Azure Heroes | Azure Application Gateway Deep Dive: OWASP WAF, TLS Offloading, and Multi-Site Routing
Join Teams Meeting
April 24,2025 | 13:30PM – 14:30PM AST | (GMT+03:00)
Join the Event:-
Click here to join the Session
April 24,2025 | 13:30PM – 14:30PM AST | (GMT+03:00)
Join the Event:-
Click here to join the Session
What is this session about?
Azure Application Gateway is one of the most capable Layer 7 load balancers in the Azure ecosystem, but also one of the most frequently misconfigured. Teams often deploy it with default settings and miss most of what it can do: OWASP ruleset tuning, custom WAF policies per listener, path-based routing, header rewriting, and end-to-end TLS. This session covers Application Gateway from the inside out.
In this session, we will cover:
In this session, we will cover:
- Application Gateway v2 architecture: components, SKUs, and zone-redundancy
- TLS offloading vs end-to-end TLS: when each is appropriate and how to configure certificates correctly
- WAF mode and detection mode: why many teams run in detection mode permanently and the risks of that decision
- OWASP CRS 3.2 ruleset: what it covers, common false positives, and how to tune exclusions without weakening protection
- Custom WAF policies per listener: per-site rule sets for multi-tenant environments
- Path-based and multi-site routing: hosting multiple applications behind a single gateway
- Rewrite rules: modifying request and response headers, URL rewriting, and affinity cookie management
- Integration with Azure Private Link, Private Endpoints, and backend pool health probe configuration
Speakers
- Mohammad Al Rousan - MVP
