Azure Application Gateway Overview
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It provides features like URL-based content routing, cookie-based session affinity, SSL termination, and more.
What is Azure Application Gateway?
Azure Application Gateway is a fully managed web application firewall (WAF) service that helps protect your web applications from common web exploits. It operates at the Layer 7 (HTTP/HTTPS) level and provides a variety of load-balancing functionalities.
Key Features
- Load Balancing: Distributes incoming HTTP/HTTPS traffic across multiple web servers, improving application availability and responsiveness.
- Web Application Firewall (WAF): Protects your web applications from common vulnerabilities like SQL injection, cross-site scripting (XSS), and cross-site forgery (XSF) attacks.
- SSL Termination: Handles the SSL encryption/decryption between clients and the gateway, offloading this task from your web servers.
- Cookie-Based Session Affinity: Ensures that requests from a particular client are consistently sent to the same backend server, essential for applications that maintain session state.
- URL-Based Content Routing: Routes traffic to specific backend pools based on the requested URL path.
- Multiple Site Hosting: Allows you to host multiple web applications on the same Application Gateway instance.
- Health Probes: Monitors the health of backend servers and only routes traffic to healthy instances.
How it Works
When a client request arrives at Application Gateway, it performs several actions:
- Listens for Requests: Application Gateway listens for incoming traffic on a public or private IP address.
- Applies WAF Rules: If WAF is enabled, it inspects the request for malicious patterns.
- Routes Based on Rules: Based on configured listeners, rules, and backend health, it determines which backend server should receive the request.
- Performs SSL Termination: If SSL is configured, it decrypts the request before forwarding it to the backend.
- Forwards to Backend: The request is sent to a healthy backend server in the appropriate backend pool.
- Receives Response: The backend server processes the request and sends a response back to Application Gateway.
- Sends Response to Client: Application Gateway may re-encrypt the response if SSL is configured for the backend, and then sends it back to the client.
Common Use Cases
- Protecting web applications from common web attacks.
- Distributing traffic across a farm of web servers.
- Enabling SSL termination to reduce the load on web servers.
- Implementing sophisticated routing rules for microservices or multi-tenant applications.
Note:
Application Gateway is an OSI layer 7 load balancer, meaning it understands HTTP and HTTPS traffic. For layer 4 load balancing, consider Azure Load Balancer.