Azure Application Gateway - Reverse Proxy

Question

Azure Application Gateway - Reverse Proxy

Victor Gomes 20

Hello,

I have an Application Gateway configured that has the private IP 10.179.0.xx1. Behind the AppGW, there are 2 Virtual Machines with the private IPs 10.179.0.xx2 and 10.179.0.xx3, configured as a backend.

When I try to access the website published in these two Virtual Machines using the AppGW IP (10.179.0.xx1), it work's as expected and load balance the connection between the two servers. The point here is that the browser redirect the connection to the IP (10.179.0.xx2 or 10.179.0.xx3) of one of the Virtual Machines and doesn't maintain the IP of the Application Gateway.

I would like to know how to make the Application Gateway work as Reverse Proxy. Is it possible to modify this and make every time that I type https://10.179.0.xx1 in the browser, it show's me the website published in the two VMs, but the address still with the IP of the Application Gatway?

Thank you

GitaraniSharma-MSFT 50,021 Reputation points Microsoft Employee Moderator

2023-08-23T17:20:28.44+00:00

Hello @Victor Gomes ,

Apologies for the delay in response.

I understand that when you try to access your Application gateway IP address, it redirects to the backend VM's IP address in the browser.

May I know what is the backend health status of your Application gateway?

Refer: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-backend-health-troubleshooting#how-to-check-backend-health

Also, I see that you've mentioned you type https://10.179.0.xx1to access your Application gateway.

Since you are using HTTPS, may I know if you are using end-to-end SSL or SSL termination?

Refer: https://learn.microsoft.com/en-us/azure/application-gateway/ssl-overview

Which SKU of Application gateway are you using - v1 or v2?

How is the backend pool configured for your Application gateway? Is it configured as the IP addresses of your VMs?

Regards,

Gita
KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator

2023-08-25T06:48:43.63+00:00

@Victor Gomes

May I know if you got a chance to review the previous comment by GitaraniSharma-MSFT?

Please let me know if you are facing any challenges or if there are any follow-up questions, I shall be glad to address them.

Thanks,

Kapil
KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator

2023-08-28T07:06:22.01+00:00

@Victor Gomes

Could you please provide an update on this post?

Kindly let us know if you need further assistance on this issue.

Thanks,

Kapil
KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator

2023-08-29T04:45:50.65+00:00

@Victor Gomes

Reaching out to check if there are any questions on this.

Please let us know if we can be of any further assistance here.

Thanks,

Kapil

2 answers

Your answer

GitaraniSharma-MSFT 50,021 Reputation points Microsoft Employee Moderator

2023-08-23T17:20:28.44+00:00

Hello @Victor Gomes ,

Apologies for the delay in response.

I understand that when you try to access your Application gateway IP address, it redirects to the backend VM's IP address in the browser.

May I know what is the backend health status of your Application gateway?

Refer: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-backend-health-troubleshooting#how-to-check-backend-health

Also, I see that you've mentioned you type https://10.179.0.xx1to access your Application gateway.

Since you are using HTTPS, may I know if you are using end-to-end SSL or SSL termination?

Refer: https://learn.microsoft.com/en-us/azure/application-gateway/ssl-overview

Which SKU of Application gateway are you using - v1 or v2?

How is the backend pool configured for your Application gateway? Is it configured as the IP addresses of your VMs?

Regards,

Gita
KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator

2023-08-25T06:48:43.63+00:00

@Victor Gomes

May I know if you got a chance to review the previous comment by GitaraniSharma-MSFT?

Please let me know if you are facing any challenges or if there are any follow-up questions, I shall be glad to address them.

Thanks,

Kapil
KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator

2023-08-28T07:06:22.01+00:00

@Victor Gomes

Could you please provide an update on this post?

Kindly let us know if you need further assistance on this issue.

Thanks,

Kapil
KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator

2023-08-29T04:45:50.65+00:00

@Victor Gomes

Reaching out to check if there are any questions on this.

Please let us know if we can be of any further assistance here.

