Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications based on the OSI layer 7. In Azure, there is another load balancer that operates on Layer 4 (TCP/UDP). With the Application Gateway, traffic can be distributed based on HTTP and HTTPS. It can be configured as public-facing, internal, or a combination of both, and can only assign a static IP address to the application gateway. A separate, empty subnet is required to install the application gateway components.
Application Gateway Components
This Application Gateway consists of five main components essential for its functioning.
- Front-end IP addresses = For Public access
- Back end pools = To traffic redirection
- Listeners = listener helps to define the protocol, port, FQDM, and source IP address that is allowed to communicate with the back-end pool
- Routing rules = Routing rule defines how traffic received by the application gateway should be route to backend pool.
- HTTP settings = HTTP settings define the back-end servers’ port number, protocol, encryption settings, and other details.
- Health probes = Monitoring the health of back-end pool instances is a critical function. This help to get idea to which backend pool is healthy and usable for request routings.
Scenario
In this setup, I have configured three backend pools as shown in the diagram below.
Traffic Routing Logic:
- Video Traffic: If the URL contains the keyword “Videos,” the traffic is routed to the Video Backend Pool.
- Software Traffic: If the URL contains the keyword “Software,” the traffic is routed to the Software Backend Pool.
- Default Traffic: If the URL does not contain either “Videos” or “Software,” the traffic is routed to the Default Backend Pool.
This approach ensures that traffic is efficiently directed based on the URL’s content, optimizing resource usage and improving user experience.
1. Create 3 Web App’s for Demo
I Created 3 web apps for host default, Video and Software website.
2. Create Virtual Network
Note : We can create a virtual network while setting up an application gateway.3. Create Application Gateway
Now Testing
If the URL contains the keyword “Videos”
If the URL contains the keyword “Software”
If the URL does not contain either “Videos” or “Software”
Application Gateway have 2 type of routings.
1. Path Base Routing
2. Multiple-site routing
Note : In this demo, we demonstrated how to configured path-based routing.WAF (Web application Firewall)
In this Application Gateway we can simply shift to the WAF mode. Using this WAF feature we can get extra Security features to our web applications Based on the Open Web Application Security Project (OWASP).
Ex : SQL-injection, Cross-site scripting, Command injection, HTTP request smuggling, HTTP response splitting, Remote file inclusion, Bots, crawlers, and scanners, and HTTP protocol violations and anomalies.
Changing to WAF
