![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 18%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,079 questions
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
This looks like the backend is sending an absolute path instead of a relative path to the client.
And hence, the client is sending the requests to the original path instead of the App Gateway's IP.
i.e.,
- Say the App Gateway is being accessed like http://<AppGwIp>/abc/xyz and you select/click a file called "file.txt" from browser client.
- The server, instead of sending a response like "/abc/xyz/file.txt", it responds "http://container-app-name1.orangeglacier-859ee193.italynorth.azurecontainerapps.io/abc/xyz/file.txt"
- When this happens, the client now is redirected to the actual site instead of the reverse proxy which is App Gateway.
You can find more details on this here : Potential problems - Incorrect absolute URLs
This also leads to problems such as
- Incorrect redirect URLs
- Broken cookies
In fact, the entire document Host Name Preservation explains why using such a configuration is not desired and recommends you use a custom domain.
See : Implementation guidance for common Azure services
-
- i.e., Host Name should be "preserved" and not modified
- For App Gateway,
If you use Application Gateway as the reverse proxy, you can ensure that the original host name is preserved by disabling Override with new host name on the back-end HTTP setting. Doing so disables both Pick host name from back-end address and Override with specific domain name. (Both of these settings override the host name.)
Because health probes are sent outside the context of an incoming request, they can't dynamically determine the correct host name. Instead, you have to create a custom health probe, disable Pick host name from backend HTTP settings, and explicitly specify the host name. For this host name, you should also use an appropriate custom domain, for consistency. (You could, however, use the default domain of the hosting platform here, because health probes ignore incorrect cookies or redirect URLs in the response.)
In your case, I see backend is Azure Container Apps,
- See : Certificates and Domains in Azure Container Apps
- Once added and validated, you can always modify the DNS to point to the App Gateway IP.
- So, www.contoso.com is validated to be a custom domain for Container Apps and the DNS resolves to the App Gateway Public IP
Kindly let us know if this helps or you need further assistance on this issue.
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.