Share via

Application gateway Modification

A, Kowsalya (Cognizant) 40 Reputation points
2026-05-14T14:15:51.7633333+00:00

I have already listener port 443 with basic in path based routing , now do i able to create 3 more listener port-443 with multi-site in IP based routing for specific backend server, will it possible, explain the process

Azure Application Gateway
Azure Application Gateway

An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. kagiyama yutaka 3,510 Reputation points
    2026-05-15T14:26:55.8466667+00:00

    I think u can keep the existing 443 basic listener, and add 3 multi‑site listeners on the same port as long as each uses a unique hostname; AppGW allows multiple 443 listeners on one IP when the hostnames differ.

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-05-14T14:16:10.6266667+00:00

    Yes, it is possible to have multiple listeners on port 443 on the same Application Gateway, as long as they are differentiated by host name (multi-site listeners) and associated rules. The existing basic listener on 443 will accept all traffic for that IP/port unless multi-site listeners are configured and prioritized correctly.

    Key points from the platform behavior:

    1. Listener types and behavior
    • A basic listener on 443 will accept any request for that IP/port combination.
    • A multi-site listener on 443 uses the HTTP Host header (or SNI for TLS listeners) to route traffic to different backend pools based on host name.
    • Multiple multi-site listeners can share the same frontend IP and port (443) as long as each has a distinct host name or wildcard host name configuration.
    1. Order/priority of listeners and rules
    • For v1 SKU: rules are processed in order. If a rule with a basic listener on 443 is first, it will match all requests for that IP/port and prevent multi-site listeners from being used.
    • For v2 SKU: rule priority defines processing order. Wildcard/basic listeners should have a higher numeric priority value (lower precedence) than site-specific multi-site listeners.
    • Best practice: configure multi-site listeners first (or with higher precedence) and push the basic listener rule to the end / lower precedence so that host-based routing works correctly.
    1. What can be done in the described scenario Given an existing basic listener on port 443 used in a path-based routing rule, the following pattern is supported:
    1. Keep the existing basic listener and rule as a catch‑all for 443.
    2. Add three new multi-site listeners on the same frontend IP and port 443, each with its own host name (or wildcard host names) and backend pool.
    3. Ensure rule processing order/priority is set so that:
      • All multi-site rules (for the three specific host names) are evaluated before the basic listener rule.
      • Any request that does not match the multi-site host names will fall back to the basic listener and its path-based routing.
    1. High-level configuration process (Azure portal example)

    For each of the three new sites:

    1. Go to the Application Gateway → Configuration.
    2. Select Add a routing rule.
    3. On the Listener tab:
      • Frontend IP: select the same frontend IP currently used for 443.
      • Protocol/Port: HTTPS / 443.
      • Listener type: Multiple sites.
      • Host name: set the specific FQDN for that backend (for example, site1.contoso.com).
    4. On the Backend targets tab:
      • Backend target: select or create the backend pool for that specific site.
      • Backend setting: select or create appropriate HTTP(S) settings (port, protocol, etc.).
    5. Save the rule.
    6. Repeat for the other two host names.
    7. Adjust rule order/priority:
      • v1: move the three multi-site rules above the existing basic listener rule.
      • v2: assign lower numeric priorities to the three multi-site rules and a higher numeric priority to the basic listener rule.
    1. Interaction with path-based routing
    • Multi-site listeners can be used with basic or path-based rules. For each host name, a rule can be:
      • Basic (all paths for that host go to one backend pool), or
      • Path-based (different URL paths for that host go to different backend pools).
    • The existing basic listener with path-based routing can remain as a default for any host not explicitly handled by the multi-site listeners.
    1. Wildcard and multiple host names (optional)
    • A multi-site listener can define wildcard host names and up to 5 host names per listener using the hostnames property.
    • hostname (single non-wildcard) and hostnames (array of wildcard names) cannot be used together on the same listener.

    In summary, multiple multi-site listeners on port 443 are supported and can coexist with an existing basic listener on 443. The critical requirement is to configure the multi-site listeners and their rules so they are processed before the basic listener, ensuring that host-based routing to specific backend servers works as intended, with the basic listener acting as a catch-all.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.