How to properly configure Azure Application Gateway Rewrite URL rule? - azure

We are using azure application gateway to route requests from host/client to the specific client app (.NET Core). This way client1 is routed to server1/client1 and client2 is routed to server2/client2 and so on. We are using URL path map to resolve the exact server for each client.
Application gateway has a limitation in 100 paths in URL Path map per listener. This forces us to keep the number of client applications low.
Recently we have rewritten our application to support multiple tenants. So now we can process multiple clients' requests using a single app. Our new routing looks like server/app/client. Still, we want to keep end-clients URLs in the same way as those are: host/client
My idea was next: Use Application gateway rewrite set, and on request, replace URL path values from /client to /app/client; But it seems that no matter what I set into those rules I do I keep getting the same response. It looks to me that rewrite rules are simply ignored. Even the basic one that does not contain any if logic.
e.g.:
-
So my question is whether it is possible to update request URL before application gateway rules are applied?
Will be really glad to get some help here.

Don't know if you solved your problem but I had exactly the same !
It looks like Microsoft made some changes few days ago on Application Gateway. And now it works ! But I had to delete my Application Gateway and create it again from scratch.
Hope this will help
Denis

Related

Azure Application Gateway CSS/JS header issue

Update
I have found, that the configuration is "correct", in that the application gateway properly routes to the correct backend when using the "/payment" path. On the app in question however, the path is still "/payment" which obviously does not work. I know I can circumvent this by using Override Backend Path to "/", but then, as said, the app does not load any CSS / JS files because it looks on the root of the host (I think)
I have a setup going with Azure Application Gateway for a project I am working on currently.
Setup
The basic setup goes like this:
Public IP --> Appliction Gateway --> Private Endpoints --> WebApps.
I have enabled multi-site hosting, have given an Azure domain (.cloudapp.azure.com) and have enabled path based routing.
So for example mydomain.germanywestcentral.cloudapp.azure.com/payment will route to a certain backend.
Issue
The issue is, while the HTML is loading just fine, all the CSS/JS is not looking at
"mydomain.germanywestcentral.cloudapp.azure.com/payment/site/style.css"
but at
"mydomain.germanywestcentral.cloudapp.azure.com/site/style.css"
I already googled for hours how to solve this issue but to no avail. I realize Azuer is one of the lesser used clouds as of now, but hopefully someone here can, at least in concept, explain what is happening and what needs to be done. Any pointers are helpful here :)
Disclaimer
I am rather new to the whole networking topic and Azure, so I am not sure how to solve this issue. How do I tell the app to not look at the root, but at the /payment. If I go to "mydomain.germanywestcentral.cloudapp.azure.com/site/style.css" it loads the file just fine.
Note
One thing: In order for any of this to work, I had to set "Override Backend Path" to "/", which is probably what is causing the issue.
However, if I turn this off, it does not load anything, and instead fails loading the site altogether.
Images of the settings
HTTP Setting for Payment Backend
Listener Configuration
Rule Configuration

Routing subdomains to certain applications in Azure Application Gateway?

I've been trying out Application Gateway, and have managed to get to the point where hosting 2 applications in different pools, albeit with same port is possible using the "host" header to choose where i intended to be directed.
However, what i actually intended to do was route subdomains to certain applications.
For example, my application gateway is "app-gw.example.com", and i have 2 Azure Functions sat behind that, for simplicity, func1.example.com and func2.example.com. (They actually have distinct domains themselves, not subdomains).
I would like to route "func1.app-gw.example.com"'s traffic to func1.example.com, and "func2.app-gw.example.com" to "func2.example.com".
However, i can't seem to figure this out. Can someone explain how this can be done?
I've had also some success hosting on different ports and using the listener + routes to direct to each individual site, but they should rather be on the same port, which rules this out.
I've also tried messing with URL Rewrites, but wasn't able to get something useful from that either.
EDIT: I think maybe i'm missing something here. Perhaps i need something that points the domain names to the application gateway, and then route on that? For example:
Site 1, reachable at func1.example.com may have an entry called "func1-gw.example.com", which actually just points to the application gateway, however, the application gateway now knows that it's really supposed to be going to "func1"?
Sounds like a DNS record pointing to the gateway may work, but then i wonder how to do the routing, hmm.
Thanks.
As you are already aware of Application Gateway multiple site hosting, you can enhance the Application Gateway to route the traffic based on the URLs.
Below references might help you configure the URL based routing.
URL Path Based Routing
Application Gateway redirection
Configure URL redirection on an application gateway

