Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Intro

My notes on this service

Documentation

Tips and Tidbits

  • Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.

  • Application Gateway routes traffic to a pool of web servers based on the URL of a request

  • Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.

  • Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers.

  • This type of routing is known as application layer (OSI layer 7) load balancing

Azure provides a suite of fully managed load-balancing solutions for your scenarios.

  • If you are looking to do DNS based global routing and do not have requirements for Transport Layer Security (TLS) protocol termination ("SSL offload"), per-HTTP/HTTPS request or application-layer processing, review Traffic Manager.

  • If you need to optimize global routing of your web traffic and optimize top-tier end-user performance and reliability through quick global failover, see Front Door.

  • To do network layer load balancing, review Load Balancer.

  • Deployment of an Azure Application Gateway requires a dedicated subnet

  • Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities.

    • Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities.

    • SQL injection and cross-site scripting are among the most common attacks.

  • Application Gateway operates as an application delivery controller (ADC).

    • It offers Secure Sockets Layer (SSL) termination, cookie-based session affinity, round- robin load distribution, content-based routing, ability to host multiple websites, and security enhancements.

SSL Termination

Tutorial: Configure an application gateway with TLS termination using the Azure portal

The following image shows how incoming traffic from a client to Application Gateway over SSL is decrypted and then re-encrypted when it's sent to a server in the backend pool.

  • The listener can use an SSL certificate to decrypt the traffic that enters the gateway.

    • The listener then uses a rule that you define to direct the incoming requests to a backend pool.

  • The backend pool has an HTTP setting that references a certificate used to authenticate the backend servers.

    • The gateway re-encrypts the traffic by using this certificate before sending it to one of your servers in the backend pool.

  • If you're using Azure App Service to host the backend application, you don't need to install any certificates in Application Gateway to connect to the backend pool.

    • All communications are automatically encrypted

Application Gateway Routing

  • The gateway routes requests to a selected web server in the back-end pool, using a set of rules configured for the gateway to determine where the request should go.

  • There are two primary methods of routing traffic, path-based routing and multiple site hosting.

  • Path-based routing enables you to send requests with different paths in the URL to a different pool of back-end servers.

  • Multiple site hosting enables you to configure more than one web application on the same application gateway instance. In a multi-site configuration, you register multiple DNS names (CNAMEs) for the IP address of the Application Gateway, specifying the name of each site.

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.