When I place a CDN, or something like Azure Front Door, in front of a webapp, how do I stop traffic from directly hitting the .azurewebsite.net domain name?
I believe the below article discusses in depth on how to setup an Azure Web App and how to use Azure Front Door with it. It highlights how myappfrontend.azurefd.net will be the front end for your app, which will then redirect the request to the backend (.azurewebsites.net) only if the criteria is met. There is a second article that highlights setting up a custom domain to be used with Azure Front Door if necessary. Please review the below information and let us know if you have any more direct questions.
Once this is setup, you can develop reroute rules to direct requests from .azurewebsites.net to your custom domain, which would ensure all requests are handled by Azure Front Door.
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect rule for azurewebsites.net to domain.com" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_HOST}" pattern="whateverappdavid.azurewebsites.net" />
</conditions>
<action type="Redirect" url="http://therealdavids.com/{R:0}" />
</rule>
</rules>
</rewrite>
</system.webServer>
Azure App Services with Azure Front Door
Azure Front Door Custom Domain
Update
Perhaps, you can use the REST API to retrieve the set of IPs for Verizon’s point of presence (POP) servers. Then use this IP list to enforce that requests to your origin server are made only from a valid Verizon POP.
Ref: Retrieve the current Verizon POP list for Azure CDN
Related
I can’t say that I have seen this before.
The Azure app name is the default name that you give it when build the Azure app service.
It’s also used to validate the custom domain ownership with your domain register
It’s applied to the DNS as a CNAME record for the www of the custom domain
DNS Set-up
Type CNAME Domain Name customdoamin.com.au canonical name defaultname.azurewebsites.net
Q. Has anyone seen the Azure default domain been index by google before?
And if so how you would out why this maybe the case?
You'll want to follow the guidance documented below, most likely adding a URL rewrite rule in your web.config to do a permanent redirect (301). This is what I use on my site.
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect requests to default azure websites domain" stopProcessing="true">
<match url="(.*)"/>
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^mysite\.azurewebsites\.net$"/>
</conditions>
<action type="Redirect" url="https://blog.test.com/{R:0}"/>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
https://support.google.com/webmasters/answer/139066?hl=en
I have myazurecustomdomain.com which points to my App Service, and I have mygoogledomain.ca which has a ressource record to point on my app service. I have assigned those two domains to my app in azure.
Now I want myazurecustomdomain.com to be redirect to mygoogledomain.ca because I have some third party libraries that are subscribe to my .ca domain and I don't necessarily want to maintain my .com domain for now. What is the best way to do this.
If you don't want to maintain the .com the domain now, you could remove the custom domain mapped to your app service. So you will get access to that web app via the current custom domain mygoogledomain.ca or default app service domain like xxx.azurewebsites.net.
When you have two custom domains mapped to your azure app service, you want to redirect one domain to another domain. You could add rewrites rules in the web.config file of your applications. For more information, you could refer to this answer.
<rewrite>
<rules>
<rule name="Redirect all to different domain" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^myazurecustomdomain.com$" />
</conditions>
<action type="Redirect" url="http://mygoogledomain.ca/{R:0}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
We have a site set up on an azure app service. We have an application gateway setup to act as a waf, however it seems to be causing issues with our non www to www redirect which is shown below. The redirect works as expected when browsing directly to the site which points to the waf being the problem. Has anyone experienced this issue. I suspect the host is changed to xxxxx.azurewebsites.net when it forwards the request on but can find no documentation about this. Has anyone experienced this before?
<rule name="Prepend WWW" enabled="true" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^(.*)azurewebsites.net$" negate="true" />
<add input="{HTTP_HOST}" pattern="^(?!www\.)(.*)$" />
</conditions>
<action type="Redirect" url="https://www.{C:0}{PATH_INFO}" redirectType="Permanent" />
</rule>
There is a simple way to directly redirect a none-www hostname in the URL to www hostname on the DNS level without having conditions rules on web.config. You could create a CNAME record that maps non-www domain example.com to www.example.com in your domain DNS provider. Your domain DNS provider may need support CNAME records in the root domain. You also could map www.example.com to your application gateway IP address.
Another way is to configure redirection and routing rules on the application gateway level. You may add two multi-site listeners, one is for host example.com, another is for host www.example.com. Then configure the redirection from one listener to another listener. You could get more info on the Application Gateway redirect overview.
I have two web apps deployed on cloud services in two regions.
WebApp1.cloudapp.net
WebApp2.cloudapp.net
I created Azure Traffic Manager with Performance Load Balancing
WebApp.trafficmanager.net
What is CName for my cloud app and how can I configure this CName point to Azure Traffic Manager?
The CNAME for your app is WebApp.trafficmanager.net. You will need to register a custom domain from one of the DNS providers -- once done use the tools they provide to add a CNAME record for "www" to your domain and point it at your Traffic Manager.
At the moment Azure Traffic Manager does not support apex (naked) domains. So this solution would cover www.yourdomain.com, but not simply yourdomain.com.
Some DNS providers support forwarding where you can specify yourdomain.com should redirect to www.yourdomain.com.
If this is not the case, you can enable forwarding in your Azure Web App by adding this to your web.config:
<system.webServer>
<rewrite>
<rules>
<rule name="Apex Redirection" stopProcessing="false">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
</conditions>
<action type="Redirect" url="http://{C:2}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
Then you would pick either of your cloud service regions and grab the "A" record from the Azure management console for your DNS record. Anyone who goes to yourdomain.com would go to that region's app and get redirected to your Traffic Manager at www.yourdomain.com.
You would register a custom domain name with the registrar of your choice (ie. GoDaddy, Network Solutions, etc). Once you have this domain name you would then configure it on the registrar's site to have a CNAME entry pointing to the trafficmanager.net address. So it would look like:
www.webapp.com IN CNAME webapp.trafficmanager.net
I have created a Cloud service with 2 web roles (one is the "public" site, and the other is the "admin backend").
I deployed the solution in azure, and the cloud service with the web roles were created. I can access both sites using:
FrontEnd
http://my-app.cloudapp.net:80/
BackEnd
http://my-app.cloudapp.net:8080/
Here is the problem: I would like to access the backend as a subdomain of the main site. I tried to update the DNS (GoDaddy) playing with the CNAME, but I have not been able to find a solution since it seems that I cannot use port numbers. One solution could be to create 2 Cloud Services, each one with just one web role (of course, both using port 80); but due to business requirements it's not a good idea. Any ideas?
FWIW, this is what I would like:
FrontEnd
http://my-app.com
BackEnd
http://dashboard.my-app.com
You should be able to add two CNAMES or A-records with your hostnames, pointing to the same site/port. You can then use URL rewriting to map the hostnames to different directories, something like (the untested);
<rewrite>
<rules>
<rule name="Dashboard rewrite" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^dashboard\.my-app\.com$" />
</conditions>
<action type="Rewrite" url="http://my-app.com/dashboard/{R:0}" />
</rule>
</rules>
</rewrite>
This will/should rewrite the access to http://dashboard.my-app.com/test.aspx to http://my-app.com/dashboard/test.aspx, giving the impression to the browser of being two separate applications.
With DNS CNAME you can only point from one hostname to another. Port numbers are a totally different item.
You can install an HTTP reverse proxy server to forward the requests to the proper cloud service. (e.g. HAProxy, nginx, IIS ARR etc.). There are some solutions in this SO question: How do I create a reverse proxy that runs in Azure?