Merge pull request #217846 from vhorne/waf-ag-portal

change backend to Linux

Author: v-regandowner

articles/web-application-firewall/ag/application-gateway-web-application-firewall-portal.md

@@ -5,15 +5,15 @@ services: web-application-firewall
 author: vhorne
 ms.service: web-application-firewall
 ms.topic: tutorial
-ms.date: 10/28/2022
+ms.date: 11/10/2022
 ms.author: victorh
 ms.custom: template-tutorial, engagement-fy23
 #Customer intent: As an IT administrator, I want to use the Azure portal to set up an application gateway with Web Application Firewall so I can protect my applications.
 ---
 
 # Tutorial: Create an application gateway with a Web Application Firewall using the Azure portal
 
-This tutorial shows you how to use the Azure portal to create an Application Gateway with a Web Application Firewall (WAF). The WAF uses [OWASP](https://owasp.org/www-project-modsecurity-core-rule-set/) rules to protect your application. These rules include protection against attacks such as SQL injection, cross-site scripting attacks, and session hijacks. After creating the application gateway, you test it to make sure it's working correctly. With Azure Application Gateway, you direct your application web traffic to specific resources by assigning listeners to ports, creating rules, and adding resources to a backend pool. For the sake of simplicity, this tutorial uses a simple setup with a public front-end IP, a basic listener to host a single site on this application gateway, two virtual machines used for the backend pool, and a basic request routing rule.
+This tutorial shows you how to use the Azure portal to create an Application Gateway with a Web Application Firewall (WAF). The WAF uses [OWASP](https://owasp.org/www-project-modsecurity-core-rule-set/) rules to protect your application. These rules include protection against attacks such as SQL injection, cross-site scripting attacks, and session hijacks. After creating the application gateway, you test it to make sure it's working correctly. With Azure Application Gateway, you direct your application web traffic to specific resources by assigning listeners to ports, creating rules, and adding resources to a backend pool. For the sake of simplicity, this tutorial uses a simple setup with a public front-end IP, a basic listener to host a single site on this application gateway, two Linux virtual machines used for the backend pool, and a basic request routing rule.
 
 In this tutorial, you learn how to:
 
@@ -144,18 +144,20 @@ In this example, you'll use virtual machines as the target backend. You can eith
 
 To do this, you'll:
 
-1. Create two new VMs, *myVM* and *myVM2*, to be used as backend servers.
-2. Install IIS on the virtual machines to verify that the application gateway was created successfully.
+1. Create two new Linux VMs, *myVM* and *myVM2*, to be used as backend servers.
+2. Install NGINX on the virtual machines to verify that the application gateway was created successfully.
 3. Add the backend servers to the backend pool.
 
 ### Create a virtual machine
 
-1. On the Azure portal, select **Create a resource**. The **New** window appears.
-2. Select **Windows Server 2019 Datacenter** in the **Popular** list. The **Create a virtual machine** page appears.<br>Application Gateway can route traffic to any type of virtual machine used in its backend pool. In this example, you use a Windows Server 2019 Datacenter.
+1. On the Azure portal, select **Create a resource**. The **Create a resource** window appears.
+2. Under **Virtual machine**, select **Create**.
 3. Enter these values in the **Basics** tab for the following virtual machine settings:
 
     - **Resource group**: Select **myResourceGroupAG** for the resource group name.
     - **Virtual machine name**: Enter *myVM* for the name of the virtual machine.
+    - **Image**: Ubuntu Server 20.04 LTS - Gen2.
+    - **Authentication type**: Password
     - **Username**: Enter a name for the administrator username.
     - **Password**: Enter a password for the administrator password.
     - **Public inbound ports**: Select **None**.
@@ -168,31 +170,27 @@ To do this, you'll:
 1. On the **Review + create** tab, review the settings, correct any validation errors, and then select **Create**.
 1. Wait for the virtual machine creation to complete before continuing.
 
-### Install IIS for testing
+### Install NGINX for testing
 
-In this example, you install IIS on the virtual machines only to verify Azure created the application gateway successfully.
+In this example, you install NGINX on the virtual machines only to verify Azure created the application gateway successfully.
 
-1. Open [Azure PowerShell](../../cloud-shell/quickstart-powershell.md). To do so, select **Cloud Shell** from the top navigation bar of the Azure portal and then select **PowerShell** from the drop-down list. 
+1. Open a Bash Cloud Shell. To do so, select the **Cloud Shell** icon from the top navigation bar of the Azure portal and then select **Bash** from the drop-down list.
 
-    :::image type="content" source="../media/application-gateway-web-application-firewall-portal/application-gateway-extension.png" alt-text="Screenshot of accessing PowerShell from Portal Cloud shell.":::
+   :::image type="content" source="../media/application-gateway-web-application-firewall-portal/bash-shell.png" alt-text="Screenshot showing the Bash Cloud Shell.":::
 
-2. Set the location parameter for your environment, and then run the following command to install IIS on the virtual machine: 
+2. Run the following command to install NGINX on the virtual machine: 
 
-    ```azurepowershell-interactive
-    $location = 'east us'
+   ```azurecli-interactive
+    az vm extension set \
+    --publisher Microsoft.Azure.Extensions \
+    --version 2.0 \
+    --name CustomScript \
+    --resource-group myResourceGroupAG \
+    --vm-name myVM \
+    --settings '{ "fileUris": ["https://raw.githubusercontent.com/Azure/azure-docs-powershell-samples/master/application-gateway/iis/install_nginx.sh"], "commandToExecute": "./install_nginx.sh" }'
+   ```
 
-    Set-AzVMExtension `
-      -ResourceGroupName myResourceGroupAG `
-      -ExtensionName IIS `
-      -VMName myVM `
-      -Publisher Microsoft.Compute `
-      -ExtensionType CustomScriptExtension `
-      -TypeHandlerVersion 1.4 `
-      -SettingString '{"commandToExecute":"powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"}' `
-      -Location $location
-    ```
-
-3. Create a second virtual machine and install IIS by using the steps that you previously completed. Use *myVM2* for the virtual machine name and for the **VMName** setting of the **Set-AzVMExtension** cmdlet.
+3. Create a second virtual machine and install NGINX using these steps that you previously completed. Use *myVM2* for the virtual machine name and for the **--vm-name** setting of the cmdlet.
 
 ### Add backend servers to backend pool
 
@@ -216,7 +214,7 @@ In this example, you install IIS on the virtual machines only to verify Azure cr
 
 ## Test the application gateway
 
-Although IIS isn't required to create the application gateway, you installed it to verify whether Azure successfully created the application gateway. Use IIS to test the application gateway:
+Although NGINX isn't required to create the application gateway, you installed it to verify whether Azure successfully created the application gateway. Use the web service to test the application gateway:
 
 1. Find the public IP address for the application gateway on its **Overview** page.
     :::image type="content" source="../media/application-gateway-web-application-firewall-portal/application-gateway-record-ag-address.png" alt-text="Screenshot of Application Gateway public IP address on the Overview page.":::