Azure Application Gateway FAQ

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It offers features like SSL termination, cookie-based session affinity, URL-based content routing, and more.

Key features include:

• Web Application Firewall (WAF)
• SSL/TLS termination
• Cookie-based session affinity
• URL path-based routing
• Host-based routing
• Rewrite HTTP headers
• Redirection
• Health probes
• Autoscaling
• Connection draining

Application Gateway can terminate SSL/TLS connections at the gateway. This means that the traffic between the client and the Application Gateway is encrypted, but the traffic between the Application Gateway and the backend servers can be unencrypted. This offloads the SSL/TLS processing from your backend servers.

You configure this by uploading your SSL certificate to the Application Gateway and associating it with a listener.

Azure Load Balancer operates at Layer 4 (TCP/UDP) and is designed for high-performance, low-latency traffic distribution. It distributes network traffic based on IP addresses and ports.

Azure Application Gateway operates at Layer 7 (HTTP/HTTPS) and provides more advanced routing capabilities suitable for web applications. It can make routing decisions based on URL paths, host names, and HTTP headers, and includes features like WAF and SSL termination.

Yes, Application Gateway supports URL path-based routing. This allows you to route incoming requests to different backend pools based on the URL path in the request. For example, requests to /images/* could be routed to one backend pool, while requests to /api/* could be routed to another.

The Web Application Firewall (WAF) for Application Gateway provides centralized protection for your web applications from common exploits and vulnerabilities. It helps protect your web applications from threats such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities.

WAF can be configured in prevention mode (blocking malicious traffic) or detection mode (logging malicious traffic).

Application Gateway continuously monitors the health of your backend servers using health probes. If a backend server fails to respond to a probe within a configured timeout period, Application Gateway marks it as unhealthy and stops sending traffic to it. Once the server becomes responsive again, Application Gateway will resume sending traffic to it.

You can configure various parameters for health probes, including the protocol, host, path, and retry intervals.

Yes, Application Gateway supports autoscaling. You can configure it to automatically scale the number of instances based on traffic load, ensuring high availability and performance without manual intervention.

Autoscaling can be configured based on metrics like CPU utilization or HTTP request count.

To achieve high availability, deploy your Application Gateway in two or more Availability Zones within a region. Each Availability Zone has its own independent power, cooling, and networking. The Application Gateway instances are deployed across these zones, ensuring that if one zone experiences an outage, traffic can still be served by instances in other zones.

Application Gateway pricing is based on the SKU chosen (e.g., Standard_v2, WAF_v2) and the number of instances running, along with data transfer. There are also charges for features like WAF, autoscaling, and managed certificates.

You can find detailed pricing information on the Azure Application Gateway pricing page.