Share via

How to configure Azure Application Proxy for an internal Web server with two applications on different ports, and redirect from port 443 to 44384?

Callum Bradford 46 Reputation points
2023-10-18T19:55:35.9566667+00:00

We have an internal Web server which hosts two Web Application. One is the main app and the other is used for authentification. The main App runs on port 443 and the auth app runs on port 44384. We have configured the App Proxy to point to a WAF2 with a backend pool pointing to the internal Web app on port 443 which is working perfectly. The problem we have is when you connect to the Web app on port 443 the first thing is does is try and redirect you to port 44384 but this doesn't work as it is trying to access the internal URL on port 44384 and it can't. In this scenario would we need to create another Enterprise Application for the 44384 port server and then setup the redirect to use the external URL? Or is there a better way of doing this?

Microsoft Entra Private Access
Microsoft Entra Private Access
Microsoft Entra Private Access provides secure and deep identity-aware, Zero Trust network access to all private apps and resources.
47 questions
Accepted answer
  1. Konstantinos Passadis 17,376 Reputation points MVP
    2023-11-07T23:40:08.6433333+00:00

    Hello

    Azure WAF is a very flexible tool-service

    As long as the Web App tries to redirect to a second application on a different port, you need to set up additional routing rules in the Application Gateway 

    Multi-site listeners: If the hostname changes during redirect, consider using multi-site listeners to distinguish between incoming requests for different hostnames. You can implement custom DNS to assist this but it gets a little more complex

    https://learn.microsoft.com/en-us/azure/application-gateway/multiple-site-overview

    Path-based routing: If the path is the distinguishing factor, create path-based routing rules to route traffic to the appropriate backend pool and HTTP settings based on the URL path.

    https://learn.microsoft.com/en-us/azure/application-gateway/create-url-route-portal

    **Additional Listener for Port 44384**: You need an additional listener for port 44384 if you expect to receive direct requests on this port. However, since Application Gateway doesn't support multiple ports for the same listener, you might face a limitation here if you need to expose both ports with the same hostname publicly.

    Have alook here :

    https://learn.microsoft.com/en-us/azure/application-gateway/configuration-request-routing-rules#associated-back-end-http-setting

    https://learn.microsoft.com/en-us/answers/questions/513145/how-a-server-in-backend-pool-can-listen-on-multipl

    The second post addreses similar issues

    Application Gateway needs thorough read and testing to master its power , There are limitations of course but nothing is impossible , Please go through the docs and you will find some steps to start with

    Kindly post your feedback !

    --

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Konstantinos Passadis 17,376 Reputation points MVP
    2023-10-18T23:22:47.56+00:00

    Hello @Callum Bradford !

    I can see you are facing a problem with 2 Apps behind App Proxy

    There are 2 possible solutions here :

    Use different Connectors

    https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-connector-groups

    Utilize Segments

    https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-complex-application

    And a thrid option to use URl Rewrite on your WAF ;

    https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-application-gateway-waf

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards