomain.com into the HTTP header when requesting the website via IP address.
I heard it can be solved via Cloudflare, but the person I asked will not elaborate further. Is it possible? If yes, what service should I purchase? Any manual or instruction will be appreciated.
If Cloudflare isn't possible, do you have any service recommendations?
Thanks :)
The reason the host header is needed is because Azure App Services are multi-tenant (multiple apps on a single IP) by default. So, the server needs some way to know where to route your request to (the host name). In addition, IPs are not guaranteed to be static (they can change as you scale for instance).
It should be possible to secure a single static IP address using the following method -
https://learn.microsoft.com/en-us/azure/app-service/overview-inbound-outbound-ips#get-a-static-inbound-ip
What is unclear is whether or not this IP would also be dedicated (meaning only your domain would use it). This is what would be required in order to allow you to access the app service without a hostname specified.
Cloudflare will not solve this issue, as it sits at the DNS layer (domain name access). Accessing a server via IP would bypass Cloudflare entirely.
I'm struggling to find a way of sending all traffic into a app gw to a certain website path.
Say my website is, stackoverflow.devops.com.
I have a App Service backend with the domain stackoverflow.devops.com.
The idea going forwards is to send all traffic to that website to a traffic manager, doing geolocation routing. Currently, if you're in Europe, it routes to an application gateway where the path is fine, and this works.
If you're in the states, it routes to a different application gateway (with the same backend pool) and I want to change the url to stackoverflow.devops.com/us for any traffic going through this app gw.
I've tried URL rewrites but getting a 'too many redirects' error.
Thanks!
It sounds like you are redirecting back to the public DNS name and going back out to Traffic Manager which is creating a loop.
You should be able to specify '/us' as the URL path value on your rewrite rule.
I'm curious about what you are trying to achieve here though if the backend pool is the same for both application gateways. Would you not want to have another App Service in the US region also?
So I'm working on building scripts to deploy Azure resources using the Az modules in PowerShell. I am new to Azure Traffic Manager, so I'm wondering if what we are looking to do is even possible, and if so, how.
We have an API Management Service (APIMS) with a handful of APIs in it that point to a few different web apps within Azure. So the way it works currently is we have a client application that will post to a specific API operation via its APIMS URL.
We are looking at the idea of using Traffic Manager purely for moving traffic from one APIMS to a another in the event that we need to create a new APIMS. I can add the existing APIMS as an endpoint to the Traffic Manager as an external endpoint using its public IP address. But beyond that, here's what I'm unsure of:
How exactly would traffic actually get routed through the traffic manager, through the APIMS, to the specific API post? (as in, what would the client application need to specify as where it's sending its post?). Or would this even work??
If we create a new APIMS, can we then simply add that as a new endpoint to the traffic manager (again, as an external endpoint via its IP address), and then delete the old APIMS endpoint?
I did find this question that's similar, but that answer is using Add-AzureTrafficManagerEndpoint as opposed to New-AzTrafficManagerEndpoint, which is what I'm using and apparently does not support -DomainName as a parameter.
Traffic manager does not route traffic, it only does domain name resolution. You could use TM for that. For your custom domain in traffic manager (say contoso.com) you can add CNAME record pointing to contoso.azure-api.net (it's preferable to use CNAME instead of A and APIM service IP may change in certain scenarios). And add SSL certificate in APIM for contoso.com. What will happen in that setup:
Client wants to make request to https://contoso.com/myapi
Client will perform DNS lookup for contoso.com and see CNAME record pointing to contoso.azure-api.net
Client will perform DNS lookup for contoso.azure-api.net and see APIM IP address
Client will try to open SSL connection to APIM
APIM having SSL certificate available will accept the connection
Client will send request.
All this does not require any special configuration from your client apart from setting it up to use "contoso.com" as a hostname for your API. Later if you want to switch to a different APIM service you could go and update TM. Client will not require any changes.
The one thing to know is that this particular setup does not require TM per se. As all you really need is a custom domain from any DNS provider because all you need to do to switch traffic from one APIM to another is update CNAME record.
Problem statement:
I have a logic app which I have exposed via APIM[I want this way as this is my design approach] and I want to allow only specific inbound IP address(in my case APIM IP) to access my logic app.
I have restricted the IPs in apim as follows, and which is working as expected.
<ip-filter action="allow">
<address-range from="xx.xx.xx.x1" to="xx.xx.xx.x5" /> //currently this is of no use.
<address>xx.xx.xx.xx</address> //my local machine ip.
</ip-filter>
Now, I have allowed the specific ip(apim ip) in my logic app and hit the request from my local machine, logic app prompt me an error.
When I added my local machine's Ip in logic app then it works as expected.
So,I think What is the point of restricting the ips in APIM because I need to allow all the IPs in logic app as well?
could anyone please assist/elaborate me what i am doing wrong.
In the Azure portal, access to your Logic App. Under Settings, select Workflow settings.
Under Access control configuration > Allowed inbound IP addresses, select Specific IP ranges.
Then you will receive a 401 Unauthorized status with postman and if we try from our APIM, we should get a 202 Accepted status.
For more details, you could refer to this article about How to restrict incoming IP ranges for a Logic App to accept only APIM calls.
I have analyzed the issue and below is the finding.
Getting Unauthorized is because of not whitelisting the local machine IP from which I was exploring the logic app to see the requested content.
Everything else is working as expected.
hope this will help!
I have a website on Azure Cloud Services, and I have enabled a wildcard for my website like: *.mywebsite.com
Then if a customer registers and select as his subdomain: client1.mywebsite.com, I only save the subdomain associated with my customer in the database. I don't need to do anything on the portal. This works as well on Azure Web Apps (Azure Websites).
Now, if my client goes to his domain provider and sets a DNS entry like:
www.client1.com CNAME client1.mywebsite.com
I can handle that correctly in Cloud Services without having to register "www.client1.com" in the Azure Portal. Is that possible in Azure Websites without having to add www.client1.com to the Azure Portal?
Short answer, no, it is not possible.
Explanation.
What you type in the address bar is the name that is presented to a web server in the HTTP request. Regardless of the underlying DNS responses. If a DNS look up of www.example.com provides an IP Address, whether a CNAME or an A record, that is where it will go and get data from. The only way to change that is with a HTTP Redirect.
In Azure the incoming server name is used to direct traffic to the correct web app (On the same set of IP Addresses there might be thousands of other websites registered) The only way it knows how to distinguish where to send the request is from the incoming server name.
Why this worked on Cloud Services.
Behind a cloud service was an IP Address that was unique to your servers behind it. When a cloud service got a HTTP request, it would process it, because there was nowhere else to send it.