Azure Application Gateway Documentation

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It provides features like Web Application Firewall (WAF), SSL termination, cookie-based session affinity, and URL-based content routing.

Note: This documentation covers the latest version of Azure Application Gateway. Refer to specific version documentation if needed.

Key Features

  • Layer 7 Load Balancing: Distributes traffic based on HTTP/HTTPS requests.
  • Web Application Firewall (WAF): Protects your web applications from common web vulnerabilities.
  • SSL Termination: Offloads SSL decryption from your backend servers.
  • Cookie-Based Session Affinity: Ensures a user's requests are directed to the same backend server.
  • URL Path-Based Routing: Routes requests to different backend pools based on the URL path.
  • Redirection: Supports HTTP to HTTPS redirection and custom redirects.
  • Health Probes: Monitors the health of backend instances and routes traffic only to healthy ones.

Getting Started

Follow these steps to get started with Azure Application Gateway:

  1. Create an Application Gateway instance.
  2. Configure listeners, rules, and backend pools.
  3. Set up health probes.
  4. Enable Web Application Firewall (WAF) (optional).

Creating an Application Gateway

You can create an Application Gateway using the Azure portal, Azure CLI, or PowerShell.

Azure Portal Steps:

  1. In the Azure portal, search for "Application Gateway" and select it.
  2. Click "Create Application Gateway".
  3. Fill in the required details: Subscription, Resource group, Gateway name, Region, SKU, Instance count, and Gateway scale.
  4. Configure frontend IP address, backend pools, HTTP settings, and listeners.
  5. Review and create the gateway.

Refer to the official quickstart guide for detailed steps.

Configuring Listeners, Rules, and Backend Pools

Listeners: Define how the Application Gateway listens for incoming traffic (e.g., port, protocol, certificate).

Rules: Determine how requests are routed based on listener and path-based rules.

Backend Pools: Specify the group of backend servers that will receive the traffic.

Health Probes

Configuring health probes is crucial for ensuring high availability. Application Gateway periodically probes your backend servers to detect failures. You can configure:

  • Probe Protocol: HTTP, HTTPS, or TCP.
  • Host and Path: The host and path to probe.
  • Interval, Timeout, and Retries: Parameters for probe checks.
Important: Ensure your health probe path is accessible and returns a success status code (e.g., 200 OK) when the backend is healthy.

Web Application Firewall (WAF)

Azure Application Gateway WAF provides centralized protection of your web applications from exploits and vulnerabilities. It is based on the OWASP core rule sets.

You can configure WAF in two modes:

  • Detection mode: Logs malicious requests but does not block them.
  • Prevention mode: Blocks malicious requests.

WAF Policies: Define custom rules, managed rule sets, and exclusion lists.

Common Scenarios

SSL Offload

By terminating SSL at the Application Gateway, you can reduce the processing load on your backend servers and manage your SSL certificates in a centralized location.

URL Path-Based Routing

Route incoming requests to different backend pools based on the URL. For example:

  • Requests to /images/* go to an image serving backend pool.
  • Requests to /api/* go to an API backend pool.

Multi-Site Hosting

Application Gateway can host multiple web applications on the same gateway instance. Each application can have its own listener and backend pool, allowing you to serve different domains from a single Application Gateway.

Pricing

Azure Application Gateway pricing is based on the SKU, instance count, and data processed. Refer to the official pricing page for details.

References