The deployment of the App Service Environment with a private endpoint (internal load balancer) is called an ILB App Service Environment. The information in this article describes how to integrate a WAF-configured application gateway with an app in an ILB App Service Environment.

After configuring the setup, it would look like

 

 

 

 

 

 

You should have following ready before the integration:

Application Gateway and ILB ASE is created in same VNet. They are deployed in their own respective subnets. Follow these links to create if not already created-

https://docs.microsoft.com/en-us/azure/app-service/environment/integrate-with-application-gateway  (Follow the first 3 steps to create App Gateway)

https://docs.microsoft.com/en-us/azure/app-service/environment/create-ilb-ase

Steps:

  1. Go to your Application Gateway portal. Select Backend pool. Add the ILB address for your ILB App Service Environment.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

You can find this private ILB IP address from IP addresses setting of ASE as shown in below screen:

 

 

2. After the process of configuring your back-end pool is completed, select Health probes. Create a health probe for the domain name that you want to use for your app.

It is important to provide the right Path of the file, the probe will show success result based on whether the folder/file is found or not in the Path.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Also the Host is the custom domain name which you have created for your APP in ILB ASE and set SSL binding for it. If not set, then you should create one as shown below:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3. Now add HTTP settings and select Use Custom probe, and pick the probe that you configured.

You have to add the certificate to authenticate backend comms with ILB ASE. It should cover the ASE domain like *.<ASE domain>

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

4.  Create a Listener to receive any request for “ase-internal-exampleapp.info” :

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

5. Create a Rule and attach the Listener, Backend pool and HTTP setting:

 

 

 

 

 

 

 

 

 

 

 

 

6. Go to the Application Gateway’s Overview section, and copy the public IP address that your Application Gateway uses. Set that IP address as an A record for your app domain name, or use the DNS name for that address in a CNAME record.

 

 

You should verify the Backend health of the probe and it should show status as healthy.

At this point the configuration is completed and the communication between App gateway and ILB ASE should be working.