You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
title: Route traffic using parameter based path selection in portal - Azure Application Gateway
3
+
description: Learn how to use the Azure portal to configure an Azure Application Gateway to choose the backend pool based on the value of a header, part of URL, or query string in the request.
4
+
services: application-gateway
5
+
author: greg-lindsay
6
+
ms.service: azure-application-gateway
7
+
ms.topic: how-to
8
+
ms.date: 09/10/2024
9
+
ms.author: greglin
10
+
ms.custom: mvc
11
+
---
12
+
# Perform parameter based path selection with Azure Application Gateway - Azure portal
13
+
14
+
This article describes how to use the Azure portal to configure an [Application Gateway v2 SKU](./application-gateway-autoscaling-zone-redundant.md) instance to perform parameter based path selection by combining the capabilities of URL Rewrite with path-based routing.
15
+
16
+
If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
17
+
18
+
## Before you begin
19
+
20
+
You need to have an Application Gateway v2 SKU instance to complete the steps in this article. URL rewrite and rewriting headers aren't supported in the v1 SKU. If you don't have the v2 SKU, create an [Application Gateway v2 SKU](./tutorial-autoscale-ps.md) instance before you begin.
21
+
22
+
23
+
## Sign in to Azure
24
+
25
+
Sign in to the [Azure portal](https://portal.azure.com/) with your Azure account.
26
+
27
+
## Configure parameter based path selection
28
+
29
+
For this example, you have a shopping website and the product category is passed as query string in the URL, and you want to route the request to backend based on the query string, then:
30
+
31
+
**Step 1:** Create a path-map as shown in the following image:
32
+
33
+
:::image type="content" source="./media/rewrite-http-headers-url/url-scenario1-1.png" alt-text="A screenshot of URL rewrite scenario 1-1.":::
34
+
35
+
**Step 2 (a):** Create a rewrite set which has 3 rewrite rules:
36
+
37
+
* The first rule has a condition that checks the *query_string* variable for *category=shoes* and has an action that rewrites the URL path to /*listing1* and has **Reevaluate path map** enabled
38
+
39
+
* The second rule has a condition that checks the *query_string* variable for *category=bags* and has an action that rewrites the URL path to /*listing2* and has **Reevaluate path map** enabled
40
+
41
+
* The third rule has a condition that checks the *query_string* variable for *category=accessories* and has an action that rewrites the URL path to /*listing3* and has **Reevaluate path map** enabled
42
+
43
+
:::image type="content" source="./media/rewrite-http-headers-url/url-scenario1-2.png" alt-text="A screenshot of URL rewrite scenario 1-2.":::
44
+
45
+
46
+
**Step 2 (b):** Associate this rewrite set with the default path of the previous path-based rule:
47
+
48
+
:::image type="content" source="./media/rewrite-http-headers-url/url-scenario1-3.png" alt-text="A screenshot of URL rewrite scenario 1-3.":::
49
+
50
+
If the user requests *contoso.com/listing?category=any*, then it's matched with the default path since none of the path patterns in the path map (/listing1, /listing2, /listing3) are matched. Since you associated the previous rewrite set with this path, this rewrite set is evaluated. Because the query string doesn't match the condition in any of the 3 rewrite rules in this rewrite set, no rewrite action takes place. Therefore, the request is routed unchanged to the backend associated with the default path (which is *GenericList*).
51
+
52
+
If the user requests *contoso.com/listing?category=shoes*, then the default path is matched. However, in this case, the condition in the first rule matches. Therefore, the action associated with the condition is executed, which rewrites the URL path to /*listing1* and reevaluates the path-map. When the path-map is reevaluated, the request matches the path associated with pattern */listing1* and the request is routed to the backend associated with this pattern (ShoesListBackendPool).
53
+
54
+
> [!NOTE]
55
+
> This scenario can be extended to any header or cookie value, URL path, query string or server variables based on the conditions defined and essentially enables you to route requests based on those conditions.
56
+
57
+
## Next steps
58
+
59
+
To learn more about how to set up some common use cases, see [common header rewrite scenarios](./rewrite-http-headers-url.md).
