One key feature of the Application Gateway service is its support for Secure Sockets Layer (SSL) termination. This feature means that the overhead of encrypting and decrypting traffic can be offloaded to the gateway, rather than have this impact performance on the backend web server.
This does however mean that communication between the application gateway and the backend web server is unencrypted which in some cases, perhaps due to security or compliance requirements, may not be acceptable. For those situations, the application gateway also fully supports end to end SSL encryption.
For the purpose of this article, the assumption has been made that SSL termination is enabled on the gateway. Standard web traffic should now be redirected to the https listener so that web requests don’t just fail when they are unable to traverse the application gateway over https.
Enabling https to https redirection
When an application gateway is configured with SSL termination, a routing rule is used to redirect https traffic to the https listener. The remainder of this article steps through configuring this routing rule.
Assumptions
The following assumptions have been made:
- https and https listeners already exist
- Azure PowerShell module version 3.6 or later is installed.
NOTE: To check what version of PowerShell is installed and for help on upgrading it if required, see Install Azure PowerShell module.
Configuring the routing rule
1. The first thing we need to do is get the application gateway object and store it as a variable
1 2 3 |
$appgw = Get-AzureRmApplicationGateway ` -Name appgw-name ` -ResourceGroupName appgw-rg |
2. Get the existing https listener
1 2 3 |
$myhttpsListener = Get-AzureRmApplicationGatewayhttpsListener ` -Name appGatewayhttpsListener ` -ApplicationGateway $appgw |
3. Get the existing https listener
1 2 3 |
$myhttpsListener = Get-AzureRmApplicationGatewayhttpsListener ` -Name appGatewayhttpsListener ` -ApplicationGateway $appgw |
4. Now create a redirection configuration using a permanent redirect and targeting the existing listener
1 2 3 4 5 6 7 |
Add-AzureRmApplicationGatewayRedirectConfiguration ` -Name redirecthttpstohttps ` -RedirectType Permanent ` -TargetListener $myhttpsListener ` -IncludePath $true ` -IncludeQueryString $true ` -ApplicationGateway $appgw |
5. Get the newly created redirect configuration
1 2 3 |
$redirectconfig = Get-AzureRmApplicationGatewayRedirectConfiguration ` -Name redirecthttpstohttps ` -ApplicationGateway $appgw |
6. Add a new rule to handle the redirect from the https listener
1 2 3 4 5 6 |
Add-AzureRmApplicationGatewayRequestRoutingRule ` -Name rule2 ` -RuleType Basic ` -httpsListener $myhttpsListener ` -RedirectConfiguration $redirectconfig ` -ApplicationGateway $appgw |
7. Finally, update the application gateway
1 2 |
Set-AzureRmApplicationGateway ` -ApplicationGateway $appgw |
To make it a little simpler to copy all steps, they have been combined into one script below. A copy of the file can also be downloaded from my GitHub repository app-gateway-https-https-redirect.ps1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# Get the application gateway $appgw = Get-AzureRmApplicationGateway ` -Name appgw-name ` -ResourceGroupName appgw-rg # Get the existing https listener $myhttpsListener = Get-AzureRmApplicationGatewayhttpsListener ` -Name appGatewayhttpsListener ` -ApplicationGateway $appgw # Get the https listener $myhttpsListener = Get-AzureRmApplicationGatewayhttpsListener ` -Name appGatewayhttpsListener ` -ApplicationGateway $appgw # Add a redirection configuration using a permanent redirect and targeting the existing listener Add-AzureRmApplicationGatewayRedirectConfiguration ` -Name redirecthttpstohttps ` -RedirectType Permanent ` -TargetListener $myhttpsListener ` -IncludePath $true ` -IncludeQueryString $true ` -ApplicationGateway $appgw # Get the redirect configuration $redirectconfig = Get-AzureRmApplicationGatewayRedirectConfiguration ` -Name redirecthttpstohttps ` -ApplicationGateway $appgw # Add a new rule to handle the redirect and use the new listener Add-AzureRmApplicationGatewayRequestRoutingRule ` -Name rule2 ` -RuleType Basic ` -httpsListener $myhttpsListener ` -RedirectConfiguration $redirectconfig ` -ApplicationGateway $appgw # Update the application gateway Set-AzureRmApplicationGateway ` -ApplicationGateway $appgw |
More information about the application gateway and all of its features can be found by following the link to Microsoft document repository – https://docs.microsoft.com/en-us/azure/application-gateway/