Thanks,

Kapil

Answer 1

It sounds like you want to configure your Azure Application Gateway to act as a reverse proxy and forward traffic to your backend virtual machines while still preserving the original URL (in this case, the IP of the Application Gateway) in the browser's address bar. This is achievable through a combination of listener and URL path-based routing rules.

Here's a step-by-step guide on how to achieve this:

Create Backend Pools:

In your Application Gateway configuration, ensure that you have defined backend pools for your two virtual machines (10.179.0.xx2 and 10.179.0.xx3).

Create HTTP Settings:

Set up HTTP settings for your Application Gateway. These settings include protocol, port, and timeout configurations.

Create Listeners:

Create an HTTPS listener for your Application Gateway. This listener should use a frontend IP configuration with the private IP (10.179.0.xx1) of the Application Gateway.

Create a URL Path-Based Routing Rule:

Now, you'll create a URL path-based routing rule to forward traffic to your backend pools while preserving the original URL in the browser.
Under the listener you created, go to the "Rules" tab and click on "Add a routing rule".
Configure the rule as follows:
Name: Give your rule a meaningful name.
Listener: Choose the HTTPS listener you created earlier.
Use the following settings for your conditions:
If any of the following match the patterns: /*
Use the following settings for your routing settings:
Route to: Choose your backend pool.
Rewrite URL: Enabled (this preserves the original URL in the browser).

Test the Configuration:

With the URL path-based routing rule in place, accessing https://10.179.0.xx1 in a browser should now load balance traffic to your backend virtual machines (10.179.0.xx2 and 10.179.0.xx3), while the browser's address bar will still show https://10.179.0.xx1.

Keep in mind that this setup might require additional configuration if your backend application has absolute URLs, as those URLs may need to be adjusted to work correctly behind the reverse proxy. Also, make sure that your backend virtual machines are configured to respond to requests for 10.179.0.xx1.

.

Azure's documentation -->https://learn.microsoft.com/en-us/azure/application-gateway/features and https://learn.microsoft.com/en-us/azure/application-gateway/url-route-overview

Victor Gomes 20 Reputation points

2023-08-18T14:55:12.3066667+00:00

Hello Deepanshu katara,

Thank you for this information.

Just to confirm, all the configurations are well done until the block that you mentioned "Create a URL Path-Based Routing Rule:".

The difference is that the currently rule doesn't have a path-based created. Is it possible to add it in the currently rule or do I have to create a new rule with this configuration? Besides that, I didn't find any option called "Rewrite URL" in the Rule tab.

Thank you
Deepanshu katara 16,720 Reputation points MVP Moderator

2023-08-19T05:30:12.32+00:00

Yes you can edit the existing rule

Update the Existing Rule:

Go to the Azure portal and navigate to your Application Gateway's configuration.

Find the rule you want to add path-based routing to.

Edit that rule to include path-based routing

And regarding rewrite yes Azure Application Gateway itself doesn't provide a native URL rewriting feature within its rule configuration, it was my mistake I mentioned in my previous answer

Can you please accept my answer , it answers you , Thanks
Victor Gomes 20 Reputation points

2023-08-21T12:01:42.72+00:00

Hello Deepanshu katara,

I tried to modify the rule, but the option "Path-based routing" doesn't appear when I try to modify the currently rule. If I try to create a new rule this option is available again.

The problem is that if I try to create a new rule, the Listener doesn't show's, probably because it's already configured in the currently rule.

In this case, maybe I should delete the currently rule and create again with these parameters, right?

Thank you

Answer 2

msrini-MSFT 9,291 Microsoft Employee

Hi,

In an ideal scenario, your Application Gateway's IP will be preserved. If you have an HTTP to HTTPS re-direction configured in your Web server, you might see this kind of behavior. You can still change this behavior:

In your HTTP settings, you can override host name with your Application Gateway's IP, so that the IP will not change.

Note: You will need to configure your Web application to accept traffic when the hostname is configured as the AppGW's IP.

Regards,

Karthik Srinivas

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Share via

Azure Application Gateway - Reverse Proxy

2 answers

Your answer