Microsoft.Network applicationGateways 2020-03-01
- Latest
- 2024-05-01
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-04-01
- 2019-02-01
- 2018-12-01
- 2018-11-01
- 2018-10-01
- 2018-08-01
- 2018-07-01
- 2018-06-01
- 2018-04-01
- 2018-02-01
- 2018-01-01
- 2017-11-01
- 2017-10-01
- 2017-09-01
- 2017-08-01
- 2017-06-01
- 2017-03-30
- 2017-03-01
- 2016-12-01
- 2016-09-01
- 2016-06-01
- 2016-03-30
- 2015-06-15
- 2015-05-01-preview
Bicep resource definition
The applicationGateways resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/applicationGateways resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/applicationGateways@2020-03-01' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
location: 'string'
name: 'string'
properties: {
authenticationCertificates: [
id: 'string'
name: 'string'
properties: {
data: 'string'
autoscaleConfiguration: {
maxCapacity: int
minCapacity: int
backendAddressPools: [
id: 'string'
name: 'string'
properties: {
backendAddresses: [
fqdn: 'string'
ipAddress: 'string'
backendHttpSettingsCollection: [
id: 'string'
name: 'string'
properties: {
affinityCookieName: 'string'
authenticationCertificates: [
id: 'string'
connectionDraining: {
drainTimeoutInSec: int
enabled: bool
cookieBasedAffinity: 'string'
hostName: 'string'
path: 'string'
pickHostNameFromBackendAddress: bool
port: int
probe: {
id: 'string'
probeEnabled: bool
protocol: 'string'
requestTimeout: int
trustedRootCertificates: [
id: 'string'
customErrorConfigurations: [
customErrorPageUrl: 'string'
statusCode: 'string'
enableFips: bool
enableHttp2: bool
firewallPolicy: {
id: 'string'
forceFirewallPolicyAssociation: bool
frontendIPConfigurations: [
id: 'string'
name: 'string'
properties: {
privateIPAddress: 'string'
privateIPAllocationMethod: 'string'
publicIPAddress: {
id: 'string'
subnet: {
id: 'string'
frontendPorts: [
id: 'string'
name: 'string'
properties: {
port: int
gatewayIPConfigurations: [
id: 'string'
name: 'string'
properties: {
subnet: {
id: 'string'
httpListeners: [
id: 'string'
name: 'string'
properties: {
customErrorConfigurations: [
customErrorPageUrl: 'string'
statusCode: 'string'
firewallPolicy: {
id: 'string'
frontendIPConfiguration: {
id: 'string'
frontendPort: {
id: 'string'
hostName: 'string'
hostNames: [
protocol: 'string'
requireServerNameIndication: bool
sslCertificate: {
id: 'string'
probes: [
id: 'string'
name: 'string'
properties: {
host: 'string'
interval: int
match: {
body: 'string'
statusCodes: [
minServers: int
path: 'string'
pickHostNameFromBackendHttpSettings: bool
port: int
protocol: 'string'
timeout: int
unhealthyThreshold: int
redirectConfigurations: [
id: 'string'
name: 'string'
properties: {
includePath: bool
includeQueryString: bool
pathRules: [
id: 'string'
redirectType: 'string'
requestRoutingRules: [
id: 'string'
targetListener: {
id: 'string'
targetUrl: 'string'
urlPathMaps: [
id: 'string'
requestRoutingRules: [
id: 'string'
name: 'string'
properties: {
backendAddressPool: {
id: 'string'
backendHttpSettings: {
id: 'string'
httpListener: {
id: 'string'
priority: int
redirectConfiguration: {
id: 'string'
rewriteRuleSet: {
id: 'string'
ruleType: 'string'
urlPathMap: {
id: 'string'
rewriteRuleSets: [
id: 'string'
name: 'string'
properties: {
rewriteRules: [
actionSet: {
requestHeaderConfigurations: [
headerName: 'string'
headerValue: 'string'
responseHeaderConfigurations: [
headerName: 'string'
headerValue: 'string'
urlConfiguration: {
modifiedPath: 'string'
modifiedQueryString: 'string'
reroute: bool
conditions: [
ignoreCase: bool
negate: bool
pattern: 'string'
variable: 'string'
name: 'string'
ruleSequence: int
sku: {
capacity: int
name: 'string'
tier: 'string'
sslCertificates: [
id: 'string'
name: 'string'
properties: {
data: 'string'
keyVaultSecretId: 'string'
password: 'string'
sslPolicy: {
cipherSuites: [
disabledSslProtocols: [
minProtocolVersion: 'string'
policyName: 'string'
policyType: 'string'
trustedRootCertificates: [
id: 'string'
name: 'string'
properties: {
data: 'string'
keyVaultSecretId: 'string'
urlPathMaps: [
id: 'string'
name: 'string'
properties: {
defaultBackendAddressPool: {
id: 'string'
defaultBackendHttpSettings: {
id: 'string'
defaultRedirectConfiguration: {
id: 'string'
defaultRewriteRuleSet: {
id: 'string'
pathRules: [
id: 'string'
name: 'string'
properties: {
backendAddressPool: {
id: 'string'
backendHttpSettings: {
id: 'string'
firewallPolicy: {
id: 'string'
paths: [
redirectConfiguration: {
id: 'string'
rewriteRuleSet: {
id: 'string'
webApplicationFirewallConfiguration: {
disabledRuleGroups: [
ruleGroupName: 'string'
rules: [
enabled: bool
exclusions: [
matchVariable: 'string'
selector: 'string'
selectorMatchOperator: 'string'
fileUploadLimitInMb: int
