I have two web apps setup in Azure, and for simplicity let's call them webapp1 and webapp2. They sit behind an application gateway, which is selecting the correct web app based on the subdirectory in the URL.
Here's a basic example of how I've set it up:
www.mydomain.com -> webapp1 (the default route)
www.mydomain.com/app -> webapp2
This is working fine, except for one problem: if webapp2 redirects to the login page, for example, the domain in the URL changes to the azurewebsites.net domain. Instead of redirecting to www.mydomain.com/login, it's going to webapp2.azurewebsites.net/login.
I'm fairly new to Azure application gateway, but I know it injects the x-forwarded-* and x-original-host headers. I assumed the gateway would either alter the redirected url request to correct the domain or the config on the web app would use the x-original-host instead. Neither of these things are happening.
Is there a way to configure either the web app or the gateway to make sure the host name doesn't change on redirects? Would this scenario work better with a separate web app/VM with a classic IIS reverse proxy setup instead of the application gateway?
Currently Application Gateway would not overwrite the response from the backend. We do inject X-Original-Host and your application should use that to write the redirect URL correctly back to mydomain.
Example to configure URL rewrite on web app can be found here. An example of rewriting default *.azurewebsites.net domain to a custom domain can be found here
Related
I have an azure front door which has custom frontends/domains, backend-pools, and routing rules configured to use azure web apps as backends. When i go the website the request passes through front door as it should and picks the best available backend, but it displays the azure webapp's url on the browser from the backend pool and not the azure front door domain. I expect to have the frontend/domain in the browser when i am directed to the backend and do not display the azure web app's url in the browser.
For example,
when i go to www.mysite.com, i want it to be like www.mysite.com/foo (displaying the content from backend web app) and not mywebapp.azurewebsites.net/foo
Any guidance on how it can be achieved or is it possible to achieve?
The Azure front door just does a simple URL forwarding for the incoming client traffic. After my validation, if we select the forwarding protocol to HTTPS only, the address bar will not display the backend URL when you access the front door URL.
However, you actually still see the real backend domain in the set-cookie.
For more information, you could read the Backend host header and a similar question here1 and here2.
THis is possible using the forward feature in AFD, but if you are using redirects then the actual backend URL will be shown of course, so configure basic Forwarding and the AFD URL is the one that will be shown at all times
I'd need the following config on Azure:
requests to www.domain.com goes to an App Service (call it MainAppService)
requests to www.domain.com/blog/* to a different App Service (call it BlogAppService)
It is important that the url stays www.domain.com/blog/something (a simple redirect to blog.domain.com/something won't work for me here).
MainAppService is a .Net Core app while BlogAppService should be php (yes, WordPress). I wonder if Azure Application Gateway is the only option. Any code based solution without the need to install AAG?
As far as I know, if you want a code-based solution, you may consider adding URL rewrite rules in web app service. It seems that Rewrite Rules only works in one web app service. That is, you could not redirect HTTP-host www.domain.com to blog.domain.com based on rewrite rule.
As your configuration, I think Azure application gateway is an easy and better way to make it.
Configuration example:
Create an application gateway with path-based routing rules using the Azure portal
How to map URL path-based rules in application gateway for your Azure web app service
I have an azure web app and its corresponding application gateway.
I have created a CNAME and pointed it to the DNS name of the app gateway.
Now when I access the site using the CNAME, it reaches the app gateway and redirects me to the web app(actual web app URL ...azurewebsites.net).
Is it possible that using the CNAME, I should be able to reach the web app i.e. on the address bar it should be displaying the same CNAME to reaching the web app(it should not redirect to the web app)
Thanks.
You could configure the custom domain like sub.example.com to the web app first, then you could add such custom domain in the hostnames of Azure web app service. Once the DNS propagation happens, the CNAME record of the custom domain in the DNS zone should be changed to map the FQDN of the Application gateway like xxx.cloudapp.net.
I test this using web app service without HTTPS redirection. HTTPS Only is off. Azure Application Gateway is also working for HTTP. If you want to use HTTPS for the web app, you need an SSL cert for the custom domain.
Tutorial: Map an existing custom DNS name to Azure App Service
Update
In this case, you properly set HTTPS only is on in the custom domains of Azure web app service. For me, I could still set "Pick up hostname from the backend pool" under the HTTP setting even I do not add the hostnames as my previous reply. The redirection actually is related to the "HTTPS only" under Custom Domain in Azure web app.
I got this issue fixed:
The redirection that was occurring was due to a setting "Pick up hostname from the backend pool" under HTTP setting of application gateway. Removing that setting, using the CNAME we were able to reach the web app but we were getting an error "Too_Many_redirects" and this was resolved once the "HTTPS only" is set to off on the web app under Custom Domain as this redirection was configured at the gateway level.
I'm migrating a complete infrastructure over to Azure; it's been slow going as there's so much to learn and for every two steps forward, there seems to be one step back.
After what seems like an eternity, I think I've got it all sorted with one exception.
The architecture is as follows:
Azure Traffic Manager ==> 2 Azure Application Gateways (geo separated) ==> Azure App Service
A custom domain is used for the traffic manager and the gateways are listening for the same domain and, when the route matches, passing on the requests down to the app service.
The actual app itself is a ASP.NET MVC application and it uses forms authentication; and this is where the challenge happens.
When navigating to the public address: client.domain.com and hitting the website, it determines that the user is not authenticated and sends the browser to the login page... so far so good but, rather than using client.domain.com/login it uses the web-server dns name, so client.azurewebsites.com/login
How do I go about changing the behaviour so that it uses the external DNS name rather than the website name?
I can't setup custom domains on the app service as the only route into the site is via the gateway as this is also the firewall.
Is there some Web Config setting I can make? I'm looking at the outbound rewrite rules but these seem to only work on tags rather than 302 redirects.
Any thoughts would be most welcome.
You need to setup custom dns names on your webapp (you can use TXT record to verify dns name, so i dont see a reason why you can add it to the webapp). or you can alter the code.
In order to solve this problem, I had to make a code change to the web app itself. Not ideal but it worked.
What I had to do was to extend the code that redirects an unauthenticated request to the login page by sniffing for the X-Original-Host HTTP Header that the App Gateway forwards on. This contains the public facing DNS name. If the header is present and it is on a pre-approved white-list (so as to prevent any hijacking), then redirect the user to the login page for this domain, rather than the one the server is listening on directly (so use client.domain.com rather than client.azurewebsites.com)
My Cloud App has two roles with public endpoint. One of them is on https and second on http. Both of them should be configured to be available on the same TLD, let's say example.com. However though, there's a catch:
Http endpoint should respond only to http://example.com (let's say for now that calls to http://something.example.com can be redirected to https://something.example.com).
Https endpoint on the other hand should work the opposite way: calls without subdomains should be redirected to http://example.com.
Is there an easy way to to this by configuring some redirects in cscfg or something?
Any specific reason why you have 2 cloud web roles, Cant you have a single web role and both these application hosted on the same web role as different applications exposing 80, 443 out. This way you can control the redirection easily.