Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
You are developing a web app named mywebapp1
Mywebapp1 uses the address myapp1.azurewebsites.net.
You protect mywebapp1 by implementing an Azure Web Application Firewall (WAF)
The traffic to mywebapp1 is routed through an Azure Application Gateway instance that is also used by other web apps.
You want to secure all traffic to mywebapp1 by using SSL.
Solution: You open the Azure Application Gateway's HTTP setting and set the Override backend path option to mywebapp1.azurewebsites.net.
You then enable the Use for App service option.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.A.
The ability to specify a host override is defined in the HTTP settings and can be applied to any back-end pool during rule creation.
The ability to derive the host name from the IP or FQDN of the back-end pool members.
SSL termination and end to end SSL with multi-tenant services.
In case of end to end SSL, trusted Azure services such as Azure App service web apps do not require whitelisting the backends in the application gateway.
Therefore, there is no need to add any authentication certificates.
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-overviewThe solution provided does not meet the goal of securing all traffic to mywebapp1 by using SSL.
Enabling the "Use for App Service" option in the Azure Application Gateway is a step towards using SSL but it alone does not enforce SSL on traffic. This option only enables the Azure Application Gateway to use SSL when communicating with the backend app service, in this case, mywebapp1.
To enforce SSL on traffic to mywebapp1, you need to configure the Azure Application Gateway to terminate SSL at the gateway level and then forward the traffic to mywebapp1 over HTTPS. This requires configuring the Azure Application Gateway's listeners to use HTTPS and adding an SSL certificate to the gateway.
Therefore, the correct solution to meet the goal of securing all traffic to mywebapp1 by using SSL is to configure the Azure Application Gateway with SSL termination and HTTPS forwarding for traffic to mywebapp1.