![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 98%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
957 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Thank you for reaching out and glad to know you are proceeding with this approach. I have replied to your previous query here.
I am now able to access the application from both ways, using the default domain of the app services and by using the public ip address of the application gateway. I am not able to understand which one of them is DDoS protected.
The public IP address of the application gateway will be protected by DDOS, as Azure DDOS protects the Public IPs of the resources that are deployed in ARM based VNETs. This is the list of services which can be protected.
I understand that your web-app is still accessible over internet by its default domain, the solution here is apply restrictions on your Web-app so that it only accepts traffic from your Application Gateway. You can restrict this access by using Access restriction rules based on service endpoints this allows you to lock down inbound access to the app making sure the source address is from Application Gateway OR Use Azure App Service static IP restrictions. For example, you can restrict the web app so that it only receives traffic from the application gateway. Use the app service IP restriction feature to list the application gateway VIP as the only address with access. This is currently documentation here.
I understand you are new to Azure Application Gateway. You can go through this video to understand how Application Gateway works.
As you are planning to proceed with this approach, I just wanted to share that there multiple ways you can integrate you integrate your web app with application gateway. You can go through this document for more information.
Hope this helps! Please let me know if you have any additional questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.