I have one app service which has one custom domain(abc.com) and a default domain(something.azurewebsites.net). There is one WAF AG(Application gateway) infront of app service. In the dns zone, I have a entry for the custom domain with A type record with value equals to the IP of WAF AG. In WAF I have listener for this custom domain and have a ssl certificate which is also bind in the app service custom domain. I want to create one CNAME entry for (xyz.com) which will point to existing custom domain(abc.com). I do not want to add xyz.com in my app service custom domain. Is there a way to only modify the WAF AG by adding the listener for the new name(xyz.com) and it will point to the same backend pool?
I tried to create such listener and create a certificate with SAN as new name(xyz.com) or certificate with CN as new name(xyz.com). I can see success in my health probe but when I tried to hit the url from the browser I am getting 502.
What am I doing wrong? or what should I do?
If
xyz.comis being used to access application Gateway then the app service should have a custom domain, since the app gateway cannot containabc.comyou can see the health probe that it creates, but you’ll get a 502 error only.According to MSDoc recommended setup is to use
xyz.comon both App Gateway and app service If you are going to change it fromabc.comtoxyz.com, you need to change it to.xyz.comon both sides. In App service you need to add it as a custom domain and even app Gateway you need to point it to asxyz.com.this request flow doesn't need to override the host name. The backend web application will see the original host as was used by the client.Other possibilities you can override or rewrite the location header, but it comes with limitations. it may fail with some other issue check this doc: redirection to App Service URL - Azure Application Gateway | Microsoft Learn
Reference:
Host name preservation - Azure Architecture Center | Microsoft Learn