Add an Azure Application Registry to an existing Web App with custom domain

Question

I have my Web App with an application in .NET. The Web App is up and running. In the configuration of the Web App, I set the custom domain and upload the certificate for the SSL.

The Web App is working as I expected.

Now, I like to protect more the Web App in particular for applying OWASP recommendation. So, I created a new Application Gateway. In the Configuration I selected WAF v2, Web application firewall as in the following screenshot

In the Backend polls, I selected the existing Web app.

Now, I was looking for the Custom domain but there is no option for it.

Answer 1

I would remove Application Gateway and instead use Azure Front Door (AFD) in front of App Service. Then restrict access to AppService traffic to only come from Front Door.

This brings you a couple of benefits:

• You don't need to worry about scaling up or down, which can be hassle with AppGW. AFD is totally per-per-use.
• WAF integrates nicely with AFD
• AFD has built-in managed SSL certificates for free. You don't need to worry about renewals etc. You would just connect your custom domain to Front Door instead of AppService
• If you don't want to use the Microsoft-managed certificate, you can of course also bring your own
• Being a global service (i.e. not bound to any single Azure region), it sets you up for global failover / distribution if you want to add this later
• You can restrict access to your AppService to only come from your AFD instance
• With the upcoming Front Door Premium, you could even hide your AppService behind private endpoints if Access Restrictions are not good enough for your