firewallMode: 'string'
maxRequestBodySize: int
maxRequestBodySizeInKb: int
requestBodyCheck: bool
ruleSetType: 'string'
ruleSetVersion: 'string'
tags: {
{customized property}: 'string'
zones: [
Property Values
Name | Description | Value |
id | Resource ID. | string |
name | Name of the authentication certificate that is unique within an Application Gateway. | string |
properties | Properties of the application gateway authentication certificate. | ApplicationGatewayAuthenticationCertificatePropertiesFormat |
Name | Description | Value |
data | Certificate public data. | string |
Name | Description | Value |
maxCapacity | Upper bound on number of Application Gateway capacity. | int Constraints: Min value = 2 |
minCapacity | Lower bound on number of Application Gateway capacity. | int Constraints: Min value = 0 (required) |
Name | Description | Value |
fqdn | Fully qualified domain name (FQDN). | string |
ipAddress | IP address. | string |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the backend address pool that is unique within an Application Gateway. | string |
properties | Properties of the application gateway backend address pool. | ApplicationGatewayBackendAddressPoolPropertiesFormat |
Name | Description | Value |
backendAddresses | Backend addresses. | ApplicationGatewayBackendAddress[] |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the backend http settings that is unique within an Application Gateway. | string |
properties | Properties of the application gateway backend HTTP settings. | ApplicationGatewayBackendHttpSettingsPropertiesFormat |
Name | Description | Value |
affinityCookieName | Cookie name to use for the affinity cookie. | string |
authenticationCertificates | Array of references to application gateway authentication certificates. | SubResource[] |
connectionDraining | Connection draining of the backend http settings resource. | ApplicationGatewayConnectionDraining |
cookieBasedAffinity | Cookie based affinity. | 'Disabled' 'Enabled' |
hostName | Host header to be sent to the backend servers. | string |
path | Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. | string |
pickHostNameFromBackendAddress | Whether to pick host header should be picked from the host name of the backend server. Default value is false. | bool |
port | The destination port on the backend. | int |
probe | Probe resource of an application gateway. | SubResource |
probeEnabled | Whether the probe is enabled. Default value is false. | bool |
protocol | The protocol used to communicate with the backend. | 'Http' 'Https' |
requestTimeout | Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. | int |
trustedRootCertificates | Array of references to application gateway trusted root certificates. | SubResource[] |
Name | Description | Value |
drainTimeoutInSec | The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. | int Constraints: Min value = 1 Max value = 3600 (required) |
enabled | Whether connection draining is enabled or not. | bool (required) |
Name | Description | Value |
customErrorPageUrl | Error page URL of the application gateway customer error. | string |
statusCode | Status code of the application gateway customer error. | 'HttpStatus403' 'HttpStatus502' |
Name | Description | Value |
ruleGroupName | The name of the rule group that will be disabled. | string (required) |
rules | The list of rules that will be disabled. If null, all rules of the rule group will be disabled. | int[] |
Name | Description | Value |
matchVariable | The variable to be excluded. | string (required) |
selector | When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. | string (required) |
selectorMatchOperator | When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. | string (required) |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the frontend IP configuration that is unique within an Application Gateway. | string |
properties | Properties of the application gateway frontend IP configuration. | ApplicationGatewayFrontendIPConfigurationPropertiesFormat |
Name | Description | Value |
privateIPAddress | PrivateIPAddress of the network interface IP Configuration. | string |
privateIPAllocationMethod | The private IP address allocation method. | 'Dynamic' 'Static' |
publicIPAddress | Reference to the PublicIP resource. | SubResource |
subnet | Reference to the subnet resource. | SubResource |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the frontend port that is unique within an Application Gateway. | string |
properties | Properties of the application gateway frontend port. | ApplicationGatewayFrontendPortPropertiesFormat |
Name | Description | Value |
port | Frontend port. | int |
Name | Description | Value |