Copy file name to clipboardExpand all lines: articles/application-gateway/rewrite-http-headers-url.md
+6-26Lines changed: 6 additions & 26 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: This article provides an overview of rewriting HTTP headers and URL
4
4
author: greg-lindsay
5
5
ms.service: azure-application-gateway
6
6
ms.topic: conceptual
7
-
ms.date: 09/06/2024
7
+
ms.date: 09/10/2024
8
8
ms.author: greglin
9
9
---
10
10
@@ -203,7 +203,7 @@ Here are the steps for replacing the hostname:
203
203
1. Create a rewrite rule with a condition that evaluates if the location header in the response contains azurewebsites.net. Enter the pattern `(https?):\/\/.*azurewebsites\.net(.*)$`.
204
204
2. Perform an action to rewrite the location header so that it has the application gateway's hostname. Do this by entering `{http_resp_Location_1}://contoso.com{http_resp_Location_2}` as the header value. Alternatively, you can also use the server variable `host` to set the hostname to match the original request.
205
205
206
-
206
+
207
207
208
208
#### Implement security HTTP headers to prevent vulnerabilities
209
209
@@ -229,34 +229,14 @@ You can evaluate an HTTP request or response header for the presence of a header
229
229
230
230
#### Parameter based path selection
231
231
232
-
To accomplish scenarios where you want to choose the backend pool based on the value of a header, part of the URL, or query string in the request, you can use the combination of URL Rewrite capability and path-based routing. For example, if you have a shopping website and the product category is passed as query string in the URL, and you want to route the request to backend based on the query string, then:
232
+
To accomplish scenarios where you want to choose the backend pool based on the value of a header, part of the URL, or query string in the request, you can use a combination of URL Rewrite capability and path-based routing.
233
233
234
-
**Step1:** Create a path-map as shown in the image below
234
+
To do this, create a rewrite set with a condition that checks for a specific parameter (query string, header, etc.) and then performs an action where it changes the URL path (ensure **Reevaluate path map**is enabled). The rewrite set must then be associated to a path based rule. The path based rule must contain the same URL paths specified in the rewrite set and their corresponding backend pool.
Thus, the rewrite set allows users to check for a specific parameter and assign it a new path, and the path based rule allows users to assign backend pools to those paths. As long as "Reevaluate path map" is enabled, traffic routs based on the path specified in the rewrite set.
237
237
238
-
**Step 2 (a):** Create a rewrite set which has 3 rewrite rules:
238
+
For a use case example using query strings, see [Route traffic using parameter based path selection in portal](parameter-based-path-selection-portal.md).
239
239
240
-
* The first rule has a condition that checks the *query_string* variable for *category=shoes* and has an action that rewrites the URL path to /*listing1* and has **Reevaluate path map** enabled
241
-
242
-
* The second rule has a condition that checks the *query_string* variable for *category=bags* and has an action that rewrites the URL path to /*listing2* and has **Reevaluate path map** enabled
243
-
244
-
* The third rule has a condition that checks the *query_string* variable for *category=accessories* and has an action that rewrites the URL path to /*listing3* and has **Reevaluate path map** enabled
If the user requests *contoso.com/listing?category=any*, then it's matched with the default path since none of the path patterns in the path map (/listing1, /listing2, /listing3) are matched. Since you associated the previous rewrite set with this path, this rewrite set is evaluated. Because the query string won't match the condition in any of the 3 rewrite rules in this rewrite set, no rewrite action takes place. Therefore, the request is routed unchanged to the backend associated with the default path (which is *GenericList*).
255
-
256
-
If the user requests *contoso.com/listing?category=shoes*, then the default path is matched. However, in this case the condition in the first rule matches. Therefore, the action associated with the condition is executed, which rewrites the URL path to /*listing1* and reevaluates the path-map. When the path-map is reevaluated, the request matches the path associated with pattern */listing1* and the request is routed to the backend associated with this pattern (ShoesListBackendPool).
