Route web traffic using Azure CLI

/* appGatewayBackendPool
myAppGateway

myAGPublicIPAddress /images/* imagesBackendPool

videoBackendPool
/video/*
myVNet

https://docs.microsoft.com/en-us/azure/application-gateway/tutorial-url-route-cli

1
1
Azure Application Gateway

HTTP
Setting Backend Pool

App Gateway VMs

frontend IP HTTP/HTTPS
Browser x.x.x.x listener Rule

VMSS

On-prem
Servers

https://docs.microsoft.com/en-us/azure/application-gateway/overview
2
Static Website Hosting in Azure Storage

HTTP
Setting
Azure GPv2 Storage Account
+
Azure App Gateway Static Website Hosting Support
CDN frontend IP HTTP/HTTPS
Browser x.x.x.x listener Rule

Asset Files
i.e. HTML, CSS,
.png, .js

3
Static Website Hosting in Azure Storage
Azure GPv2 Storage Account
HTTP +
Setting Static Website Hosting Support
App Gateway/WAF
Azure frontend IP Asset Files
CDN x.x.x.x HTTP/HTTPS i.e. HTML, CSS,
Browser listener Rule .png, .js

HTTP
App Gateway/WAF Setting
Azure frontend IP Web App Service
CDN x.x.x.x HTTP/HTTPS Asset Files
Browser listener i.e. HTML, CSS,
Rule
.png, .js

HTTP Load Balancer &

App Gateway/WAF Setting Backend VM Azure GPv2 Storage Account
Azure frontend IP Scale Set Pool
CDN x.x.x.x HTTP/HTTPS Asset Files
Browser listener i.e. HTML, CSS,
Rule
.png, .js

4
Azure GPv2 Storage Account
Azure Application Gateway

ImageServerPool

/images/*

Contoso.com
VideoServerPool
/video/*

https://docs.microsoft.com/en-us/azure/application-gateway/overview

5
Azure Application Insights

Web Pages
Client apps
AI

requests
Alerts

HTTP
Azure Monitor
Power BI
Your Web
Service Application
AI Insights
Visual Studio

Dependency
Calls Rest API

External Background Continuous

Services Services export
AI

https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
Static Website Hosting

HTTPS/HTTP HTTP 80
80/443

Azure Azure
Content Delivery Azure
Storage Account with
Network Application Gateway
Static Website Hosting
Support

Virtual Network
Resource
Group

https://medium.com/@emin.askerov/static-website-hosting-in-azure-storage-with-custom-domain-and-ssl-support-using-azure-application-b17f95c6764c

7
MS Ignite Sept. 2018 - Azure Firewall - BRK4029 - Azure Firewall and Best Practices

L3-L7 Connectivity Policies

NAT, Network and Application

traffic filtering rules allows
Spoke 1 Inbound/Outbound access

Central VNet

Spoke 2

Azure Firewall

Spoke VNets
Azure to On-Prem Traffic is denied by
traffic filtering default

8
On-Premises
Web App Firewall - BRK4029 - Azure Firewall and Best Practices

Site 1
App Valid
Gateway request

XSS attack

WAF
Valid
request Site 2

Valid
SQL request
L7 LB
injection

9
Security Management With Azure Services - BRK2021 - Azure security & management

1 1

Identity & Access Encryption Network Security Threat Security

Management (SDN) Protection Management

Encryption Azure Security Center

Azure Active Directory VNET, VPN, NSG
(Disks, Storage, SQL)

Multi-Factor Application Gateway Microsoft Antimalware

Azure Key Vault Azure Monitor
Authentication (WAF), Azure Firewall for Azure

Role Based Confidential DDoS Protection

Access Control Computing Standard

Azure Active Directory

ExpressRoute
(Identity Protection)

+ Partner Solutions
10