Hello Everyone :) Thanks for following the blog.
As we know this blog is a part of Microsoft Azure Networking blog series. This blog is Part - 3 where we continue the Networking resources from understanding Azure Application Gateway. If you haven't read the Part - 1 and Part - 2
Azure application Gateway
- Layer 7 : HTTP/HTTPS load balancing WebSocket support.
- Web application firewall
- URL-based routing.
- Routing based on tuple of source & destination IP addresses.
- Round Robin
- Session affinity via cookies
- SSL decoding/terminations & end-to-end SSL processing.
- Two SKU's -> Web Application firewall (WAF) and Standard.
- Small, Medium & Large services tiers.
- Differences in pricing for outbound data
- Small doesn’t support WAF
- Differenced in speed of putdound data processing.
- Inbound data is free for all service tiers.
Web Application Firewall
- Protects from common attacks.
- SQL Injection & cross-site scripting.
- Bots & Scanners.
- HTTP violation/anomalies/forgeries.
- Server Misconfigurations.
Detection Mode : Detects and logs threats; no direct alerting.
Prevention Mode : Sends 403 response to detected threats.
- Super-simple to use.
- Create it, assign it to an IP address and VNET, add a listener and you’re done.
- Can protect Web Apps(in a Virtual Network).
- Public and private IP's load balancing.
- WAF protects against common attacks.
- SSL offloading
- Requires additional configuration.
- Custom health probes.
- Only works for HTTP/HTTPS.
- Round Robin and URL based routing limits overall routing options.
- Doesn’t support IP reservations.
- Laxer rule Vs Load balancer for health probes.
- Protest Virtual Machines & Web Apps against Common Attacks(WAF)
- Routing traffic among several web servers VMs or web apps within a specific
- In concert with a load balancer for multities application.
- Maintain session affinity for specific applications (Shopping carts, Web mail, etc.)
- SSL-intensive workload.
Thanks for reading.. :) Keep following for Part - 4