How do I secure my application using application gateway?
Question
-
I have a application running inside a VM. currently it's running at http://localhost:4545
Now I would like to expose it to internet with proper domain name as well implement load balancing with security. So I am thinking of using Application gateway WAF
BUT I am not finding any end to end clean tutorial or article.
Could someone help?
Many Thanks Deepak
All replies
-
Greetings,
Here are the core steps for setting up APPGW for your WebApp,
- In the Azure portal, look for Application Gateway in the services, and create a new App Gateway
- Then choose a virtual network where your App Gateway will be linked
- Then you need to create an IP public if the site needs to be publicly exposed, but you can also use a private IP
- Then create your first Backend pool which will contain one or more servers where the website is hosted:
- Add a routing rule.
- In the Backend target part, I created a new HTTP setting, to port 4545, in HTTP. It will be this port that will discuss with the website.
- In-order to expose it to the internet with custom domain name the point the public IP to the respective DNS name using Azure DNS services.
To summarize, here are the important elements here:
• Backend pool: contains one or more servers, on the same VNet as the App Gateway, to an On-Premises IP, etc.
• HTTP Settings: set how to chat with the site that is backend
• Listeners: this is where we will tell which URL we are listening to, as well as the port and the certificate, if there is one
• Rules: the rule allows to orchestrate everything, taking the listener’s traffic, associating it with an HTTP setting, and pointing it to a backend pool
• Health probe (optional): allows to test if a site, in a backend pool, is functional or not and if it is therefore a candidate to display the requested siteHere is the ref doc for a glimpse.
I would also suggest you to have a look at this article which explains about working model of an APPGW.
If you think your question has been answered, click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.
Best regards
Subhash
- Proposed as answer by SubhashVasarapu-MSFTMicrosoft employee Wednesday, May 27, 2020 6:29 PM
- Edited by SubhashVasarapu-MSFTMicrosoft employee Wednesday, May 27, 2020 6:30 PM
-
Your requirement is WAF, and it is available in AFD and AppGW. But you can use Traffic Manager as first Tier Load balancing and have AppGW in the different regions to provide high resilience/availability.
APPGW Arch with Traffic Manager:
Azure Traffic Manager + Application Gateways Demo Setup
If you want users from specific country to reach nearest backend resource, it seems like, the best solution for you is AFD.
AFD is a global Load balancer. It has WAF capability. It can Cache the data and provide quicker responses(CDN functionality). AFD uses an intelligent probing mechanism, through which it chooses the endpoint which is closer to the client who is making the request.AFD Architecture :
Note: Using AFD allows to disable health probe on AFD holding single backend resource which will be saving extra bandwidth and pricing.
If you think your question has been answered, click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.
Best regards
Subhash
- Edited by SubhashVasarapu-MSFTMicrosoft employee Thursday, May 28, 2020 4:57 PM
- Proposed as answer by SubhashVasarapu-MSFTMicrosoft employee Thursday, May 28, 2020 4:57 PM
