Edit

Share via

Create an application gateway and rewrite HTTP headers

  • Article

You can use Azure PowerShell to configure rules to rewrite HTTP request and response headers when you create the new autoscaling and zone-redundant application gateway SKU

In this article, you learn how to:

  • Create an autoscale virtual network
  • Create a reserved public IP
  • Set up your application gateway infrastructure
  • Specify your http header rewrite rule configuration
  • Specify autoscale
  • Create the application gateway
  • Test the application gateway

If you don't have an Azure subscription, create a free account before you begin.

Prerequisites

This article requires that you run Azure PowerShell locally. You must have Az module version 1.0.0 or later installed. Run Import-Module Az and thenGet-Module Az to find the version. If you need to upgrade, see Install Azure PowerShell module. After you verify the PowerShell version, run Login-AzAccount to create a connection with Azure.

Sign in to Azure

Connect-AzAccount
Select-AzSubscription -Subscription "<sub name>"

Create a resource group

Create a resource group in one of the available locations.

$location = "East US 2"
$rg = "<rg name>"

#Create a new Resource Group
New-AzResourceGroup -Name $rg -Location $location

Create a virtual network

Create a virtual network with one dedicated subnet for an autoscaling application gateway. Currently only one autoscaling application gateway can be deployed in each dedicated subnet.

#Create VNet with two subnets
$sub1 = New-AzVirtualNetworkSubnetConfig -Name "AppGwSubnet" -AddressPrefix "10.0.0.0/24"
$sub2 = New-AzVirtualNetworkSubnetConfig -Name "BackendSubnet" -AddressPrefix "10.0.1.0/24"
$vnet = New-AzvirtualNetwork -Name "AutoscaleVNet" -ResourceGroupName $rg `
       -Location $location -AddressPrefix "10.0.0.0/16" -Subnet $sub1, $sub2

Create a reserved public IP

Specify the allocation method of PublicIPAddress as Static. An autoscaling application gateway VIP can only be static. Dynamic IPs are not supported. Only the standard PublicIpAddress SKU is supported.

#Create static public IP
$pip = New-AzPublicIpAddress -ResourceGroupName $rg -name "AppGwVIP" `
       -location $location -AllocationMethod Static -Sku Standard

Retrieve details

Retrieve details of the resource group, subnet, and IP in a local object to create the IP configuration details for the application gateway.

$resourceGroup = Get-AzResourceGroup -Name $rg
$publicip = Get-AzPublicIpAddress -ResourceGroupName $rg -name "AppGwVIP"
$vnet = Get-AzvirtualNetwork -Name "AutoscaleVNet" -ResourceGroupName $rg
$gwSubnet = Get-AzVirtualNetworkSubnetConfig -Name "AppGwSubnet" -VirtualNetwork $vnet

Configure the infrastructure

Configure the IP config, frontend IP config, backend pool, HTTP settings, certificate, port, and listener in an identical format to the existing Standard application gateway. The new SKU follows the same object model as the Standard SKU.

$ipconfig = New-AzApplicationGatewayIPConfiguration -Name "IPConfig" -Subnet $gwSubnet
$fip = New-AzApplicationGatewayFrontendIPConfig -Name "FrontendIPCOnfig" -PublicIPAddress $publicip
$pool = New-AzApplicationGatewayBackendAddressPool -Name "Pool1" `
       -BackendIPAddresses testbackend1.westus.cloudapp.azure.com, testbackend2.westus.cloudapp.azure.com
$fp01 = New-AzApplicationGatewayFrontendPort -Name "HTTPPort" -Port 80

$listener01 = New-AzApplicationGatewayHttpListener -Name "HTTPListener" `
             -Protocol Http -FrontendIPConfiguration $fip -FrontendPort $fp01

$setting = New-AzApplicationGatewayBackendHttpSettings -Name "BackendHttpSetting1" `
          -Port 80 -Protocol Http -CookieBasedAffinity Disabled

Specify your HTTP header rewrite rule configuration

Configure the new objects required to rewrite the http headers:

  • RequestHeaderConfiguration: this object is used to specify the request header fields that you intend to rewrite and the new value that the original headers need to be rewritten to.

