Multisite and wildcard domaine

Question

Multisite and wildcard domaine

SkCloudAz 21

Hi,

I want to setup an Application Gateway Layer 7 + WAF v2 in front of my 200+ websites to protect from all the common web-hacking attacks.

I configured one HTTPS listener for all my websites (use wildcard. ex : *.contoso.com).
They are all under the same domain.
ex:

xyz1.contoso.com
xyz2.contoso.com
xyz3.contoso.com
etc.

But, I would like to redirect some websites (base on the hostname), to different backend pools.
I don't seem to be able to that with only one listener ?

The only way I found, would be to create as many listeners that I have of websites, to redirect them to the correct backend pools.
Is there another way to do that ?

Summary :

One HTTPS listener for a multisite wildcard domain (ex.: *.contoso.com)
Redirect xyz1.contoso.com to backend pool A
Redirect xyz2.contoso.com to backend pool B
Redirect xyz3.contoso.com to backend pool C
etc.
for all my websties (I have a lot...)

I wish I could create a rule, associate it to my HTTPS Listener (multi-site wildcard domain) and then specify (based on the hostname received) which backend pool to choose.
But it seems that we can do that only for "path-based rules", NOT for "host-based rules".

Maybe I miss something, can someone help me.

I just want to be sure to use the best approach.

Thanks,

GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2022-10-28T12:33:20.713+00:00

Hello @SkCloudAz ,

The only available redirection capabilities in Azure Application gateway are listener redirection (for HTTP to HTTPS), path-based redirection and redirection to external sites.
Refer : https://learn.microsoft.com/en-us/azure/application-gateway/redirect-overview#redirection-capabilities

You can also accomplice Parameter based path routing or routing based on the header value using the combination of URL Rewrite capability and path-based routing.

However, AFAIk host name based routing with wildcard listener is not available but I will discuss this with the Application gateway Product Group team and get back to you with an update soon.

Regards,
Gita
SkCloudAz 21 Reputation points

2022-10-28T13:27:26.28+00:00

Thank you very much for the info.

Waiting for your update on :
==> However, AFAIk host name based routing with wildcard listener is not available but I will discuss this with the Application gateway Product Group team and get back to you with an update soon.

Best regards,
Sk

Accepted answer

0 additional answers

Your answer

GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2022-10-28T12:33:20.713+00:00

Hello @SkCloudAz ,

The only available redirection capabilities in Azure Application gateway are listener redirection (for HTTP to HTTPS), path-based redirection and redirection to external sites.
Refer : https://learn.microsoft.com/en-us/azure/application-gateway/redirect-overview#redirection-capabilities

You can also accomplice Parameter based path routing or routing based on the header value using the combination of URL Rewrite capability and path-based routing.

However, AFAIk host name based routing with wildcard listener is not available but I will discuss this with the Application gateway Product Group team and get back to you with an update soon.

Regards,
Gita
SkCloudAz 21 Reputation points

2022-10-28T13:27:26.28+00:00

Thank you very much for the info.

Waiting for your update on :
==> However, AFAIk host name based routing with wildcard listener is not available but I will discuss this with the Application gateway Product Group team and get back to you with an update soon.

Best regards,
Sk

Answer 1

Hello @SkCloudAz ,

I understand that you would like to use a single wildcard listener and route different subdomains (which belongs to the same root domain) to different backend pools.

I discussed this with the Azure Application gateway product group team and below are their inputs:

Host name based routing with wildcard listener is not available.
So, the only possible ways to redirect your websites (based on the hostname) to different backend pools are as below:

1) One option, that you are already aware, is to use multiple listeners with respective domain names and map each to their specific rule & backend pool. For this, you may also want to set the rule priority in the right order as you’re using a wildcard.

2) Another option, which we believe would work for you (but it would be best that you test it out first) is to use URL rewrite to form paths and then use path-based routing to point to the respective backend pools.

Capture the patterns and rewrite the URL to form a specific path.
Refer : https://learn.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url#capturing
Use Re-evaluate path map, so the new path map is determined with the right backend.
Refer : https://learn.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url#rewrite-configuration
Define Path-based routing to point each path to its own backend pool.

Kindly let us know if the above helps or you need further assistance on this issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Share via

Multisite and wildcard domaine

0 additional answers

Your answer