Azure Application Gateway Rules

Azure Application Gateway uses rules to control how network traffic is routed to your backend applications. These rules are fundamental to configuring the gateway to meet your specific routing requirements.

Listener Rules

Listeners are the front-end endpoints of your Application Gateway. A listener defines a port, protocol (HTTP or HTTPS), and an IP address. Rules are associated with listeners to process incoming traffic.

Port: The port on which the gateway listens for traffic (e.g., 80 for HTTP, 443 for HTTPS).
Protocol: HTTP or HTTPS.
IP Address: The public or private IP address assigned to the gateway.
SSL Certificate: Required for HTTPS listeners to decrypt traffic.

Request Routing Rules

Request routing rules connect a listener to backend targets. When a listener receives a request, the associated rule determines where that request should be forwarded.

A basic routing rule has the following components:

Name: A unique identifier for the rule.
Listener: The listener to which this rule applies.
Backend Target: This can be a backend HTTP settings, a backend pool, or a specific instance within a pool.
HTTP Settings: These define the protocol (e.g., HTTP, HTTPS, custom port) and other settings for communicating with the backend.

Path-Based Routing

Path-based routing allows you to route requests to different backend pools based on the URL path of the request. This is useful for microservices architectures where different services handle different URL paths.

When configuring path-based routing, you define URL path maps. Each map contains:

Default Backend: The backend pool to use if no specific path matches.
URL Path Maps: A set of rules that match specific URL paths to backend targets and their associated HTTP settings.

Example path map configuration:


Listener: MyHttpListener
Backend Targets:
  - Path: /api/*
    Backend Pool: ApiServicePool
    HTTP Settings: ApiHttpSettings
  - Path: /images/*
    Backend Pool: ImageServicePool
    HTTP Settings: ImageHttpSettings
  - Default Path:
    Backend Pool: DefaultWebAppPool
    HTTP Settings: DefaultHttpSettings

Host-Based Routing

Host-based routing enables you to route traffic to different backend pools based on the hostname in the request's `Host` header. This is commonly used to host multiple websites or applications on a single Application Gateway instance using a single public IP address.

To implement host-based routing:

Create multiple listeners, each configured for a different hostname (e.g., app1.example.com, app2.example.com).
Associate each listener with a request routing rule that directs traffic to the appropriate backend pool for that hostname.

Rule Precedence

When using path-based routing with multiple rules that might match a given URL, Application Gateway processes rules in a specific order to determine the effective rule.

Rules are evaluated based on the length of the matched path. Shorter paths are evaluated first.
If paths have the same length, the rule that was created first is prioritized.
For path-based routing, the wildcard paths (e.g., /api/*) are evaluated after exact path matches.

Tip: Carefully plan your routing rules to avoid conflicts and ensure traffic is directed as intended. Use descriptive names for your rules and backend targets for better manageability.

Creating and Managing Rules

You can create and manage Application Gateway rules using the Azure portal, Azure CLI, Azure PowerShell, or ARM templates.

Azure Portal: Navigate to your Application Gateway resource, then select "Rules" under "Settings" in the left-hand menu.

Azure CLI Example:


az network application-gateway rule create \
  --resource-group myResourceGroup \
  --gateway-name myAppGateway \
  --name myHttpRule \
  --listener myHttpListener \
  --http-settings myBackendHttpSettings \
  --backend-pool myBackendPool