![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 62%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 48%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hello @Dilip Shukal,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand your question about the Azure Application Gateway setup for your webapps. You’re asking for our assistance in enabling public access for the specified Web Apps via the Application Gateway and confirming that the routing works correctly for both paths.
From your description, the Application Gateway and backend setup appear correct, as both Web Apps are marked as Healthy. This indicates the gateway is communicating with the backends without issues. The problem with public access likely stems from the listener, DNS, or network settings.Here are a few important checks to consider:
Reasons for This issue: Even if the backends are functioning properly, public access might still fail for the following reasons:
- The listener is either missing or incorrectly configured, such as an HTTP/HTTPS mismatch or a missing SSL certificate.
- The DNS is not resolving the Application Gateway’s public IP as expected.
- The Network Security Group (NSG) or a User Defined Route (UDR) is blocking inbound traffic.
- HTTPS-only is enabled on the Web App, but the gateway does not have SSL configured correctly.
Suggested Checks:
- Listener & SSL
- Make sure your Public Listener is assigned to the correct frontend public IP address.
- If you're using HTTPS, ensure a valid SSL certificate is uploaded and bound.
- Turn on SNI (Server Name Indication) if your Web Apps are configured with custom domains.
- Routing Rules
- / → points to the Frontend Web App backend pool.
- /graphql → points to the API Web App backend pool.
- HTTP Settings
- “Pick host name from backend target” (already done).
- If the backend uses HTTPS, make sure “Use well-known CA certificate” is enabled or upload the backend’s root certificate.
- DNS validation process:
- Verify that your custom domain points to the Application Gateway public IP.
- Access the site directly via the public IP to check for any DNS-related problems.
- curl -I http://<AppGW-Public-IP>
- Network Security
- The NSG on the Application Gateway subnet should permit inbound traffic on ports 80 and 443.
- Confirm that no UDR is restricting outbound internet access.
6. HTTPS Redirect
• If your Web Apps require HTTPS-only, set up an HTTP-to-HTTPS redirect rule on the Application Gateway.
7.Web Application Firewall Rules:
Review the WAF logs to confirm that requests to /graphql are not being blocked. If the rules are too strict, this may cause 403 errors.
Typical Mistakes to Avoid:
- Missing SSL binding on the listener.
- Custom domain not using SNI.
- DNS changes not fully propagated yet.
For more information refer the below links:
Troubleshoot backend health issues in Azure Application Gateway | Microsoft Learn
Kindly let us know if the above helps or you need further assistance on this issue.
Please do not forget to "Accept the answer” and “up-vote it” wherever the information provided helps you, this can be beneficial to other community members__.__ It would be greatly appreciated and helpful to others.