![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 66%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 15%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBN%3C/text%3E%3C/svg%3E)
Hi MrcFn,
Azure Static Web Apps are designed to be served through Azure's global Content Delivery Network (CDN), and they do not support being placed behind an Azure Load Balancer, firewall, or private networking infrastructure. The platform does not expose a fixed public IP that you can reference in your DNS A records or route traffic to directly.
Moreover, Static Web Apps handle SSL termination at Azure’s edge, and cannot negotiate SSL certificates using SNI from a downstream device such as your WAF. Therefore, your desired network path cannot be implemented using Static Web Apps.
To achieve your objectives, we recommend two alternative approaches depending on your priorities.
- Use Azure Front Door in front of your Static Web App. Azure Front Door supports custom domains, bring-your-own (BYO) SSL certificates through Azure Key Vault, and integrates natively with Static Web Apps.
- In this model, you can configure your DNS to point
sub.example.comto your Front Door endpoint. Front Door will handle SSL termination and route traffic securely to the Static Web App. You can optionally enable WAF policies directly on Azure Front Door for complete traffic inspection and protection.
Custom domain for Azure Static Web Apps
Azure Front Door – Custom domain and HTTPS.
- In this model, you can configure your DNS to point
- If your architecture requires full control over network routing, public IPs, and TLS handshakes, including support for SSL negotiation using your own certificates from the WAF to the backend, you should consider using Azure App Service instead of Static Web Apps.
- Azure App Service supports VNet integration, can operate behind an Azure Load Balancer and firewall, and allows you to bind custom domains and certificates for direct SSL handling. This model supports your need for strict path-based routing and TLS control. Add SSL certificate to App Service
Integrate App Service with VNet.
- Azure App Service supports VNet integration, can operate behind an Azure Load Balancer and firewall, and allows you to bind custom domains and certificates for direct SSL handling. This model supports your need for strict path-based routing and TLS control. Add SSL certificate to App Service
Hope this helps, if you have any further concerns or queries, please feel free to reach out to us.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 69%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM2%3C/text%3E%3C/svg%3E)