I'm exploring the viability of implementing a Web Application Firewall (WAF) in front of our multi-tenant website, which hosts hundreds of domains, without having to change any DNS settings. I've found the application gateway to be quite inadequate for our needs, and Azure Front Door would need DNS modifications to work. I'm looking for third-party solutions or alternatives that would allow us to keep our existing DNS structure intact. Just to clarify, we currently have our DNS pointing to an Azure public IP that's linked to a load balancer, and we'd prefer not to alter those DNS records.
2 Answers
Maybe consider moving your public IP from the application gateway to Front Door? But I get it if changing DNS is off the table; minimizing downtime is crucial when migrating services to new setups. Just keep in mind that Front Door, being a CDN, won’t really work well with static IPs.
You can’t bind a static IP to Azure Front Door since it’s designed as a global CDN, relying on CNAMEs for routing based on geographic location. I'm curious why you’re against changing the DNS, though? It might simplify things immensely.
Yeah, that's what I'm trying to figure out too. I get that changing DNS might be inconvenient, but I can’t see the downside of making the switch if it solves the issue.
Yeah, that won't work since Front Door requires a different setup. Looks like we're in a bit of a bind here!