0

The company I support wants to investigate Azure Application Proxy as a way to present internal web apps to users outside of the corporate network without any further networking changes/setup (i.e., exactly what AAP is designed for).

A developer set up a simple internal website for a Proof of Concept, internal URL http://test, and I've got a connector installed and reporting as "running".

The problem is when I either go to the external URL (as copied from the application overview page in the Azure App Proxy portal), or click on the icon on myapps.microsoft.com, the browser thinks for a second or so and then the address bar changes to the internal URL, and of course it fails with a DNS error.

Troubleshooting steps attempted so far:

  • Checked windows event logs for the server running the connector, nothing in there except some Informational events reporting that connections have been established
  • Ran MS Network Message Analyser on the connector server looking for failures, but it shows successful CONNECTs (HTTP code 200) to login.microsoft.com
  • Ran Fiddler4 on my machine (making the call to the web app), and it just shows:
    • HTTP 200 (OK) to login.microsoft.com
    • HTTP 302 (Found) to the external URL, twice
    • HTTP 407 (Proxy Auth Required) to the internal URL, twice (but it's my own company's proxy reporting that, not the client's infrastructure).
    • HTTP 502 (Host not found) to the internal URL
  • Searching online for anyone else having the same problem, but the search terms - azure, application, proxy, internal, external, redirects - all bring up the docs.microsoft.com pages saying how set up AAP.

I did wonder about my company's proxy in the logs, so I tried it on my mobile phone while on 4G (not on WiFi), and got the same issue: external URL changes to internal URL and fails.

My understanding is this setup is exactly how AAP works,so a bit stuck and looking for pointers for what I can try next.

Update: URL translation was set to the default Headers = Yes & Body = No. So I tried both set to No. The external URL now gives me (but with no refreshing to the internal URL):

Http Status Code: 403 Reason: Unable to process request, directory browsing is not allowed

Setting Body = Yes gives the same 403 result. Setting both to Yes gives me my original issue.

Rincey_nz
  • 1
  • 1
  • 3

2 Answers2

1

You can turn off URL translation in the app proxy settings of the AAD application.

enter image description here

Sam Cogan
  • 38,736
  • 6
  • 78
  • 114
0

The issue wasn't with AAP, but my target internal website - I stood up another simple "Hello, World!" website and targeted that, and it worked exactly as expected.

Given this was a proof of concept, I'm not investing any further energy into trying to work out why the first test site didn't work.

Rincey_nz
  • 1
  • 1
  • 3