question

AndyN-7644 avatar image
0 Votes"
AndyN-7644 asked AndyN-7644 commented

Azure Front Door to allow public access to ASE sites

Hi,

I have an ASE with ILB that is already running and has many websites/functions on it.

I’m in need of creating a number of key websites that need to be accessed via the internet and Fromt Door seems the ideal candidate.

Is AFD able to perform this activity? Can it be a bridge between the ASE and internet?

If this isn’t possible, what is the best approach that doesn’t incur significant additional cost.

Cheers

azure-front-doorazure-webapps-availability
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ryanchill avatar image
1 Vote"
ryanchill answered

Hi @AndyN-7644,

I don't believe Azure Front Door will work because your ILB doesn't have a public facing IP. AFD routes traffic to an internet facing "backend" i.e. your app service. I would consider two workarounds.

  1. You can configure an WAF as explained in https://docs.microsoft.com/en-us/azure/app-service/environment/create-ilb-ase#configure-an-ilb-ase-with-a-waf-device.

  2. You can create an External ASE which will have the public IP endpoint and migrate your app(s) to that particular ASE.

If you have any further questions, please feel free to comment below.

Regards,
Ryan




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GitaraniSharmaMSFT-4262 avatar image
1 Vote"
GitaraniSharmaMSFT-4262 answered AndyN-7644 commented

Hello @AndyN-7644 ,

Azure Front Door wont work in your case, as Front Door needs a public VIP or a publicly available DNS name to route the traffic to. Since ASE ILB is an App Service Environment with a private endpoint (that is, an internal load balancer), it doesn't meet the pre-requisite.

In your setup requirement, the best approach would be integrating your ILB App Service Environment with an Azure Application Gateway.

The integration of the application gateway with the ILB App Service Environment is at an app level. When you configure the application gateway with your ILB App Service Environment, you're doing it for specific apps in your ILB App Service Environment. This technique enables hosting secure multi-tenant applications in a single ILB App Service Environment.

You can refer the below article for step by step process:
https://docs.microsoft.com/en-us/azure/app-service/environment/integrate-with-application-gateway

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for the answer - I accepted the previous one purely because it arrived first.

0 Votes 0 ·