Configure Azure Application Gateway for Web App
Question
You are developing a web app that is protected by Azure Web Application Firewall (WAF)
All traffic to the web app is routed through an Azure Application Gateway instance that is used by multiple web apps.
The web app address is contoso.azurewebsites.net.
All traffic must be secured with SSL.
The Azure Application Gateway instance is used by multiple web apps.
You need to configure the Azure Application Gateway for the web app.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.AD.
D: The ability to specify a host override is defined in the HTTP settings and can be applied to any back-end pool during rule creation.
The ability to derive the host name from the IP or FQDN of the back-end pool members.
A (not C): SSL termination and end to end SSL with multi-tenant services.
In case of end to end SSL, trusted Azure services such as Azure App service web apps do not require whitelisting the backends in the application gateway.
Therefore, there is no need to add any authentication certificates.
![Add HTTP setting
saiappgw-appgw
ene”
* Protoco
HTTP
i] Authentication certificates are not required for trusted Azure certificates for end to
end ssl to work
* Port @
443 vv
* Request timeout (seconds)
20
Override backend = °
Use for App service
vk](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/Developing-Solutions-for-Microsoft-Azure-(AZ-204)/answer/img0010100001.jpg)
To configure the Azure Application Gateway for a web app that is protected by Azure Web Application Firewall (WAF), you need to perform the following two actions:
A. In the Azure Application Gateway's HTTP setting, enable the "Use for App Service" setting:
This setting allows the Azure Application Gateway to work with the Azure App Service that hosts the web app. By enabling this setting, the Azure Application Gateway will automatically configure itself to work with the web app and route traffic to it through the WAF. To enable this setting, you should go to the Azure Application Gateway's HTTP settings and select the "Use for App Service" option.
D. In the Azure Application Gateway's HTTP setting, set the value of the "Override backend path" option to contoso.azurewebsites.net:
This setting ensures that the Azure Application Gateway routes traffic to the correct web app. The "Override backend path" option tells the Azure Application Gateway where to send traffic when it receives requests for a particular URL path. In this case, you should set the value to contoso.azurewebsites.net to ensure that traffic is routed to the correct web app. To set this value, you should go to the Azure Application Gateway's HTTP settings and enter the value of contoso.azurewebsites.net in the "Override backend path" field.
It's worth noting that the other two options (B and C) are not relevant to the scenario described in the question. Converting the web app to run in an Azure App Service Environment (ASE) is not necessary for configuring the Azure Application Gateway, and adding an authentication certificate for contoso.azurewebsites.net to the Azure Application Gateway is not required to secure traffic with SSL as Azure Web Application Firewall (WAF) provides SSL protection by default.
