You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Azure Application Gateway is a Layer 7 (HTTP/HTTPS) load balancer that provides advanced traffic routing, SSL termination, and web application firewall (WAF) capabilities. It is the go-to service for load balancing web applications that need URL-based routing, cookie-based session affinity, or centralised SSL management.
| Feature | Layer 4 (Load Balancer) | Layer 7 (Application Gateway) |
|---|---|---|
| Routing decisions | IP, port, protocol | URL path, hostname, headers, cookies |
| SSL termination | No | Yes |
| WAF | No | Yes |
| WebSocket support | Yes (pass-through) | Yes (native) |
| URL rewriting | No | Yes |
| Cookie affinity | No | Yes |
Use Azure Load Balancer when you need simple, high-throughput TCP/UDP distribution. Use Application Gateway when you need HTTP-aware routing and security features.
Application Gateway sits in a dedicated subnet within your VNet and acts as a reverse proxy. It receives client requests on its frontend IP, evaluates routing rules, and forwards traffic to the appropriate backend pool.
Client --> Frontend IP --> Listener --> Rule --> Backend Pool
|
URL Path Map
/images/* --> Backend A
/api/* --> Backend B
| Component | Description |
|---|---|
| Frontend IP | Public and/or private IP address where the gateway receives traffic. |
| Listener | Defines how the gateway accepts incoming connections (port, protocol, hostname). |
| Routing rule | Connects a listener to a backend pool, optionally via a URL path map. |
| Backend pool | A collection of targets: VMs, VMSS, App Services, IP addresses, or FQDNs. |
| HTTP settings | Backend protocol, port, cookie affinity, connection draining, custom probes. |
| Health probe | Checks backend health using HTTP or HTTPS requests. |
| URL path map | Routes traffic to different backend pools based on the URL path. |
| SKU | Features |
|---|---|
| Standard v2 | Autoscaling, zone redundancy, static VIP, header rewrite, multi-site hosting. |
| WAF v2 | Everything in Standard v2 plus Web Application Firewall. |
Note: v1 SKUs (Standard and WAF) are being retired. Always use v2 for new deployments.
One of Application Gateway's most powerful features is routing traffic to different backends based on the URL path:
https://myapp.com/images/* --> Image server pool
https://myapp.com/api/* --> API server pool
https://myapp.com/* --> Default web server pool
This allows you to host multiple application tiers behind a single gateway without needing separate public IPs.
Application Gateway can host multiple websites on the same IP address using hostname-based routing:
app1.contoso.com --> Backend Pool Aapp2.contoso.com --> Backend Pool BEach site can have its own SSL certificate and routing rules. This is far more cost-effective than deploying separate gateways per site.
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.