Feaature Request: Support for Config Backend Host Type in backendpool to support "Public IP Address"

[jyotsnaravikumar]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Created FrontDoor Terraform Template using following docs. https://www.terraform.io/docs/providers/azurerm/r/frontdoor.html#backend

Upon verifying in the Azure Portal the front door endpoint throws error:

Our services aren't available right now We're working to restore all services as soon as possible. Please check back soon.

0dnF/XwAAAADAUe3R0JtMRr+7VE2XoPJrU0pDRURHRTA1MTMARWRnZQ==

Upon debugging it is observed that the backend in the backend pool is created with host type as "custom host". There is no config to change it to "Public IP Address" in the following configs:

 backend_pool {
    name = "rocketVotingBackend"
    backend {
      host_header = "40.125.62.206"
      address     = "40.125.62.206"
      http_port   = 80
      https_port  = 443
    }

# Configure the Azure Provider
provider "azurerm" {
  # whilst the `version` attribute is optional, we recommend pinning to a given version of the Provider
  version = ">= 2.26"
  features {}
}

# Create Azure Resource Group
resource "azurerm_resource_group" "rg" {
  name     = var.rg_name
  location = var.rg_location
}

resource "azurerm_frontdoor_firewall_policy" "rocketwafpolicy" {
  name                              = "rocketwafpolicy"
  resource_group_name               = azurerm_resource_group.rg.name
  enabled                           = true
  mode                              = "Prevention"
  custom_block_response_status_code = 403
  custom_block_response_body        = "YmxvY2tlZCBieSBmcm9udGRvb3I="

  custom_rule {
    name                           = "allowip"
    enabled                        = true
    priority                       = 1
    rate_limit_duration_in_minutes = 1
    rate_limit_threshold           = 10
    type                           = "MatchRule"
    action                         = "Block"

    match_condition {
      match_variable     = "RemoteAddr"
      operator           = "IPMatch"
      negation_condition = true
      match_values       = ["XX.XX.XX.XX", "XX.XX.XX.XX" ]
    }
  }

  managed_rule {
    type    = "DefaultRuleSet"
    version = "1.0"
  }

  managed_rule {
    type    = "Microsoft_BotManagerRuleSet"
    version = "1.0"
  }
}

resource "azurerm_frontdoor" "rocketfd" {
  name                                         = "rocketfd"
  resource_group_name                          = azurerm_resource_group.rg.name
  enforce_backend_pools_certificate_name_check = false

  routing_rule {
    name               = "rocketRoutingRule"
    accepted_protocols = ["Http"]
    patterns_to_match  = ["/*"]
    frontend_endpoints = ["rocketfd"]
    forwarding_configuration {
      forwarding_protocol = "HttpOnly"
      backend_pool_name   = "rocketVotingBackend"
      cache_enabled = true
      cache_query_parameter_strip_directive = "StripNone"
      cache_use_dynamic_compression         = true  
    }

  }

  backend_pool_load_balancing {
    name = "rocketLoadBalancingSettings"

  }

  backend_pool_health_probe {
    name = "rocketHealthProbeSetting"
    protocol              = "Http"
  }

  backend_pool {
    name = "rocketVotingBackend"
    backend {
      host_header = "40.125.62.206"
      address     = "40.125.62.206"
      http_port   = 80
      https_port  = 443
    }

    load_balancing_name = "rocketLoadBalancingSettings"
    health_probe_name   = "rocketHealthProbeSetting"
  }

  frontend_endpoint {
    name                              = "rocketfd"
    host_name                         = "rocketfd.azurefd.net"
    session_affinity_enabled          = false 
    session_affinity_ttl_seconds      = 0     
    custom_https_provisioning_enabled = false
    web_application_firewall_policy_link_id = azurerm_frontdoor_firewall_policy.rocketwafpolicy.id
  }
}

References

https://www.terraform.io/docs/providers/azurerm/r/frontdoor.html#backend https://github.com/aztfmod/terraform-azurerm-caf-frontdoor/blob/v1.0.1702/examples/front-door-plus-WAF/front-door-waf.tfvars

• 0000

[rishiverma05]

Hi Team, Any update on this upgrade/enhancement to support Backend Host Type?