是否通过Azure主干网络从Azure应用程序网关到Azure Web App(应用程序服务)后端池的流量?
[英]Is traffic from Azure Application Gateway to Azure Web App (App Service) backend pools over the Azure backbone network?
问题描述
I have configured an Application Gateway in front of multiple Azure Web App backend pools as per this article . 
我曾在多个Azure的Web应用程序后端池按本的前面配置的应用网关文章 。
In addition to providing a WAF, I use the Application Gateway to offload the SSL connection to the backend pools. 除了提供WAF之外,我还使用应用程序网关将SSL连接卸载到后端池。 I have configured the backend pools to use the FQDN of the App Service instances as they're not currently deployed into a VNET. 我已将后端池配置为使用App Service实例的FQDN,因为它们当前尚未部署到VNET中。
Based on the following scenario: 基于以下情况:
Request to custom.com:443 ---> Application Gateway ---> custom.azurewebsites.net:80 请求到custom.com:443 --->应用程序网关---> custom.azurewebsites.net:80
My concern is that the connection from the Application Gateway to the Web App is unencrypted over port 80 and I haven't found anywhere that describes this connectivity as happening over the Azure backbone network. 我担心的是,从应用程序网关到Web应用程序的连接在端口80上未加密,并且在任何地方都找不到描述这种连接发生在Azure主干网络上的信息。 Is there any risk that this traffic could be sniffed and compromised? 是否存在任何可能会嗅探和破坏流量的风险?
1 个解决方案
解决方案1
0 已采纳 2018-07-23 13:35:37
Spoke to Microsoft support who said the traffic from my Application Gateway to my Web App will stay on the Microsoft backbone. 谈到Microsoft支持人员,他说从我的应用程序网关到Web应用程序的流量将保留在Microsoft主干网中。
He also pointed me to the following knowledge article ; 他还指出了以下知识文章 ; which states: 指出:
If the destination address is for one of Azure's services, Azure routes the traffic directly to the service over Azure's backbone network, rather than routing the traffic to the Internet.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.