Az104 — Application Gateway
· Application Gateway manages the requests that client applications can send to a web app.
· Application Gateway routes traffic to a pool of web servers based on the URL of a request.
· This is known as application layer routing
· Clients send requests to your web apps to the IP address or DNS name of the gateway.
· The gateway routes requests to a selected web server in the back-end pool, using a set of rules configured for the gateway to determine where the request should go.
· There are two primary methods of routing traffic, path-based routing and multiple site hosting.
· Path-based routing enables you to send requests with different paths in the URL to a different pool of back-end servers.
· For example, you could direct requests with the path /video/*
to a back-end pool containing servers that are optimized to handle video streaming, and direct /images/*
requests to a pool of servers that handle image retrieval.
· Multiple site hosting enables you to configure more than one web application on the same application gateway instance.
· In a multi-site configuration, you register multiple DNS names (CNAMEs) for the IP address of the Application Gateway, specifying the name of each site.
· Client requests are received through a front-end IP address.
· You can configure Application Gateway to have a public IP address, a private IP address, or both.
· Application Gateway can’t have more than one public and one private IP address.
· Application Gateway uses one or more listeners to receive incoming requests.
· A listener accepts traffic arriving on a specified combination of protocol, port, host, and IP address.
· A routing rule also has an associated set of HTTP settings.
· These settings indicate whether (and how) traffic is encrypted between Application Gateway and the back-end servers, and other configuration information such as:
- Protocol (HTTP or HTTPS).
- Session stickiness, to pass all requests in a client session to the same web server rather than distributing them across servers with load balancing.
- Connection draining, to enable the graceful removal of servers from a back-end pool.
- Request timeout period, in seconds.
- Health probes, specifying a probe URL, time out periods, and other parameters used to determine whether a server in the back-end pool is available.
· The Web Application Firewall (WAF) is an optional component that handles incoming requests before they reach a listener.
· The web application firewall checks each request for many common threats, based on the Open Web Application Security Project (OWASP).
· These include:
- SQL-injection
- Cross-site scripting
- Command injection
- HTTP request smuggling
- HTTP response splitting
- Remote file inclusion
- Bots, crawlers, and scanners
- HTTP protocol violations and anomalies
· Application Gateway requires a virtual network in which to operate.
· You must create this virtual network and a dedicated subnet before setting up Application Gateway.
· You can create an Application Gateway on the Standard tier or the WAF tier.
· You also have a choice of three sizes with varying performance, pricing, and scalability: Small, Medium, and Large.