Application Gateway Features

Azure Application Gateway is a scalable, elastic, and fully programmable web application firewall (WAF) as a service. It enables you to manage traffic to your web applications. It supports many features to meet your application's load-balancing needs.

Key Features

• Load Balancing

  Distributes incoming traffic across multiple backend servers, ensuring high availability and responsiveness. Supports HTTP, HTTPS, and WebSocket traffic.

  • Layer 7 load balancing
  • Cookie-based session affinity
  • Round-robin, least connections, and custom load balancing methods

• SSL/TLS Termination

  Handles the encryption and decryption of SSL/TLS connections, offloading this computationally intensive task from your backend servers. This simplifies certificate management and improves performance.

  • End-to-end SSL/TLS encryption
  • Centralized certificate management
  • Support for TLS versions 1.0, 1.1, 1.2, and 1.3

• Web Application Firewall (WAF)

  Protects your web applications from common web vulnerabilities and exploits such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 threats.

  • Managed rule sets (OWASP 3.2, 3.1, 3.0)
  • Custom rule support
  • Detection and blocking modes
  • WAF reports and logs

• URL-based Content Routing

  Routes requests to specific backend pools based on the URL path of the request. This is useful for microservices architectures or when different parts of your application are hosted on different sets of servers.

  • Content-based routing rules
  • Path-based routing
  • Host-based routing

• Redirection

  Configures HTTP to HTTPS redirection, or redirects traffic to a different URL. Essential for enforcing secure connections and managing user journeys.

  • Global redirection rules
  • Path-specific redirection
  • Custom redirection codes

• Health Probes

  Continuously monitors the health of backend servers to ensure that traffic is only sent to healthy instances. If a server becomes unhealthy, Application Gateway automatically stops sending traffic to it.

  • Configurable probe intervals and thresholds
  • Support for various protocols (HTTP, HTTPS, TCP)
  • Custom probe paths and expected status codes

• Connection Draining

  Gracefully removes backend servers from service during maintenance or updates by allowing existing connections to complete before the server is taken offline.

• Autoscaling

  Automatically scales the Application Gateway capacity up or down based on traffic load, ensuring optimal performance and cost-efficiency.

  • Manual scaling
  • Autoscaling based on CPU utilization

• Private Link Support

  Enables secure access to Application Gateway over Azure Private Link, allowing you to keep traffic on your virtual network and avoid exposing it to the public internet.

• HTTP/2 and gRPC Support

  Improves performance by supporting HTTP/2 and gRPC protocols, enabling multiplexing, header compression, and server push.

Advanced Configurations

Application Gateway offers advanced features for more complex scenarios:

• Global Load Balancing: Integrate with Azure Traffic Manager for multi-region load balancing.
• Integration with App Service: Seamlessly integrate with Azure App Service deployments.
• Custom Error Pages: Configure custom error pages for specific HTTP error codes.

Code Example: Basic Configuration

Here's a simplified example of a JSON configuration for an Application Gateway (this is illustrative and not a complete deployable ARM template):

{
  "type": "Microsoft.Network/applicationGateways",
  "apiVersion": "2023-06-01",
  "name": "myAppGateway",
  "location": "eastus",
  "properties": {
    "sku": {
      "name": "Standard_v2",
      "tier": "Standard_v2"
    },
    "gatewayIPConfigurations": [
      {
        "name": "appGatewayIpConfig",
        "properties": {
          "subnet": {
            "id": "/subscriptions/YOUR_SUB_ID/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVnet/subnets/myAppGatewaySubnet"
          }
        }
      }
    ],
    "frontendPorts": [
      {
        "name": "httpPort",
        "properties": { "port": 80 }
      },
      {
        "name": "httpsPort",
        "properties": { "port": 443 }
      }
    ],
    "backendAddressPools": [
      {
        "name": "appBackendPool",
        "properties": {
          "backendAddresses": [
            { "ipAddress": "10.0.0.4" },
            { "ipAddress": "10.0.0.5" }
          ]
        }
      }
    ],
    "httpListeners": [
      {
        "name": "appGatewayHttpListener",
        "properties": {
          "frontendPort": { "id": "[resourceId('Microsoft.Network/applicationGateways/frontendPorts', parameters('applicationGatewayName'), 'httpPort')]" },
          "frontendIPConfiguration": { "id": "[resourceId('Microsoft.Network/applicationGateways/gatewayIPConfigurations', parameters('applicationGatewayName'), 'appGatewayIpConfig')]" },
          "protocol": "Http"
        }
      }
    ],
    "requestRoutingRules": [
      {
        "name": "rule1",
        "properties": {
          "priority": 100,
          "ruleType": "Basic",
          "httpListener": { "id": "[resourceId('Microsoft.Network/applicationGateways/httpListeners', parameters('applicationGatewayName'), 'appGatewayHttpListener')]" },
          "backendAddressPool": { "id": "[resourceId('Microsoft.Network/applicationGateways/backendAddressPools', parameters('applicationGatewayName'), 'appBackendPool')]" },
          "backendHttpSettings": { "id": "[resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', parameters('applicationGatewayName'), 'appSettings')]" }
        }
      }
    ],
    "backendHttpSettingsCollection": [
      {
        "name": "appSettings",
        "properties": {
          "port": 80,
          "protocol": "Http",
          "cookieBasedAffinity": "Disabled",
          "pickHostNameFromBackendAddress": false
        }
      }
    ]
  }
}