Azure Application Proxy external URL redirects to internal

applicationazurePROXY

The company I support wants to investigate Azure Application Proxy as a way to present internal web apps to users outside of the corporate network without any further networking changes/setup (i.e., exactly what AAP is designed for).

A developer set up a simple internal website for a Proof of Concept, internal URL http://test, and I've got a connector installed and reporting as "running".

The problem is when I either go to the external URL (as copied from the application overview page in the Azure App Proxy portal), or click on the icon on myapps.microsoft.com, the browser thinks for a second or so and then the address bar changes to the internal URL, and of course it fails with a DNS error.

Troubleshooting steps attempted so far:

  • Checked windows event logs for the server running the connector, nothing in there except some Informational events reporting that connections have been established
  • Ran MS Network Message Analyser on the connector server looking for failures, but it shows successful CONNECTs (HTTP code 200) to login.microsoft.com
  • Ran Fiddler4 on my machine (making the call to the web app), and it just shows:
    • HTTP 200 (OK) to login.microsoft.com
    • HTTP 302 (Found) to the external URL, twice
    • HTTP 407 (Proxy Auth Required) to the internal URL, twice (but it's my own company's proxy reporting that, not the client's infrastructure).
    • HTTP 502 (Host not found) to the internal URL
  • Searching online for anyone else having the same problem, but the search terms – azure, application, proxy, internal, external, redirects – all bring up the docs.microsoft.com pages saying how set up AAP.

I did wonder about my company's proxy in the logs, so I tried it on my mobile phone while on 4G (not on WiFi), and got the same issue: external URL changes to internal URL and fails.

My understanding is this setup is exactly how AAP works,so a bit stuck and looking for pointers for what I can try next.

Update: URL translation was set to the default Headers = Yes & Body = No. So I tried both set to No. The external URL now gives me (but with no refreshing to the internal URL):

Http Status Code: 403
Reason: Unable to process request, directory browsing is not allowed

Setting Body = Yes gives the same 403 result. Setting both to Yes gives me my original issue.

Best Answer

You can turn off URL translation in the app proxy settings of the AAD application.

enter image description here

Related Topic