  • ResponseHeaderConfiguration: this object is used to specify the response header fields that you intend to rewrite and the new value that the original headers need to be rewritten to.

  • ActionSet: this object contains the configurations of the request and response headers specified above.

  • RewriteRule: this object contains all the actionSets specified above.

  • RewriteRuleSet- this object contains all the rewriteRules and will need to be attached to a request routing rule - basic or path-based.

    $requestHeaderConfiguration = New-AzApplicationGatewayRewriteRuleHeaderConfiguration -HeaderName "X-isThroughProxy" -HeaderValue "True"
$responseHeaderConfiguration = New-AzApplicationGatewayRewriteRuleHeaderConfiguration -HeaderName "Strict-Transport-Security" -HeaderValue "max-age=31536000"
$actionSet = New-AzApplicationGatewayRewriteRuleActionSet -RequestHeaderConfiguration $requestHeaderConfiguration -ResponseHeaderConfiguration $responseHeaderConfiguration    
$rewriteRule = New-AzApplicationGatewayRewriteRule -Name rewriteRule1 -ActionSet $actionSet    
$rewriteRuleSet = New-AzApplicationGatewayRewriteRuleSet -Name rewriteRuleSet1 -RewriteRule $rewriteRule

Specify the routing rule

Create a request routing rule. Once created, this rewrite configuration is attached to the source listener via the routing rule. When using a basic routing rule, the header rewrite configuration is associated with a source listener and is a global header rewrite. When a path-based routing rule is used, the header rewrite configuration is defined on the URL path map. So, it only applies to the specific path area of a site. Below, a basic routing rule is created and the rewrite rule set is attached.

$rule01 = New-AzApplicationGatewayRequestRoutingRule -Name "Rule1" -RuleType basic `
         -BackendHttpSettings $setting -HttpListener $listener01 -BackendAddressPool $pool -RewriteRuleSet $rewriteRuleSet

Specify autoscale

Now you can specify the autoscale configuration for the application gateway. Two autoscaling configuration types are supported:

  • Fixed capacity mode. In this mode, the application gateway doesn't autoscale and operates at a fixed Scale Unit capacity.

    $sku = New-AzApplicationGatewaySku -Name Standard_v2 -Tier Standard_v2 -Capacity 2

  • Autoscaling mode. In this mode, the application gateway autoscales based on the application traffic pattern.

    $autoscaleConfig = New-AzApplicationGatewayAutoscaleConfiguration -MinCapacity 2
$sku = New-AzApplicationGatewaySku -Name Standard_v2 -Tier Standard_v2

Create the application gateway

Create the application gateway and include redundancy zones and the autoscale configuration.

$appgw = New-AzApplicationGateway -Name "AutoscalingAppGw" -Zone 1,2,3 -ResourceGroupName $rg -Location $location -BackendAddressPools $pool -BackendHttpSettingsCollection $setting -GatewayIpConfigurations $ipconfig -FrontendIpConfigurations $fip -FrontendPorts $fp01 -HttpListeners $listener01 -RequestRoutingRules $rule01 -Sku $sku -AutoscaleConfiguration $autoscaleConfig -RewriteRuleSet $rewriteRuleSet

Test the application gateway

Use Get-AzPublicIPAddress to get the public IP address of the application gateway. Copy the public IP address or DNS name, and then paste it into the address bar of your browser.

Get-AzPublicIPAddress -ResourceGroupName $rg -Name AppGwVIP

Clean up resources

First explore the resources that were created with the application gateway. Then, when they're no longer needed, you can use the Remove-AzResourceGroup command to remove the resource group, application gateway, and all related resources.

Remove-AzResourceGroup -Name $rg

Next steps