Sometimes companies requires simple URL redirections and those have been made several different ways for different services. Some organizations has used some ADC (Citrix ADC [Netscaler] or F5 or Nginx etc.) to redirect URL’s to the target application. You can do the same thing with an Application Gateway (in SKU 2 and SKU2 + WAF). If you are publishing some applications with Application Gateway, you are already paying for it, so why not to use it also for URL redirections.

Use cases

You can use URL redirections to give more simplified addresses for your end users. As on example your company is Bloggerz Inc. You would like to inform your end users that they can reset their passwords from https://pwreset.bloggerz.cloud. DNS points pwreset.bloggerz.cloud towards application gateway’s public IP where is the redirection rule to https://passwordreset.microsoftonline.com/.

Another use case is that you deploy Windows Virtual Desktop service for your company’s internal and external users. To give HTML5-client access for users, you have to redirect them towards https://rdweb.wvd.microsoft.com/arm/webclient. You can brand the WVD internally with some name and use it to publish the service or just publish it with a URL https://wvd.bloggerz.cloud. Wvd.bloggerz.cloud points in DNS towards the HTML5-client URL and end user does not have to remember the whole URL, only the branded URL.

Application Gateway configuration for URL Redirections

You have to configure application gateway to get the redirection working. I suppose that you have already public frontend IP in your AppGw. If not you can create it from Frontend IP Configuration page. First you configure a listener that tells which site it is listening about in what IP. Second you configure a rule for the redirection itself.

HTTP Listener

First create a listener for your host. Select multi site and provide a hostname for the redirection.

Screenshot of application gateway listener for url redirections

HTTPS Listener

Keep in mind, that you must do the same for HTTPS-protocol and provide the certificate for the listener. Certificate must include of course the hostname that you are redirecting from otherwise it is not working correctly. You can import the certificate to the Application Gateway or save it to the key vault and access it with a managed identity.

Add your HTTPS listener almost the same way than HTTP listener. You must select only HTTPS as a protocol, upload the certificate in .pfx-format, give a name for recognition of a certificate in application gateway and a password for the certificate encryption.

Adding HTTPS listener

Redirection rule

To make a redirect rule, create a new rule to Application Gateway and give a descriptive name for it. Select the listener that you wish to redirect. In backend targets choose Redirection as a permanent mode and target type External site. For target URL place your target URL. Now just save the rule. Remember to create separate rules for HTTP and HTTPS listeners.

Screenshot of routing rule for url redirections

DNS Record

You must create a DNS Records to the public DNS server of your domain to redirect public name to right IP-address. For example:

wvd.bloggerz.cloud A 20.56.243.252

Your target IP is found under public endpoint in Frontend IP Configurations in Application gateway.

Conclusion

You don’t have to anymore host any 3rd party appliances or custom websites for redirections. You probably have already some Application Gateway in your Azure that you can use for these redirections. Remember to use all power of it!


Markus Lintuala

I've been working in IT since 2009 in different roles mostly with solution architecture, service development, training and consultancy side. With Azure I started to work in 2013 and with Microsoft 365 related products in 2011. I like to work often with the newest technologies by testing, giving feedback and share the knowledge to people around me. Currently I'm working much in Azure side with governances, security and solution architectures and in Microsoft 365 side with E5 security solutions with strong zero trust aspect.

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.