257
-
258
-
> [!NOTE]
259
-
> This scenario can be extended to any header or cookie value, URL path, query string or server variables based on the conditions defined and essentially enables you to route requests based on those conditions.
260
240
261
241
#### Rewrite query string parameters based on the URL
Copy file name to clipboardExpand all lines: articles/azure-app-configuration/quickstart-azure-kubernetes-service.md
+9-3Lines changed: 9 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -241,7 +241,7 @@ Add following key-values to the App Configuration store and leave **Label** and
241
241
--namespace azappconfig-system \
242
242
--create-namespace
243
243
```
244
-
244
+
245
245
> [!TIP]
246
246
> The App Configuration Kubernetes Provider is also available as an AKS extension. This integration allows for seamless installation and management via the Azure CLI, ARM templates, or Bicep templates. Utilizing the AKS extension facilitates automatic minor/patch version updates, ensuring your system is always up-to-date. For detailed installation instructions, please refer to the [Azure App Configuration extension for Azure Kubernetes Service](/azure/aks/azure-app-configuration).
247
247
@@ -261,10 +261,10 @@ Add following key-values to the App Configuration store and leave **Label** and
Replace the value of the `endpoint` field with the endpoint of your Azure App Configuration store. Follow the steps in [use workload identity](./reference-kubernetes-provider.md#use-workload-identity) and update the `auth` section with the client ID of the user-assigned managed identity you created.
267
+
Replace the value of the `endpoint` field with the endpoint of your Azure App Configuration store. Proceed to the next step to update the `auth` section with your authentication information.
268
268
269
269
> [!NOTE]
270
270
> `AzureAppConfigurationProvider` is a declarative API object. It defines the desired state of the ConfigMap created from the data in your App Configuration store with the following behavior:
@@ -273,6 +273,8 @@ Add following key-values to the App Configuration store and leave **Label** and
273
273
> - The ConfigMap will be reset based on the present data in your App Configuration store if it's deleted or modified by any other means.
274
274
> - The ConfigMap will be deleted if the App Configuration Kubernetes Provider is uninstalled.
275
275
276
+
1. Follow the [instructions to use the workload identity](./reference-kubernetes-provider.md#use-workload-identity) to authenticate with your App Configuration store. Update the *appConfigurationProvider.yaml* file by replacing the `serviceAccountName` field with the name of the service account you created. For more information on other authentication methods, refer to the examples in the [Authentication](./reference-kubernetes-provider.md#authentication) section.
277
+
276
278
1. Update the *deployment.yaml* file in the *Deployment* directory to use the ConfigMap `configmap-created-by-appconfig-provider` as a mounted data volume. It is important to ensure that the `volumeMounts.mountPath` matches the `WORKDIR` specified in your *Dockerfile* and the *config* directory created before.
277
279
278
280
```yaml
@@ -370,6 +372,10 @@ Ensure that you specify the correct key-value selectors to match the expected da
370
372
371
373
You can customize the installation by providing additional Helm values when installing the Azure App Configuration Kubernetes Provider. For example, you can set the log level, configure the provider to run on a specific node, or disable the workload identity. Refer to the [installation guide](./reference-kubernetes-provider.md#installation) for more information.
372
374
375
+
#### Why am I unable to authenticate with Azure App Configuration using workload identity after upgrading the provider to version 2.0.0?
376
+
377
+
Starting with version 2.0.0, a user-provided service account is required for authenticating with Azure App Configuration [using workload identity](./reference-kubernetes-provider.md#use-workload-identity). This change enhances security through namespace isolation. Previously, a Kubernetes provider’s service account was used for all namespaces. For updated instructions, see the documentation on using workload identity. If you need time to migrate when upgrading to version 2.0.0, you can temporarily set `workloadIdentity.globalServiceAccountEnabled=true` during provider installation. Please note that support for using the provider’s service account will be deprecated in a future release.
378
+
373
379
## Clean up resources
374
380
375
381
Uninstall the App Configuration Kubernetes Provider from your AKS cluster if you want to keep the AKS cluster.
0 commit comments