Application gateway handling of non http traffic

Assaf L 261 Reputation points
2023-10-02T22:06:18.6633333+00:00

According to documentation (details) the app gateway supports HTTP, HTTPS, HTTP/2, and WebSocket protocols
Considering the above, in case MQTT traffic arrives at the service, what will occur at the service level

  • Will the traffic get ignored and forwarded to the backend pool
  • Will the traffic get blocked and rejected by the service with some return code? 
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
973 questions
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 37,406 Reputation points Microsoft Employee
    2023-10-09T06:03:04.4+00:00

    @Assaf L

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to know what would happen if you were to reach the Application gateway with undocumented protocols. (especially, MQTT).

    I got a confirmation from our Internal Team and they informed us that you will receive a 400 HTTP Status Code.

    As stated by @msrini-MSFT , the TCP connection/handshake will pass through but the Application layer traffic will not, resulting in 400.

    Should you be interested in using MQTT via AppGW, then we can sign you up for TLS/TCP proxy feature on a limited preview with the support incident you have raised.

    Thanks for your continued contribution on Q&A and appreciate much for taking the time to share your feedback.

    Cheers,

    Kapil

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. msrini-MSFT 9,261 Reputation points Microsoft Employee
    2023-10-04T07:22:00.29+00:00

    Hi,

    Lets say you have a Listener on port 443 and you are trying to send MQTT traffic over TCP port 443 to Application Gateway.

    Your TCP handshake will be successful but the Application layer is not handled by Application Gateway to support 443 and you get a timeout. I don't think there will be a response code sent. Maybe status code 400.

    Regards,

    Karthik Srinivas