On Azure, application gateways are used as layer 7 load balancers that listen on http/https and then forward traffic to the backend environment.
SSL Certificates
To comply with web standards, Application Gateway offers SSL support. This means that SSL certificates can be loaded from an Azure Key vault and then linked to 1 or more https listeners.
Application gateway cannot generate certificates itself and because of the way in which the certificates must be loaded, we cannot support ‘Let’s Encrypt’ certificates. As a result, we are always forced to use existing or newly requested certificates.
Custom domains
Each Application gateway has 1 external IP to which a domain must point, then listeners can be set up to actually accept traffic and route it to the correct backend.
Web Application Firewall (WAF)
Application Gateways can use the so-called WAF tier. With this tier, Web Application Firewalling can be enabled at different levels. These are the options:
- The entire Application Gateway
- Per http/http listener
We will create a Web Application Firewall Policy for you, after which we will give you rights to make adjustments yourself with regard to exclusions, whether or not to block traffic and which rules or rulesets should be used.
Find more details here in the official Microsoft documentation.