Why when i hit application gateway's public ip, i get redirected to app service dns ?

04814784 21 Reputation points
2022-09-25T22:15:00.53+00:00

Hello Teams,

i created an application gateway with app service as backend pool, but when i hit the public IP of AG, i get redirected to app service's URL with 80 as port (ie i get redirected to somthing like : https://benighil.azurewebsites.net:80)

The expected behaviour is : When i hit the Public IP of application gateway, i get the page of the app service in question wihout redirecting to https://benighil.azurewebsites.net:80)

Any help please ?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,109 questions
0 comments No comments
{count} votes

Accepted answer
  1. Priya Kumar 1,096 Reputation points Microsoft Employee
    2022-09-26T09:59:07.997+00:00

    By default, Application Gateway does not change the incoming HTTP host header from the client and sends the header unaltered to the backend. Multi-tenant services like App service or API management rely on a specific host header or SNI extension to resolve to the correct endpoint. Change these settings to overwrite the incoming HTTP host header.

    This blog explain the behaviour: https://techcommunity.microsoft.com/t5/apps-on-azure-blog/azure-application-gateway-app-service-redirects-exposing-default/ba-p/898576

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,691 Reputation points Microsoft Employee
    2022-09-26T10:18:02.643+00:00

    Hello @MohamedBenighil-1885 ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know why you are redirected to the App service URL when you access the application gateway's Public IP in your browser.

    This is a known issue with reverse proxy and multitenant PaaS services.

    Multitenant PaaS services often require a registered and validated host name in order to route an incoming request to the appropriate tenant's back-end server. This is because there's typically a shared pool of load balancers that accept incoming requests for all tenants. The tenants commonly use the incoming host name to look up the correct back end for the customer tenant.

    To make it easy to get started, these platforms typically provide a default domain that's preconfigured to route traffic to your deployed instance. For App Service, this default domain is azurewebsites.net. Each web app that you create gets its own subdomain, for example, contoso.azurewebsites.net.

    Having a different host name at the reverse proxy (in our case, Application gateway) than the one that's provided to the back-end application server can lead to cookies or redirect URLs that don't work properly. For example, session state can get lost, authentication can fail, or back-end URLs can inadvertently be exposed to end users. This is what is happening in your case.

    You can refer the testing section of the below doc and you can see if you use default domain with App gateway IP or DNS, it redirects to the .azurewebsite.net directly instead of the App gateway.
    https://learn.microsoft.com/en-us/azure/application-gateway/configure-web-app?tabs=defaultdomain%2Cazure-portal

    The recommended solution for this issue is to preserve the original HTTP host name when you use a reverse proxy in front of a web application. Follow the instructions for "Custom Domain (recommended)" in Configure App Service with Application Gateway to solve this issue.
    Refer : https://learn.microsoft.com/en-us/azure/application-gateway/configure-web-app?tabs=customdomain%2Cazure-portal

    Refer the below docs for more details on this issue:
    https://learn.microsoft.com/en-us/azure/application-gateway/troubleshoot-app-service-redirection-app-service-url
    https://learn.microsoft.com/en-us/azure/architecture/best-practices/host-name-preservation#potential-issues

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.