IIS reverse proxy not working in Azure Web App

I want to use a reverse proxy to point one of my endpoints to a resource that's hosted elsewhere. My primary server (where everything else is hosted) is in an Azure Web App and is otherwise working perfectly.
I've been using this seemingly failproof article along with the other links mentioned at the bottom of it: https://blogs.msdn.microsoft.com/zhiliang_xus_blog/2016/01/19/build-a-google-reverse-proxy-site-on-azure-web-app-in-less-than-3-minutes/
As a baseline, I used a Web App with no additional code and confirmed that the reverse proxy works. This was done by manually creating/editing the web.config file and applicationHost.xdt file then restarting the server.
I've tried 3 separate approaches (all on clean, new web apps) all of which are failing for me:
Push my code, confirm it works, then follow the reverse proxy steps manually
Follow the steps manually, confirm reverse proxy works, then push my code
Put the reverse proxy files into my codebase and push everything at the same time
None of these 3 approaches are working. Is this a bug in Azure? How can I try to figure this out?
Post XML Transformation (XDT), have you restarted the site?
I would suggest you to take a look at this blog from Ruslan:
http://ruslany.net/2014/05/using-azure-web-site-as-a-reverse-proxy/
It talks about using a Site extension. It implements the reverse proxy and it does the XDT transformation for you.
If the above is setup correctly, then there is something wrong with the URL Rewrite rules. I would recommend you to enable Failed Request Tracing and debug this further.
The link/way you posted used URL Rewrite to implement a reverse proxy. I tested it and it worked fine with my empty web application. After published a web application to the Azure Web App(For example, an ASP.NET MVC web application), the URL Rewrite stopped working. The reason is that all the requests to your web application are routed by ASP.NET route module.
To enable URL Rewrite for some URLs, we need to disable ASP.NET route for these URLs. For example, if you want to rewrite all the requests with "product/xxx" format to another site. You could add following code to RouteConfig.cs file.
routes.Ignore("product/{action}");
The problem in this specific case was the location of my web.config file.
It needs to be in the root directory of the application which, in my case, was not site\wwwroot. My code was being generated and copied into site\wwwroot\dist. Putting the config file in that directory fixed the problem.
Additionally, there are logs that can be enabled to get some insight as to what's going on: https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-enable-diagnostic-log

Reverse proxy in Azure with Web Apps

I'm moving from Apache on Linux to Azure Web Apps and I have a specific url (mysite.com/blog and everything under it) that is configured with a reverse proxy so the end user doesn't know that the content is actually coming from another service.
I'm sure I can do this within Web Apps (which runs on IIS) but I can't find any documentation on how to do this. As a backup I'm open to putting another service in front of my Web App.
How can I accomplish this in Azure?
Update: I did try using another service - Functions. My architecture looks like this:
This works in production but I'm hitting snags in development. /blog may or may not work depending on the entry point. In prod, our DNS will be configured so mysite.com points to mysite-proxy.azurewebsites.net and, therefore, any URI the user hits will work. In dev, however, we may want to browse to hit /blog from the Traffic Manager which will route us to /blog on the webapp which doesn't exist. Same problem, of course, if we go to /blog directly on the webapp. I tried to show these examples on the right side of the diagram.
I would like to find a solution so the webapp itself can handle the /blog proxying and then we can determine whether it's worth the speed and cost tradeoff compared to the existing solution.
You might want to checkout Azure Functions Proxies: https://learn.microsoft.com/en-us/azure/azure-functions/functions-proxies
Sounds like you want an Application Gateway (caution, costs like $15/day)
The AGW can have multiple listeners against multiple hostnames, including path-based routing.
You will want to add two backends, one for the /blog endpoint and one for the non-/blog stuff. The backends just take the IP or FQDN of the target resource, in this case you will have:
blogBackend: myblog.com
defaultBackend: myWebapp.azurewebsites.net
Then you need to add listeners for your public-facing domain, it would be like:
myHttpListener: port 80, hostname=mywebsite.net
myHttpsListener: port 443, hostname=mywebsite.net
Then you need an HTTP setting
myHttpSetting: protocol=HTTPS, port=443, useWellKnownCACert=Yes, HostnameOverride=Yes,pick from backend target
Then you need rules, one for http=>https redirect, and the other for handling the pathing
myRedirectRule: type=basic, listener=myHttpListener, backendtargettype=redirection, targettype=listener, target=myHttpsListener
myRoutingRule: type=path-based, listener=myHttpsListener, targettype=backendpool, target=defaultBackend, httpSetting=myHttpSetting, pathRules=
path=/* name=root backendpool=defaultBackend
path=/blog name=blog backendpool=blogBackend
You can create additional http settings and assign them to the path rules to change the behaviour of the reverse proxy. For example, you can have the user's URL be https://mywebsite.net/blog, but have the path stripped on the request to the blog so the request looks like myblog.com instead of myblog.com/blog
There's a lot of tiny parts, but the app gateways can handle multiple applications at scale. Biggest thing is to watch out for the cost since this is more of an enterprise solution.

How do I redirect traffic from a domain on other servers to content on mine?

Here's the basic situation:
I have an application on AWS which needs to serve assets to and create 'share' links for content hosted on my AWS servers. I need to figure out a way to still use the URL/domain from another clients infrastructure, so it will essentially whitelabel our application as coming from their services. I was thinking of using Route53 and a CNAME, but things like the dynamic 'share' urls will create a huge problem for redirects. Does anybody have any ideas on how this could be accomplished?
I think that you will have to set up your server at the "whitelabeling" location to have a web server that can call the other URLs and return their content. Ie, you create a server that responds at whitelabel.com, which then calls myAWS.com and passes the result back to whoever called whitelabel.com. You could make this flexible by allowing whatever the end destination URL needs to be to be passed in as a parameter (so, if you call whitelabel.com/foo, it will call myAWS.com/foo), though this has some security ramifications, and also requires a lot of knowledge by the consumer of exactly where things will reside.

Resources