Share via

Domain Limits

Danny Chrismas 71 Reputation points
2021-01-05T22:58:19.323+00:00

I have 2 IIS servers on Azure that present content based on the domain name. 280 domains are pointed to it at the moment on our current WAF solution.
Looking at the App Gateway WAF v2 but I'm not sure if it can support all the domain names. For SSL I use a single certificate with many SAN on it.

Will I be able to use the App Gateway WAF v2? If not, is there an alternative?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
981 questions
Azure Web Application Firewall
0 comments
Accepted answer
  1. suvasara-MSFT 10,016 Reputation points
    2021-01-18T06:09:20.323+00:00

    @Danny Chrismas , As of now APGW listener limit is set to 100 per GW. Here is a feature request on similar ask requesting to allow multiple hostnames in the same listener. I would recommend you to upvote the same and provide your feedback for its future availability.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mubarak Tanseer 1 Reputation point Microsoft Employee
    2021-01-19T20:11:49.417+00:00

    @Danny Chrismas - How about the below solution ?

    1. A backend pool with both the IIS servers
    2. One basic type HTTPS listener to serve all the 280 domains
    3. One HTTP Settings, you may choose to offload the SSL here
    4. A request routing rule
    5. Custom probe may require if your backends doesn't respond to the default health probe on http://127.0.0.1/

    With the above configuration in place, a basic HTTPS listener would accept traffic from multiple hostnames and proxy those requests to the same backend server. Let the backend respond to the domain names it has.

    More about basic type listener: https://learn.microsoft.com/en-us/azure/application-gateway/configuration-listeners#listener-type

    Also App Gateway does support SAN certificates: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-faq#what-certificates-does-application-gateway-support

    If you would like to proceed with the Multi-Site listener then you would encounter the limit - https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#application-gateway-limits

    If you are planning to enable WAF then the recommended limit is the 40 listeners.
    Hope this helps !

    0 comments