We are pleased to partake the capability to rewrite HTTP headers in Azure Application Gateway. With this, you can add, remove, or update HTTP request and response headers while the request and response packets move between the node and backend application. You can besides add conditions to ensure that the headers you specify are rewritten lone when the conditions are met. The capability besides supports several server variables which help store extra information about the requests and responses, thereby enabling you to make knock-down rewrite rules .
A diagram showing how X-Forwarded_For affects  how the client interacts with the application gateway and backend application.
calculate 1 : application Gateway removing the port data from the X-Forwarded-For header in the request and modifying the Location header in the response .
Rewriting the headers helps you carry through respective crucial scenarios. Some of the common use cases are mentioned below.

Remove port information from the X-Forwarded-For header

Application gateway inserts X-Forwarded-For header to all requests before it forwards the requests to the backend. The format of this header is a comma-separated list of IP : port. however, there may be scenarios where the backend applications require the header to contain alone the IP addresses. One such scenario is when the backend application is a Content Management System ( CMS ) because most CMS are not able to parse the extra port information in the heading. For accomplishing such scenarios, you can set the header to the add_x_forwarded_for_proxy server variable which contains the X-Forwarded-For client request header without the port information .
Image showing how to remove port information from the X-Forwarded-For heading.
number 2 : application Gateway shape for removing the port information from the X-Forwarded-For header .

Better integration with App service and other multi-tenant backends

When a backend application sends a redirection reaction, you may want to redirect the customer to a unlike URL than the one specified by the backend application. One such scenario is when an app service is hosted behind an lotion gateway.

Since app serve is a multi-tenant service, it uses the host heading in the request to route to the right end point. App services have a default domain name of *.azurewebsites.net ( say contoso.azurewebsites.net ) which is different from the application gateway ‘s domain name ( say contoso.com ). Since the master request from the client has lotion gateway ‘s sphere appoint contoso.com as the master of ceremonies mention, the application gateway changes the hostname to contoso.azurewebsites.net, so that the app serve in the backend can route it to the correct end point. But when the app service sends a redirection response, it uses the same hostname in the placement header of its response as the matchless in the request it receives from the application gateway. consequently, when the app overhaul performs a redirection to its relative path ( redirect from /path1 to /path2 ), the customer will make the request directly to contoso.azurewebsites.net/path2, alternatively of going through the application gateway ( contoso.com/path2 ). This will bypass the lotion gateway which is not desirable .
This write out can be resolved by setting the hostname in the location header to the application gateway ‘s world name. To do this, you can create a rewrite rule with a condition that evaluates if the placement header in the response contains azurewebsites.net and performs an legal action to rewrite the location header to have application gateway ‘s hostname .
An image showing how to configure a gateway for modifying the location header.
name 3 : application Gateway shape for modifying the location header.

Implement security-related HTTP headers to prevent vulnerabilities

respective security system vulnerabilities can be fixed by implementing necessary headers in the application response. Some of these security headers are X-XSS-Protection, Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, etc. You can use application gateway to set these headers for all responses .

Get started

You can learn more about HTTP header rewrite with Application Gateway and find detailed instructions about how to configure HTTP header rewrite in Application Gateway .

Please send your feedback

There are a few different routes to provide feedback :

  • UserVoice: Post new ideas for Application Gateway on our UserVoice page.
  • Join our cohort: We’re always interested in having new customers join our cohorts to get early access to new features and help us improve Application Gateway going forward. If you are interested in joining our cohorts, simply fill out this quick form.
reference : https://themedipia.com
Category : Website hosting

Leave a Reply

Your email address will not be published.