0
votes

I am trying to put a WAF front of an azure web app (no ASE). The web app is running with HTTPS (SSL *.azurewebsites.net). I have followed the instructions from this MS document:

https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-end-to-end-ssl-powershell

Everything went pretty well with my powershell. No probs!

The backend pool is pointing to the correct web app domain ( myapp.azurewebsites.net). And I can see the backend health check is shown as HEALTHY!

I also wonder, in portal when I see the probe blade, the hostname is empty. Which might be intentional as I passed -PickHostNameFromBackendHttpSettings switch while creating the probe. Just wanted to give more context.

However, if I try to access the site via gateway I receive 404 - page not found.

Can anybody help me finding the problem, please?

2

2 Answers

0
votes

A 404 is an error indicating that the file you requested (whether that be index.html or something else) was not found on the server so it couldn't present it to you. There's no suggestion in that error that the Application Gateway cannot talk to, or otherwise connect to the Web Application you've set up. The usual error you would see if the Application Gateway couldn't talk to the backends is an HTTP 502.

What you're wanting to do is possible so there is possibly a misconfiguration in your Application Gateway or the App Service causing this 404.

One excerpt from the article linked below that may assist is:

Both the switch -PickHostNamefromBackendHttpSettings on the Probe configuration and -PickHostNameFromBackendAddress on the back-end http settings must be provided in order for web apps to work.

This is quite likely the cause of your fault but will require further investigation of course.

You'll want to check out the documentation on how to create an Application Gateway in front of a Web App. The instructions are for PowerShell.

https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-powershell

0
votes

I’m not 100% sure, but I kind of guess the issue now. What I’ve done is, manually created only the front end listeners and it started working. Then I guessed, the culprit might be the certificate. The I created the script again with ARM template with the same certificate and it all worked. I guess something went wrong first time with power shell uploading the pfx file. It’s pity that the error code was kind of misleading, took sometime to figure out where to look.

Thanks for your kind assistance! Cheers.