Application Gateway Integration

An application gateway with a firewall would be a very good addition to this setup. This will boost the security and provide additional configuration on the network side. It would also help you to monitor the traffic and block unwanted traffic.

Please follow the steps below to integrate Application Gateway.

1. Search for 'Application Gateway' in Azure Marketplace and click on Create.

1. Select the Resource Group, Region and VNet same as the Inforiver app service, and select all other options as per your need and recommendations.

1. We need to create a new subnet for this gateway—click on Manage subnet configuration.

1. Proceed to create a new subnet called 'appgateway', leaving the address range as prefilled, and then click Add.

1. Carefully go back to the ‘Create application gateway’ step without losing any progress and select the newly created subnet and proceed to the next step.

1. Create a new public IP address and proceed to the next step.

1. Click on Add a backend pool and select the Inforiver app service as a backend target.

1. In this step, we need to add the routing information for the gateway. Fill in the listener information as shown in the screenshot, and then either get the SSL certificate from Key Vault or upload a PFX certificate directly here. In this example, we are adding a certificate from Key Vault.

1. Go to the 'Backend targets' and select the already created target, then add a new backend setting.

1. Fill the backend setting as shown in the screenshot, and add the setting.

1. Click on Add to add the routing information.

1. Now the configuration part is complete. You may proceed to review and create the resource.

1. You may use the public IP address from the Overview page and configure an A record at your DNS server or hosting provider. In this example, we have shown GoDaddy DNS.

2. Finally, we need to whitelist the application gateway at our app service for unrestricted communication. For this, go to the 'Networking' page of the app service and click on ‘Access restriction.’

1. Add a new rule in the app service tab and select the gateway subnet to be whitelisted.

2. Verify that the endpoint status is 'Enabled'.

3. Go to the ‘Backend health’ page in the gateway and make sure you are getting ‘Healthy’ status.

4. The gateway integration part is now complete, and your app service is now fully private, and the inbound traffic can only be allowed through this gateway. You may now choose to have this gateway converted into a Web Application Firewall with a few toggles as shown below.

Note: While setting up Web Application Firewall (WAF) support, you must consider the following things:

1. Browser Compatibility

Below are the compatible versions for the following browsers:

2. APIs to be added to the exclusion list

The following APIs should be added to the exception list in an on-premises environment for WAF:

1. /redirect

2. /external-storage/redirect

3. /rls/redirect

The rest can be removed.

3. Configuring WAF to Allow Large Payloads

To ensure that WAF does not block payloads larger than 2 MB, uncheck the Enforce maximum request body limit checkbox in the Azure portal gateway configuration.