Azure Application Gateway Features

Application Gateway provides Layer 7 (HTTP/S) load balancing, directing traffic to healthy backend servers based on rules and health probes. It supports multiple load balancing algorithms, including round-robin and least connections.

• Distributes HTTP/S traffic across multiple backend servers.
• Health-based backend selection ensures requests are sent only to available servers.

Application Gateway WAF protects your web applications from common web vulnerabilities and exploits, such as SQL injection and cross-site scripting (XSS). It supports managed rule sets (OWASP) and custom rules for granular control.

• Protects against OWASP top 10 vulnerabilities.
• Supports both managed and custom security rules.
• Provides real-time threat detection and blocking.

Application Gateway can decrypt incoming SSL/TLS traffic, so your backend servers don't have to. This offloads the computational overhead of encryption and decryption, simplifying backend server configuration.

• Handles SSL/TLS certificates securely.
• Reduces load on backend servers.
• Supports modern TLS policies for enhanced security.

Also known as sticky sessions, this feature ensures that all requests from a particular client session are directed to the same backend server. This is crucial for applications that store user session state locally on the server.

• Maintains user session consistency.
• Configurable through Application Gateway settings.

Application Gateway can route traffic to different backend pools based on the URL path of the request. This allows you to host multiple applications or services on a single Application Gateway instance.

• Route traffic based on URL paths (e.g., /images/*, /api/*).
• Supports wildcard matching for flexible routing.

Route traffic to different backend pools based on the host name in the incoming request's Host header. This is ideal for hosting multiple domains on a single public IP address.

• Supports single-site and multi-site hosting.
• Route traffic based on domain names (e.g., www.example.com, blog.example.com).

Application Gateway continuously monitors the health of backend servers using configurable health probes. It automatically removes unhealthy servers from rotation and adds them back when they recover.

• Customizable probe intervals, thresholds, and paths.
• Supports various probe types (HTTP, HTTPS, TCP).

When a backend server is being removed from the load balancing pool (e.g., during maintenance), connection draining ensures that ongoing HTTP requests are allowed to complete without interruption, preventing data loss or poor user experience.

• Graceful removal of backend servers.
• Configurable timeouts for draining connections.

Application Gateway supports autoscaling, which automatically adjusts the capacity of the gateway based on traffic demand. This ensures optimal performance and cost efficiency without manual intervention.

• Automatic scaling of instances based on load.
• Two scaling modes: manual and autoscaling.

Configure redirects for specific URL paths or hosts. This is commonly used for redirecting HTTP traffic to HTTPS or redirecting from one URL to another.

• Supports permanent (301) and temporary (302) redirects.
• Can redirect to specific URLs or to a path within the same URL.

Modify incoming request headers and URL paths, or outgoing response headers. This feature is powerful for customizing how requests and responses are handled by the backend.

• Modify headers (e.g., X-Forwarded-For, X-Original-URL).
• Rewrite URL paths for routing or security.

Automatically redirect all HTTP traffic to HTTPS, enforcing secure connections for all users. This is a critical security best practice.

• Enforces secure communication.
• Configured as a redirect rule.

Configure custom error pages for common HTTP error codes (e.g., 403 Forbidden, 404 Not Found, 502 Bad Gateway). This provides a more branded and informative experience for users when errors occur.

• Deliver branded error pages.
• Improve user experience during outages or misconfigurations.

Restrict access to your web applications based on the source IP address or IP address range. This adds an extra layer of security by controlling who can reach your services.

• Define allowed or denied IP address lists.
• Enhance security by limiting access to trusted networks.

Enable request tracing to gain visibility into the flow of requests through Application Gateway and to your backend servers. This is invaluable for debugging and performance analysis.

• Trace requests for debugging.
• Monitor request processing times.

Application Gateway provides detailed backend health information, allowing you to quickly identify and troubleshoot issues with your backend services. This data can be accessed via the Azure portal and APIs.

• Real-time status of backend servers.
• Diagnostic information for health probe failures.