Azure Application Gateway DNS returning 307 to backend pool

Question

I am trying to configure Azure Application Gateway with Basic Rule. For my Frontend IP, I have created set DNS name to whatever.canadacentral.cloudapp.azure.com and uploaded a self-signed certificate. When I hit https:// everything works correctly however when I go to https://whatever.canadacentral.cloudapp.azure.com it returns 307 redirecting me to my backend pool https://whatever.azurewebsites.net/

Is this something to do with canadacentral.cloudapp.azure.com and I need to provide custom DNS?

Here's my template for Application Gateway:

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "applicationGateways_ExampleDev_name": {
            "defaultValue": "ExampleDev",
            "type": "String"
        },
        "virtualNetworks_Ex_DEV_externalid": {
            "defaultValue": "/subscriptions/xxx/resourceGroups/Example-Ex-DEV/providers/Microsoft.Network/virtualNetworks/Ex-DEV",
            "type": "String"
        },
        "publicIPAddresses_ExampleDevIP_externalid": {
            "defaultValue": "/subscriptions/xxx/resourceGroups/Example-Ex-DEV/providers/Microsoft.Network/publicIPAddresses/ExampleDevIP",
            "type": "String"
        }
    },
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.Network/applicationGateways",
            "apiVersion": "2019-09-01",
            "name": "[parameters('applicationGateways_ExampleDev_name')]",
            "location": "canadacentral",
            "properties": {
                "sku": {
                    "name": "WAF_v2",
                    "tier": "WAF_v2"
                },
                "gatewayIPConfigurations": [
                    {
                        "name": "appGatewayIpConfig",
                        "properties": {
                            "subnet": {
                                "id": "[concat(parameters('virtualNetworks_Ex_DEV_externalid'), '/subnets/default')]"
                            }
                        }
                    }
                ],
                "sslCertificates": [
                    {
                        "name": "ApplicationGateway",
                        "properties": {}
                    }
                ],
                "trustedRootCertificates": [],
                "frontendIPConfigurations": [
                    {
                        "name": "appGwPublicFrontendIp",
                        "properties": {
                            "privateIPAllocationMethod": "Dynamic",
                            "publicIPAddress": {
                                "id": "[parameters('publicIPAddresses_ExampleDevIP_externalid')]"
                            }
                        }
                    }
                ],
                "frontendPorts": [
                    {
                        "name": "port_80",
                        "properties": {
                            "port": 80
                        }
                    },
                    {
                        "name": "port_443",
                        "properties": {
                            "port": 443
                        }
                    }
                ],
                "backendAddressPools": [
                    {
                        "name": "ExampleApiDev",
                        "properties": {
                            "backendAddresses": [
                                {
                                    "fqdn": "Exampleapi-dev.azurewebsites.net"
                                }
                            ]
                        }
                    },
                    {
                        "name": "ExampleAuthDev",
                        "properties": {
                            "backendAddresses": [
                                {
                                    "fqdn": "Exampleauth-dev.azurewebsites.net"
                                }
                            ]
                        }
                    },
                    {
                        "name": "ExampleAppDev",
                        "properties": {
                            "backendAddresses": [
                                {
                                    "fqdn": "Exampleapp-dev.azurewebsites.net"
                                }
                            ]
                        }
                    }
                ],
                "backendHttpSettingsCollection": [
                    {
                        "name": "default",
                        "properties": {
                            "port": 80,
                            "protocol": "Http",
                            "cookieBasedAffinity": "Disabled",
                            "pickHostNameFromBackendAddress": true,
                            "affinityCookieName": "ApplicationGatewayAffinity",
                            "requestTimeout": 20,
                            "probe": {
                                "id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/probes/defaultxxx')]"
                            }
                        }
                    }
                ],
                "httpListeners": [
                    {
                        "name": "public-https",
                        "properties": {
                            "frontendIPConfiguration": {
                                "id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/frontendIPConfigurations/appGwPublicFrontendIp')]"
                            },
                            "frontendPort": {
                                "id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/frontendPorts/port_443')]"
                            },
                            "protocol": "Https",
                            "sslCertificate": {
                                "id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/sslCertificates/ApplicationGateway')]"
                            },
                            "hostNames": [],
                            "requireServerNameIndication": false
                        }
                    }
                ],
                "urlPathMaps": [],
                "requestRoutingRules": [
                    {
                        "name": "basic",
                        "properties": {
                            "ruleType": "Basic",
                            "httpListener": {
                                "id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/httpListeners/public-https')]"
                            },
                            "backendAddressPool": {
                                "id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/backendAddressPools/ExampleApiDev')]"
                            },
                            "backendHttpSettings": {
                                "id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/backendHttpSettingsCollection/default')]"
                            }
                        }
                    }
                ],
                "probes": [
                    {
                        "name": "default07a3e3ac-3c07-40f6-ad80-837f4cdd1009",
                        "properties": {
                            "protocol": "Http",
                            "path": "/swagger/index.html",
                            "interval": 30,
                            "timeout": 30,
                            "unhealthyThreshold": 3,
                            "pickHostNameFromBackendHttpSettings": true,
                            "minServers": 0,
                            "match": {
                                "statusCodes": [
                                    "200-399"
                                ]
                            }
                        }
                    }
                ],
                "rewriteRuleSets": [],
                "redirectConfigurations": [],
                "webApplicationFirewallConfiguration": {
                    "enabled": true,
                    "firewallMode": "Prevention",
                    "ruleSetType": "OWASP",
                    "ruleSetVersion": "3.0",
                    "disabledRuleGroups": [],
                    "exclusions": [],
                    "requestBodyCheck": true,
                    "maxRequestBodySizeInKb": 128,
                    "fileUploadLimitInMb": 50
                },
                "enableHttp2": false,
                "autoscaleConfiguration": {
                    "minCapacity": 0,
                    "maxCapacity": 2
                }
            }
        }
    ]
}

Do you mean you put "https://publicIP of app gateway frontend" then everything works? and what is `whatever.cpcrossingcompliance-dev.canadacentral.cloudapp.azure.com`? — Nancy, Nov 11 '19 at 02:57
yes, with public IP of app gateway frontend everthing works. whatever.canadacentral.cloudapp.azure.com is DNS of public IP — Sadiq Khoja, Nov 11 '19 at 16:36

score 1 · Accepted Answer · answered Nov 12 '19 at 10:38

In this case, for application gateway V2, you have two solutions from this document.

Rewrite the location header

Set the host name in the location header to the application gateway's domain name. To do this, create a rewrite rule with a condition that evaluates if the location header in the response contains azurewebsites.net. It must also perform an action to rewrite the location header to have the application gateway's host name.

Use a custom domain name

In this way, you must own a custom domain and add custom domain in app servvice, see Map an existing custom DNS name to Azure App Service. You could follow this process:

Actual reason for 307 was App Service was redirecting http to https. — Sadiq Khoja, Nov 18 '19 at 20:56

Azure Application Gateway DNS returning 307 to backend pool

1 Answers1