1

I have created the External facing ASE with a single Web App. Trying to place a WAF enabled Application Gateway.

I have configure the Application gateway subnet and frontend to Public facing.

To interconnect the WAF with ASE(APP), i have set the target of the App hostname (FQDN) in the Backend pool. After mapping the target, i have verified the backendpool health which states Healthy.

Now i tried to access the Frontend IP and FQDN of Application gateway, i'm getting the below error

"The resource you are looking for has been removed, had its name changed, or is temporarily unavailable."

action taken - Tried without NSG and also allowing NSG in ASE subnet

Need your help, I'm in middle of the Environment setup.

Suspect the hostname resolution is missig and not sure how to overcome this block

Amor
  • 8,325
  • 2
  • 19
  • 21
Karthik Neel
  • 29
  • 6

1 Answers1

0

"The resource you are looking for has been removed, had its name changed, or is temporarily unavailable."

Every Azure Web App has a collection of host names. A request will be transfer to the dedicated server instance depends on the host name in HTTP request message. If the host name doesn't match one of the host names which configured in Azure portal. The Azure Web App can't be reached.

You could view the default host name in Azure portal.

enter image description here

Since you accessed your Web App by Frontend IP or FQDN of Application gateway, their host names will not match the host name of your Web App.

There are 2 ways to fix it.

  1. To simple test your Application gateway, you could be able to use something like ModHeader Chrome extension to open the public IP address/hostname of the Application Gateway in the browser, and pass in the host name of your Web App you configured on the Web App as a Host Header and the website should come up.

enter image description here

  1. Register a custom domain(For example, abcd.com) in a domain provider(For example, Godaddy). In the DNS setting of your domain, add A record to the IP address of your Application gateway.

enter image description here

After that, you also need to add host name by click add host name button in Azure portal.

enter image description here

Amor
  • 8,325
  • 2
  • 19
  • 21
  • Thanks for your response... How will be able to confirm that the App is protected by WAF. I'm bit confused on the logic behind this – Karthik Neel Jun 19 '17 at 12:34
  • WAF often used to protect the internal only accessed resource which hosted in the same VNET. The WAF will be the only entry of the web app. For example, ASE with internal load balance. If a web app is host behind a public load balance. The web app can also be accessed from the web app URL. – Amor Jun 19 '17 at 12:44
  • If your issue is solved, please close your thread by marking helpful reply as answer. Thanks. – Amor Jun 19 '17 at 15:20
  • 1. If ASE with ILB, How we can publish the code(app). Is it possible to deploy from a VM running on another subscription (where as the App in another subscription) 2. Incase of external ASE(with public load balance), we can block the web app public endpoints with NSG and allow the Application gateway as source, this will work right? – Karthik Neel Jun 19 '17 at 15:24
  • 1. To publish website to ASE with ILB, you could create a VM which host in the same VNET. Or use point to site VPN to integrate you development machine to the ASE host VM. 2. Yes. you are right. – Amor Jun 19 '17 at 16:11
  • Any updates, am I understanding correctly. If you have further questions, please feel free to let me know. – Amor Jun 21 '17 at 06:29
  • Yes trying to implement both setup, External ASE and Internal ASE behind the Azure WAF. Using 2 Resource group to separate the both ASE. Do i need to point the IP based SSL to application gateway for the External ASE. For the Internal ASE the pointing must be to the ILB IP on the Application Gateway. Hope I'm right for the Internal ASE Could you please let me know about the External ASE? – Karthik Neel Jun 22 '17 at 06:45
  • For external ASE, both pointing to IP address or host name are right. – Amor Jun 22 '17 at 07:05
  • Coorect me if i'm wrong, The workaround step here is adding the Alias for the Web Application to correct the header info – Karthik Neel Jun 24 '17 at 09:42
  • We have other setup need to be done through Barracuda WAF, It what step i need to complete to place a Web app in ASE with Internal load balancer(Could you be more specific like step by step) – Karthik Neel Jun 24 '17 at 09:43
  • Yes, adding the Alias for the Web Application is a workaround. I suggest you register a domain to fix this problem as I described in my reply. For ASE behind ILB, link below is for your reference. [How to run an App Service behind a WAF-enabled Application Gateway](http://sabbour.me/how-to-run-an-app-service-behind-a-waf-enabled-application-gateway/) – Amor Jun 26 '17 at 01:17
  • i was also referring to the same link but my concern is still what i need to complete to place a Barracuda WAF. Not sure whether Barracuda WAF is same as Azure WAF just like creating Custom Probe – Karthik Neel Jun 30 '17 at 11:31
  • Yes, Barracuda WAF is same as Azure WAF. Please check following link. https://learn.microsoft.com/en-us/azure/app-service-web/app-service-app-service-environment-web-application-firewall – Amor Jul 04 '17 at 01:27
  • Hi, As i mentioned, i have configured the External ASE and Published the APP. Express route setup was completed and i was able to Ping the on-premises IP from KUDU powershell console of APP. When tried using the hostname i'm getting the below error "The remote name could not be resolved: ". i wanted to use the hostname in webconfig file it seems like some DNS issue but i'm not able to figure it out.Need your help... – Karthik Neel Jul 06 '17 at 16:58
  • I suggest post your question and more background in a new thread. – Amor Jul 07 '17 at 09:07