HTTP 404 When "AUTHORITY" and "REQUESTED_SERVER_NAME" are different

Hi there,

I have a use case where a request is sent by Azure App Gateway (APW) to Istio.

Problem Statement:
The flow of the request is like below
User :arrow_right: AGW ( [overriding the backend hostname] :arrow_right: Istio (

This is what is I see in “istio-ingressgateway” pod’s log

[2021-06-16T18:24:10.794Z] "GET /online/api/health HTTP/1.1" 404 NR "-" 0 0 0 - "" "-" "c5571349-6ea1-4745-8a9f-13a542c42b25" "" "-" - - -

It looks like the handshake happens on host SNI “” and Authority is being passed as “”. This might confuse Istio in the selection of Virtual Services hence 404 NR


  1. Gateway is configured to handle both hosts and
  2. Virtual Service is configured to handle both hosts and

When a request is sent directly to

  1. - Works
  2. - Works
  3. AGW ( :arrow_right: Istio ( - works

When “AUTHORITY” and “REQUESTED_SERVER_NAME” are same Istio responds with HTTP 200 else HTTP 404

Is there any way to modify “REQUESTED_SERVER_NAME” before the request is processed by Istio? or is there any solution to make this setup work