0

I have an environment setup with multiple azure web apps across multiple Azure service plans.

I'm now retrospectively trying to add an azure WAF between the wider internet and the websites.

I have created a WAF, but am now struggling to understand whether it is currently possible to continue to use the *.azurewebsites.net app addresses and route traffic through the WAF?

Is it possible to use the built in *.azurewebsites.net app service addresses as the external entry point to the Azure WAF?

neuro
  • 14,948
  • 3
  • 36
  • 59
Adam
  • 1,149
  • 10
  • 12
  • i dont see any reason why it wouldnt be? why do you think its not possible? – 4c74356b41 Dec 27 '18 at 18:04
  • I can't find a mechanism whereby i can set the externally available addresses of the WAF to be the built in azure web addresses. – Adam Dec 27 '18 at 18:35

1 Answers1

1

I think I understand your question, what you need to do is route the traffic to the application gateway add azure web app as the backend to the application gateway.

https://learn.microsoft.com/en-us/azure/application-gateway/create-web-app

you cannot azure *.azurewebsites.net as an endpoint for application gateway

4c74356b41
  • 69,186
  • 6
  • 100
  • 141
  • Yes, however use the backend app address as the ingress for the application gateway. – Adam Dec 27 '18 at 18:43
  • So, the applications come with *.Azurewebsite.net addresses as standard. The tutorials allow me to put a WAF in front of the applications but the WAF has a new external facing IP and domain name. What I'd like to do, if it's possible, is to continue using the *.Azurewebsites.net domains, but as the entry point the WAF. – Adam Dec 28 '18 at 08:14
  • That's what i had feared. As this is the cheapest and theoretically simplest implementation I wanted to eliminate this as a possibility first. If you update your answer with this bit, I'll mark it as accepted. Thanks for your assist. – Adam Dec 28 '18 at 08:37