Application Gateway

Application Gateway Reference

This section provides a detailed reference for Azure Application Gateway configurations, including resource types, properties, and common scenarios.

Resource Types and Properties

Application Gateway SKU

Defines the performance, capacity, and features of your Application Gateway.

  • Standard_Small: Entry-level performance, suitable for testing and development.
  • Standard_Medium: Balanced performance for most web applications.
  • Standard_Large: High performance and capacity.
  • WAF_Small: Web Application Firewall (WAF) capabilities with entry-level performance.
  • WAF_Medium: WAF capabilities with balanced performance.
  • WAF_Large: WAF capabilities with high performance.
  • v2: Auto-scaling, zone redundancy, and other advanced features.

Listeners

Define how traffic arrives at your Application Gateway.

  • Frontend IP Configuration: Public or private IP address.
  • Port: The port the listener listens on (e.g., 80 for HTTP, 443 for HTTPS).
  • Protocol: HTTP or HTTPS.
  • SSL Certificate: For HTTPS listeners, specifies the SSL certificate details.
  • Host Name: For multi-site listeners, specifies the host name to match.

Backend Pools

A group of virtual machines or services that receive traffic from the Application Gateway.

  • IP Addresses or FQDNs: Specifies the backend targets.
  • Availability Sets: Can be associated for improved availability.

HTTP Settings

Define how traffic is sent to the backend pool.

  • Protocol: HTTP or HTTPS.
  • Port: Backend port.
  • Cookie-based affinity: Enable sticky sessions.
  • Connection draining: Gracefully remove backend servers.
  • Host name override: Customize the host header sent to the backend.
  • Custom probes: Configure health probes.

Rules

Route incoming traffic to the appropriate backend pool based on conditions.

  • Basic Rule: Routes traffic to a single backend pool.
  • Path-based Rule: Routes traffic based on the URL path.
  • Multi-site Rule: Routes traffic based on host name.

Common Configuration Scenarios

Basic Load Balancing

Distribute traffic across a pool of backend servers.


    Frontend IP -> Listener (Port 80) -> Rule -> Backend Pool -> Backend Servers

SSL Termination and Offloading

Secure traffic with HTTPS at the Application Gateway and send unencrypted HTTP to the backend.

Note: Ensure your SSL certificate is properly configured on the listener. 

    Frontend IP -> Listener (Port 443, SSL Cert) -> Rule -> HTTP Settings (Port 80) -> Backend Pool -> Backend Servers

Path-Based Routing

Direct traffic to different backend pools based on the URL path.


    Frontend IP -> Listener (Port 80)
        -> Rule 1: Path = /images/*  -> Backend Pool Images -> Backend Servers
        -> Rule 2: Path = /api/*    -> Backend Pool API     -> Backend Servers
        -> Default Rule             -> Backend Pool Default -> Backend Servers

Web Application Firewall (WAF)

Protect your web applications from common exploits and vulnerabilities.

  • Managed Rulesets: OWASP Core Rule Set (CRS).
  • Custom Rules: Define your own rules based on request parameters.
  • Detection Mode: Logs suspicious requests without blocking.
  • Prevention Mode: Blocks suspicious requests.
Tip: Regularly update WAF rulesets to stay protected against new threats.

API and CLI Reference

For detailed information on the Application Gateway API and Azure CLI commands, please refer to the official Azure documentation.