headerName | Header name of the header configuration. | string |
headerValue | Header value of the header configuration. | string |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the HTTP listener that is unique within an Application Gateway. | string |
properties | Properties of the application gateway HTTP listener. | ApplicationGatewayHttpListenerPropertiesFormat |
Name | Description | Value |
customErrorConfigurations | Custom error configurations of the HTTP listener. | ApplicationGatewayCustomError[] |
firewallPolicy | Reference to the FirewallPolicy resource. | SubResource |
frontendIPConfiguration | Frontend IP configuration resource of an application gateway. | SubResource |
frontendPort | Frontend port resource of an application gateway. | SubResource |
hostName | Host name of HTTP listener. | string |
hostNames | List of Host names for HTTP Listener that allows special wildcard characters as well. | string[] |
protocol | Protocol of the HTTP listener. | 'Http' 'Https' |
requireServerNameIndication | Applicable only if protocol is https. Enables SNI for multi-hosting. | bool |
sslCertificate | SSL certificate resource of an application gateway. | SubResource |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the IP configuration that is unique within an Application Gateway. | string |
properties | Properties of the application gateway IP configuration. | ApplicationGatewayIPConfigurationPropertiesFormat |
Name | Description | Value |
subnet | Reference to the subnet resource. A subnet from where application gateway gets its private address. | SubResource |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the path rule that is unique within an Application Gateway. | string |
properties | Properties of the application gateway path rule. | ApplicationGatewayPathRulePropertiesFormat |
Name | Description | Value |
backendAddressPool | Backend address pool resource of URL path map path rule. | SubResource |
backendHttpSettings | Backend http settings resource of URL path map path rule. | SubResource |
firewallPolicy | Reference to the FirewallPolicy resource. | SubResource |
paths | Path rules of URL path map. | string[] |
redirectConfiguration | Redirect configuration resource of URL path map path rule. | SubResource |
rewriteRuleSet | Rewrite rule set resource of URL path map path rule. | SubResource |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the probe that is unique within an Application Gateway. | string |
properties | Properties of the application gateway probe. | ApplicationGatewayProbePropertiesFormat |
Name | Description | Value |
body | Body that must be contained in the health response. Default value is empty. | string |
statusCodes | Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. | string[] |
Name | Description | Value |
host | Host name to send the probe to. | string |
interval | The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. | int |
match | Criterion for classifying a healthy probe response. | ApplicationGatewayProbeHealthResponseMatch |
minServers | Minimum number of servers that are always marked healthy. Default value is 0. | int |
path | Relative path of probe. Valid path starts from '/'. Probe is sent to <Protocol>://<host>:<port><path>. | string |
pickHostNameFromBackendHttpSettings | Whether the host header should be picked from the backend http settings. Default value is false. | bool |
port | Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from http settings will be used. This property is valid for Standard_v2 and WAF_v2 only. | int Constraints: Min value = 1 Max value = 65535 |
protocol | The protocol used for the probe. | 'Http' 'Https' |
timeout | The probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. | int |
unhealthyThreshold | The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. | int |
Name | Description | Value |
authenticationCertificates | Authentication certificates of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayAuthenticationCertificate[] |
autoscaleConfiguration | Autoscale Configuration. | ApplicationGatewayAutoscaleConfiguration |
backendAddressPools | Backend address pool of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayBackendAddressPool[] |
backendHttpSettingsCollection | Backend http settings of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayBackendHttpSettings[] |
customErrorConfigurations | Custom error configurations of the application gateway resource. | ApplicationGatewayCustomError[] |
enableFips | Whether FIPS is enabled on the application gateway resource. | bool |
enableHttp2 | Whether HTTP2 is enabled on the application gateway resource. | bool |
firewallPolicy | Reference to the FirewallPolicy resource. | SubResource |
