Application Gateway

Overview

An Azure Application Gateway is a regional web traffic load balancer that enables you to manage traffic to your web applications. It provides various layer 7 load balancing capabilities for your applications, including SSL termination, cookie-based session affinity, URL-based routing, and multi-site routing. Here are the key features and benefits of Azure Application Gateway:
Layer 7 Load Balancing: Application Gateway operates at the application layer (layer 7) of the OSI model, allowing you to route traffic based on URL paths or hostnames.
SSL Termination: Application Gateway can terminate SSL connections, offloading the SSL decryption/encryption process from your web servers.
Cookie-Based Session Affinity: Application Gateway supports cookie-based session affinity, ensuring that client requests are directed to the same backend server for the duration of a session.
URL-Based Routing: You can configure Application Gateway to route traffic based on URL paths, enabling you to direct requests to different backend pools based on the URL.
Multi-Site Routing: Application Gateway supports routing traffic to multiple websites hosted on the same set of backend servers, allowing you to host multiple sites on a single set of servers.
Web Application Firewall (WAF): Application Gateway includes a Web Application Firewall (WAF) that provides protection against common web vulnerabilities and attacks, such as SQL injection and cross-site scripting.

Web Application Load Balancing: Application Gateway is commonly used to distribute traffic across multiple web servers hosting web applications.
SSL Offloading: By terminating SSL connections at the gateway, Application Gateway can reduce the load on backend servers and improve performance.
Session Affinity: Cookie-based session affinity ensures that client requests are consistently directed to the same backend server, maintaining session state.
URL-Based Routing: Application Gateway can route traffic based on URL paths, enabling you to direct requests to specific backend pools based on the U.

Frontend IP Configuration: Defines the public IP address and port used to access the Application Gateway.
Backend Target:
- Backend Pool: Contains the backend servers that receive the traffic from the Application Gateway. Consists of Azure VMs, VMSS’ Azure Web Apps, or one-premises servers.
- Redirection: Redirects traffic to a external site or a listener.
  - An external site refers to an endpoint outside of the application gateway. -
HTTP Settings: Define how the Application Gateway communicates with the backend servers, including port, protocol, and cookie settings.
HTTP Listener: Listens for incoming HTTP/HTTPS traffic and routes it to the appropriate backend pool based on the URL path or hostname.
URL Path-Based Routing Rules: Define rules that route traffic to different backend pools based on the URL path.

Application Gateway must be deployed into an empty subnet within a virtual network.
You can create an Application Gateway using the Azure portal, Azure PowerShell, Azure CLI, or ARM templates.

Standard: Offers additional features such as autoscaling, SSL offloading
- The standard tier offers 3 size options: Small, Medium, and Large
WAF: Provides protection against common web vulnerabilities and attacks.
- The WAF tier offers 2 size options: Medium and Large

The Web Application Firewall (WAF) feature of Application Gateway provides centralized protection for your web applications from common web-based attacks.
WAF uses OWASP (Open Web Application Security Project) rules to protect against threats such as SQL injection, cross-site scripting, and remote file inclusion.
You can customize WAF rules to meet the specific security requirements of your web applications.
WAF logs provide detailed information about web application attacks and security events, helping you monitor and respond to potential threats.
There are two tiers of WAF available: WAF v1 and WAF v2. WAF v2 offers enhanced security features and performance improvements over WAF v1.