question

RashmiSajjan-6545 avatar image
0 Votes"
RashmiSajjan-6545 asked ajkuma-MSFT commented

Can we have more than 500 Domain per Azure app service ?

1) We are having multitenant web app where We want to identify customer based on domain and we are expecting 2000 customer as limit.
2) Is there any limit on custom domains that can be created per subscription? If so , how many?

azure-webapps-custom-domains
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Taz-3478 avatar image
1 Vote"
Taz-3478 answered RashmiSajjan-6545 commented

Hello @RashmiSajjan-6545!

Hope you are having a great day!

Thank you for asking a Question! We are Glad to Assist you!

Unfortunately, the max number of custom hostnames allowed for a single app on App Service is 500 and it cannot be increased.

Please let us know if you have further questions.



Regards,
Tasadduq Burney






|- Please don't forget to "Upvote"  and  "Accept as answer"  if the reply is helpful -|


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Taz-3478 - Thank you for the response.

Is there any way we can have this achieved?
We are working on multitenant Saas product and we are expecting to have more than 500 customer base for the product.

So we want to identify tenant based on Domain.
Any other solution for this, if custom domain limit can not be extended?

0 Votes 0 ·

Hi @RashmiSajjan-6545

The solution to this is to setup a .domain.com wildcard DNS CName record that points to your App Service address (you can do this with an A record instead if you want) and then add .domain.com as a Custom Domain into the App Service.

Then you can bind a wildcard *.domain.com Certificate to it and you're golden. No limit.

0 Votes 0 ·

Thanks @Taz-3478 for the quick response.

0 Votes 0 ·
RashmiSajjan-6545 avatar image
0 Votes"
RashmiSajjan-6545 answered ajkuma-MSFT commented

Hi @Taz-3478 - As mentioned, I was able to add wildcard domains and attach to out App service.

Now Our concern is , it allows any domains which ends with say '.oursize.com', at least the landing page of website.

Suppose, we asked customer A to use as.oursite.com, if they misspell and use ap.oursite.com, still they will be able to access this and try to login and end up having error.

So, Is there any way, we can add restriction for subdomain? at App service level to allow only some domains or at Traffic manager level or load balancer level?

Thank you for your help!!

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Apologies for the delay in responding here, RashmiSajjan-6545

If I understand your setup/issue correctly – by default the Azure WebApp are accessible publicly. If you wish to restrict access to your WebApp you can setup access restrictions.
By setting up access restrictions, you can define a priority-ordered allow/deny list that controls network access to your app.

See this doc for different ways to accomplish this: Set up Azure App Service access restrictions

From your example, looks like there is a typo: '.oursize.com' vs subdomains .oursite.com.
Wildcard * records won't validate subdomains with an existing CNAME's record. You may need to explicitly create a TXT record for each subdomain.

For creating wildcard domain, see this document for the details process - Create the DNS records


Unfortunately, As Taz-3478 mentioned, the 500 domains limit cannot be increased.
Basically, one option - with wildcard domain to try to cover multiple or second option - have Traffic Manager setup with App Services in different regions/stamps.

Just to highlight, it is not recommended to run heavy traffic website in a single App Service Plan (ASP).
The recommended option is to use Traffic Manager and multiple App Service Plans in different Regions and distribute the domain bind in multiple ASPs.


0 Votes 0 ·