Application Gateway Integration
Last updated
Inforiver Writeback Matrix On-Prem
Last updated
Application gateway with a firewall would be a very good addition to this setup. This will boost the security and provide additional configuration on the network side. It would also helps you to monitor the traffic and block unwanted traffic.
Please follow the steps below to integrate Application Gateway.
Search for 'Application Gateway' in Azure Marketplace and click on Create.
Select the Resource Group, Region and VNet same as the Inforiver app service, and select all other options as per your need and recommendations. We need to create a new subnet for this gatewayâclick on Manage subnet configuration.
Proceed to create a new subnet called 'gateway', leaving the address range as prefilled, and then click save.
Carefully go back to the âCreate application gatewayâ step without losing any progress and select the newly created subnet and proceed to the next step.
Create a new public IP address and proceed to the next step.
Click on Add a backend pool and select the Inforiver app service as a backend target.
In this step, we need to add the routing information for the gateway.
Fill in the listener information as shown in the screenshot, and then either get the SSL certificate from Key Vault or upload a PFX certificate directly here. In this example, we are adding a certificate from Key Vault.
Go to the Backend targets and select the already created target, then add a new backend setting.
Fill the backend setting as shown in the screenshot, and add the setting.
Now the configuration part is completed. You may proceed to review and create the resource.
You may use the public IP address from the Overview page and configure an A record at your DNS server or hosting provider. In this example, we have shown GoDaddy DNS.
Finally, we need to whitelist the application gateway at our app service for unrestricted communication. For this, go to the Networking page of the app service and click on âAccess restriction.â
Add a new rule in the app service tab and select the gateway subnet to be whitelisted.
Verify that the Endpoint status is 'Enabled'.
Go to the âBackend healthâ page in the gateway and make sure you are getting âHealthyâ status.
The gateway integration part is now complete, and your app service is now fully private, and the inbound traffic can only be allowed through this gateway. You may now choose to have this gateway converted into a Web Application Firewall with a few toggles as shown below.
You can find below the compatible browsers and their versions:
The following APIs should be added to the exception list in an on-premises environment for WAF, while the rest can be removed:
/Redirect
/external-storage/redirect
To ensure that WAF does not block payloads larger than 2 MB, uncheck the Enforce maximum request body limit checkbox in the Azure portal gateway configuration.
