Your secure, scalable, and highly available web application delivery controller.
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It supports features like SSL termination, cookie-based session affinity, round-robin load balancing, name-based virtual hosting, and rewrite HTTP headers. Application Gateway is a Layer 7 load balancer, meaning it can make routing decisions based on attributes of the HTTP request, such as the URL path or host headers.
It provides advanced routing capabilities to direct client traffic to specific backend pools based on request attributes like the URL path or host name. This allows for efficient management of microservices architectures and multi-tenant applications.
Protects your web applications from common web exploits and vulnerabilities such as SQL injection, cross-site scripting, and more.
Offloads SSL decryption from your web servers. This allows you to decrypt and encrypt traffic at the gateway, reducing the load on your backend servers.
Directs requests from the same user to the same backend server, ensuring consistency in applications that rely on session state.
Routes requests to different backend pools based on the URL path. For example, requests to `/images/*` could go to one pool, while requests to `/api/*` go to another.
Routes requests to different backend pools based on the host name in the request header. This is useful for hosting multiple domains on the same IP address.
Monitors the health of backend servers and automatically removes unhealthy servers from the rotation, ensuring high availability.
Automatically scales to meet demand, handling fluctuations in traffic without manual intervention.
Provides redundancy and automatic failover to ensure continuous service availability.
Application Gateway operates at Layer 7 (the application layer) of the OSI model. When a client request arrives, the gateway inspects the HTTP request. Based on configured rules, it determines which backend server or pool should receive the request.
The process typically involves:
When SSL termination is enabled, the gateway decrypts the HTTPS traffic and then forwards the decrypted HTTP traffic to the backend servers. This simplifies the configuration of your backend servers as they don't need to manage SSL certificates directly.
To get started, you can deploy an Application Gateway instance through the Azure portal, Azure CLI, or ARM templates.
For detailed steps and configuration options, refer to the official Azure Application Gateway Quickstarts.
Application Gateway offers an integrated Web Application Firewall (WAF) that provides enhanced security against OWASP Top 10 vulnerabilities. You can configure WAF policies to detect and block malicious traffic based on predefined or custom rules.
For global load balancing and disaster recovery scenarios, Application Gateway can be integrated with Azure Traffic Manager to direct users to the closest or most available Application Gateway instance.
Beyond basic TCP or HTTP probes, you can define custom health probes with specific paths, expected status codes, and headers to accurately assess the health of your backend applications.
Application Gateway allows you to rewrite HTTP headers and URL paths, which can be useful for various application scenarios, such as removing sensitive information from headers or normalizing URLs.