Infra 3 – Application Gateway

🛡️ Azure Application Gateway — Layman’s Analogy

Think of Azure Application Gateway like a bouncer at the entrance of a club.

Imagine your app is a restaurant, and once Traffic Manager (the city’s traffic controller) sends people to the right branch (region), the Application Gateway takes over:

• 🧍‍♂️ The Bouncer: Checks if the visitor is legit — handles security and SSL.
• 🧾 The Receptionist: Sends them to the right table — routes requests to backend servers.
• 🔐 The Firewall: Blocks suspicious guests — protects with WAF (Web Application Firewall).
• 🧭 The Host: Handles special requests — like “I want vegetarian” (URL routing) or “I want the same waiter” (session stickiness).

---

💡 What It Does in Simple Terms:

• ✅ Checks who is coming (incoming traffic)
• 🚪 Secures the entrance (HTTPS, WAF)
• 🛎️ Directs them to the right room (backend server)
• 🔀 Can say: “You go left, you go right” — based on what the visitor asks for (routing rules)

Real-World Example (Simple Terms)

Imagine you run a restaurant website with:

• A homepage.
• An ordering system.
• A support page.

You host all 3 parts on different servers.

Now you want:

1. One single public URL like www.foodhub.com.
2. Incoming traffic to be automatically routed to the right part:
   • /order goes to the order backend
   • /support goes to customer service backend
3. Protection from bots, hackers, bad requests.
4. Fast performance and high availability.

You use Azure Application Gateway for this:

• It’s the entry point (like a traffic cop).
• Uses rules to forward /order, /support, etc.
• Can add Web Application Firewall (WAF) for protection.
• Handles HTTPS, SSL certificates, and load balancing.

• Example:Let’s say:
  • www.mystore.com/home → goes to Web Frontend
  • www.mystore.com/checkout → goes to Order System
  • www.mystore.com/help → goes to Support team
  Azure Application Gateway does the routing, protects your app, and improves reliability — all without your customer even knowing what’s happening behind the scenes.

🔄 Flow Recap:

User → DNS → Traffic Manager → Application Gateway → Backend Pool (Web Apps/VMs)

🧱 What You Need to Configure When Creating Application Gateway:

1. Name
   A unique name for your gateway.
2. Region
   Choose the Azure region where it will be deployed.
3. Tier
   • Standard
   • Standard_v2
   • WAF
   • WAF_v2 (for advanced security)
4. Virtual Network (VNet)
   • Must be in the same region
   • Needs at least one subnet dedicated to the gateway
5. Frontend IP Configuration
   • Public IP (for internet-facing)
   • Private IP (for internal apps)
6. Listener
   • Protocol: HTTP or HTTPS
   • Port: Usually 80 or 443
   • SSL certificate (if HTTPS)
7. Backend Pool
   • IPs or FQDNs of your web servers, VMs, or App Services
8. Backend HTTP Settings
   • Port
   • Protocol
   • Cookie-based affinity
   • Timeout
   • Custom probe (optional)
9. Routing Rules
   • Define how requests are routed (path-based, host-based)
10. Web Application Firewall (WAF)(optional)
    • Enable WAF for protection against common threats (OWASP rules)
11. Tags(optional)
    • For resource organization and billing