Azure Application Gateway routing determines how incoming traffic is directed to backend resources based on specific criteria.
The routing can be configured using different methods such as URL Path-Based Routing, Host-Based Routing, and Basic Routing.
You can also configure Traffic Routing based on health probes and more advanced capabilities like Web Application Firewall (WAF).
Here’s a breakdown of how to configure routing in Azure Application Gateway.
Basic Routing
Basic routing directs traffic from a listener to a single backend pool without any advanced conditions.
This type of routing is typically used when there is no need to inspect or make decisions based on the URL path or hostname.
How Basic Routing Works
All traffic that matches the listener's IP address and port is routed to a single backend pool.
This is useful for scenarios where all the traffic should go to a common set of backend servers.
Example (Using Azure CLI)
xxxxxxxxxx71az network application-gateway url-path-map rule add \2--gateway-name MyAppGateway \3--resource-group MyResourceGroup \4--url-path-map-name MyPathMap \5--rule-name MyBasicRule \6--address-pool MyBackendPool \7--http-settings MyHttpSettingsPath-Based Routing
Path-based routing enables routing traffic based on the URL path.
This means that traffic can be directed to different backend pools depending on the URL specified in the request.
How Path-Based Routing Works
You can define rules that match specific URL paths and route traffic accordingly.
For example, all requests to /api/* can be routed to one set of backend servers, and /images/* requests can be routed to another backend pool.
Example (Using Azure CLI)
xxxxxxxxxx81az network application-gateway url-path-map rule add \2--gateway-name MyAppGateway \3--resource-group MyResourceGroup \4--url-path-map-name MyPathMap \5--rule-name MyApiRule \6--paths "/api/*" \7--address-pool ApiBackendPool \8--http-settings ApiHttpSettings--paths "/api/*": This rule routes traffic that matches the/api/*path to theApiBackendPool.You can define multiple rules to route other paths (e.g.,
/images/*or/docs/*) to different backend pools.
Host-Based Routing
Host-based routing directs traffic based on the host header in the incoming request.
For example, if traffic comes to site1.example.com, it can be routed to a specific backend pool, and traffic coming to site2.example.com can be routed to a different backend pool.
How Host-Based Routing Works
The routing is determined by the hostname (i.e., the
Hostheader of the HTTP request).This is ideal for multi-tenant applications or services hosted under different domains.
Example (Using Azure CLI)
xxxxxxxxxx81az network application-gateway url-path-map rule add \2--gateway-name MyAppGateway \3--resource-group MyResourceGroup \4--url-path-map-name MyPathMap \5--rule-name MySiteRule \6--hosts "site1.example.com" \7--address-pool Site1BackendPool \8--http-settings Site1HttpSettings--hosts "site1.example.com": Routes requests destined forsite1.example.comto theSite1BackendPool.
Path and Host-Based Routing Combination
You can combine path-based routing and host-based routing to create more complex routing rules.
This is useful if you want to route traffic based on both the URL path and the host header.
How Combined Routing Works
You define rules that match both the host (
Hostheader) and URL path.This gives you fine-grained control over routing decisions based on multiple parameters.
Example (Using Azure CLI)
xxxxxxxxxx91az network application-gateway url-path-map rule add \2--gateway-name MyAppGateway \3--resource-group MyResourceGroup \4--url-path-map-name MyPathMap \5--rule-name MySiteApiRule \6--hosts "site1.example.com" \7--paths "/api/*" \8--address-pool ApiBackendPool \9--http-settings ApiHttpSettingsThis rule routes traffic to the backend pool
ApiBackendPoolif the request is forsite1.example.comand the path matches/api/*.
Redirection Rules
Azure Application Gateway also allows you to create redirects based on path or host conditions.
You can redirect traffic to another URL, either within the same application or to an entirely different domain.
How Redirection Works
You can configure an HTTP listener to perform permanent or temporary redirects based on a path match.
Example (Using Azure CLI)
xxxxxxxxxx71az network application-gateway url-path-map rule add \2--gateway-name MyAppGateway \3--resource-group MyResourceGroup \4--url-path-map-name MyPathMap \5--rule-name MyRedirectRule \6--paths "/old-path/*" \7--redirect-config "{\"statusCode\":\"PermanentRedirect\",\"targetUrl\":\"https://newdomain.com/new-path\"}"--redirect-config: This parameter enables the redirection with the specified target URL.
Custom Health Probes
Health probes are used to monitor the health of backend servers and determine if traffic should be sent to them.
If a backend is unhealthy, traffic will be routed to healthy servers.
How Health Probes Work
Health probes are associated with backend pools and check whether the backend servers are healthy or not.
If a server fails a health probe, it will be temporarily removed from the pool, and traffic will not be sent to it until it passes the health check again.
Example (Using Azure CLI)
xxxxxxxxxx101az network application-gateway probe create \2--gateway-name MyAppGateway \3--resource-group MyResourceGroup \4--name MyHttpProbe \5--protocol Http \6--host "example.com" \7--path "/health" \8--interval 30 \9--timeout 20 \10--unhealthy-threshold 3This health probe checks the
/healthpath onexample.comand expects an HTTP response to verify that the backend is healthy.You can also use HTTPS probes if your backend supports SSL/TLS.
Custom Backend HTTP Settings
You can create backend HTTP settings to control the way traffic is forwarded to the backend pool.
These settings define the port, protocol, and any cookie-based affinity or request timeouts.
How Backend HTTP Settings Work
HTTP settings are associated with backend pools, defining how traffic is routed to the servers.
Cookie-based affinity ensures that subsequent requests from a client are routed to the same backend server.
Example (Using Azure CLI)
xxxxxxxxxx81az network application-gateway http-settings create \2--gateway-name MyAppGateway \3--resource-group MyResourceGroup \4--name MyHttpSettings \5--port 80 \6--protocol Http \7--cookie-based-affinity Disabled \8--timeout 20--cookie-based-affinity Disabled: Disables cookie-based session affinity (useful for stateless applications).--timeout 20: Sets the timeout in seconds for backend connections.
Web Application Firewall (WAF) Routing
If your Azure Application Gateway is configured with WAF, it can inspect incoming traffic and apply security rules based on the content of the request.
You can configure WAF rules to inspect URLs, headers, and other request parameters.
How WAF Routing Works
WAF is integrated with the Application Gateway and can be applied at the listener level.
Traffic can be inspected and blocked or logged if it matches security rule conditions.
Example (Using Azure CLI)
xxxxxxxxxx51az network application-gateway waf-policy rule-set add \2--policy-name MyWafPolicy \3--resource-group MyResourceGroup \4--rule-set-type OWASP \5--rule-set-version 3.2This example adds the OWASP rule set version 3.2 to the WAF policy.
You can then apply this policy to an Application Gateway.
Summary of Routing Options in Azure Application Gateway:
Basic Routing: Routes all traffic to one backend pool.
Path-Based Routing: Routes traffic based on URL paths.
Host-Based Routing: Routes traffic based on host headers.
Path + Host-Based Routing: Combines both path and host-based routing.
Redirection: Routes traffic to another URL.
Health Probes: Ensures traffic is routed only to healthy backend servers.
WAF: Protects the application by inspecting traffic before it reaches the backend.
Do write in comments to let me know if you need more details on any specific type of routing or further configuration examples.
Leave a Reply