Application Gateway in Azure offers layer 7 load balancer capabilities that manage traffic to your web applications over HTTP or HTTPS. With Application Gateway, you can be even more specific about the route to be followed and the destination to be reached, which means that you can route traffic based on the incoming URL
Application Gateway not only has the load balancing abilities but also secures your application using Web Application Firewall.
Application Gateway Features
- Connection draining
Connection draining is something that helps in gracefully remove the backend member from the pool, for example, planned service updates, thereby causing no interruption in the ongoing activities. Once this feature is enabled, it ensures that all deregistering instances do not receive any new request while allowing existing requests to get completed. This applies to both backend instances that are explicitly removed from the backend pool by an API call as well as backend instances that are reported as unhealthy as determined by the health probes.
- Secure Sockets Layer (SSL) termination
Application gateway helps in the SSL termination at the gateway level itself, allowing the communication with the backend instances as unencrypted. This feature removes the encryption and decryption overhead from blackened servers. At times, this is not an acceptable option by the business, so there is also an option for an end to end SSL as well.
- Web application firewall
One of the coolest features of Application Gateway is a Web application firewall (WAF) that provides centralized protection of your web applications from common security threats and vulnerabilities.
WAF supports OWASP3.0/2.2.9. OWASP stands for Open Web Application Security Project) core rule sets. I would encourage you to go ahead and read about OWASP as this is really helpful in designing security for your application.
The most common among these security vulnerabilities are SQL injection attacks, cross-site scripting, etc. Addressing those issues using code can be very challenging, and here comes the web application firewall for the rescue, which helps make security management much simpler and provides better assurance to application administrators against threats or intrusions.
One question that comes to mind it about the existing gateways, and yes, the existing application gateways can be converted to a web application firewall enabled application gateway easily.
- Custom error pages
Application Gateway allows you to create custom error pages instead of displaying default error pages. You can use your own branding and layout using a custom error page.
- URL-based routing
URL Path-Based Routing allows you to route traffic to back-end server pools based on URL Paths of the request. One of the scenarios is to route requests for different content types to a different pool.
For example, requests for http://contoso.com/video/* are routed to VideoServerPool, and http://contoso.com/images/* are routed to ImageServerPool. DefaultServerPool is selected if none of the path patterns match.
- Multiple-site hosting
One of the other cool features of the Application Gateway is the Multi-site hosting that enables you to configure more than one web site on the same application gateway instance. This feature allows you to configure a more efficient topology for your deployments by adding up to 100 web sites to one application gateway. Each web site can be directed to its own pool. For example, an application gateway can serve traffic for atcsl.com and atcsl.net.
A common scenario for many web applications is to support automatic HTTP to HTTPS redirection to ensure all communication between an application and its users occurs over an encrypted path.
Application gateway supports the functionality to redirect the traffic on the Application Gateway. Application Gateway has a generic redirection mechanism so you can redirect not just from HTTP to HTTPS, but also from and to any port you define using rules, and redirection to an external site as well.
- Session affinity
The cookie-based session affinity feature is very helpful if and when you want to keep a user session on the same server. By using Gateway-managed cookies, the Application Gateway redirects all subsequent traffic from a particular user session to the same server for processing, which the user was earlier on. This is important in cases where session state is saved locally on the server for a user session.
- Websocket and HTTP/2 traffic
HTTP based interactions require polling for the request. The HTTP/2 have lower overhead, can reuse the same TCP connection, no polling required, and is more efficient. They enable full duplex and more interactive communication. Interestingly, they are designed to work over traditional HTTP ports (80 and 443).
- Rewrite HTTP headers (public preview)
Application Gateway now supports the ability to rewrite headers of the incoming HTTP requests as well as the outgoing HTTP responses. You will be able to add, remove or update HTTP request and response headers while the request/response packets move between the client and backend pools. You can rewrite both standard (defined in RFC 2616) as well as non-standard header fields.