forceFirewallPolicyAssociation | If true, associates a firewall policy with an application gateway regardless whether the policy differs from the WAF Config. | bool |
frontendIPConfigurations | Frontend IP addresses of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayFrontendIPConfiguration[] |
frontendPorts | Frontend ports of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayFrontendPort[] |
gatewayIPConfigurations | Subnets of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayIPConfiguration[] |
httpListeners | Http listeners of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayHttpListener[] |
probes | Probes of the application gateway resource. | ApplicationGatewayProbe[] |
redirectConfigurations | Redirect configurations of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayRedirectConfiguration[] |
requestRoutingRules | Request routing rules of the application gateway resource. | ApplicationGatewayRequestRoutingRule[] |
rewriteRuleSets | Rewrite rules for the application gateway resource. | ApplicationGatewayRewriteRuleSet[] |
sku | SKU of the application gateway resource. | ApplicationGatewaySku |
sslCertificates | SSL certificates of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewaySslCertificate[] |
sslPolicy | SSL policy of the application gateway resource. | ApplicationGatewaySslPolicy |
trustedRootCertificates | Trusted Root certificates of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayTrustedRootCertificate[] |
urlPathMaps | URL path map of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayUrlPathMap[] |
webApplicationFirewallConfiguration | Web application firewall configuration. | ApplicationGatewayWebApplicationFirewallConfiguration |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the redirect configuration that is unique within an Application Gateway. | string |
properties | Properties of the application gateway redirect configuration. | ApplicationGatewayRedirectConfigurationPropertiesFormat |
Name | Description | Value |
includePath | Include path in the redirected url. | bool |
includeQueryString | Include query string in the redirected url. | bool |
pathRules | Path rules specifying redirect configuration. | SubResource[] |
redirectType | HTTP redirection type. | 'Found' 'Permanent' 'SeeOther' 'Temporary' |
requestRoutingRules | Request routing specifying redirect configuration. | SubResource[] |
targetListener | Reference to a listener to redirect the request to. | SubResource |
targetUrl | Url to redirect the request to. | string |
urlPathMaps | Url path maps specifying default redirect configuration. | SubResource[] |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the request routing rule that is unique within an Application Gateway. | string |
properties | Properties of the application gateway request routing rule. | ApplicationGatewayRequestRoutingRulePropertiesFormat |
Name | Description | Value |
backendAddressPool | Backend address pool resource of the application gateway. | SubResource |
backendHttpSettings | Backend http settings resource of the application gateway. | SubResource |
httpListener | Http listener resource of the application gateway. | SubResource |
priority | Priority of the request routing rule. | int Constraints: Min value = 1 Max value = 20000 |
redirectConfiguration | Redirect configuration resource of the application gateway. | SubResource |
rewriteRuleSet | Rewrite Rule Set resource in Basic rule of the application gateway. | SubResource |
ruleType | Rule type. | 'Basic' 'PathBasedRouting' |
urlPathMap | URL path map resource of the application gateway. | SubResource |
Name | Description | Value |
actionSet | Set of actions to be done as part of the rewrite Rule. | ApplicationGatewayRewriteRuleActionSet |
conditions | Conditions based on which the action set execution will be evaluated. | ApplicationGatewayRewriteRuleCondition[] |
name | Name of the rewrite rule that is unique within an Application Gateway. | string |
ruleSequence | Rule Sequence of the rewrite rule that determines the order of execution of a particular rule in a RewriteRuleSet. | int |
Name | Description | Value |
requestHeaderConfigurations | Request Header Actions in the Action Set. | ApplicationGatewayHeaderConfiguration[] |
responseHeaderConfigurations | Response Header Actions in the Action Set. | ApplicationGatewayHeaderConfiguration[] |
urlConfiguration | Url Configuration Action in the Action Set. | ApplicationGatewayUrlConfiguration |
Name | Description | Value |
ignoreCase | Setting this parameter to truth value with force the pattern to do a case in-sensitive comparison. | bool |
negate | Setting this value as truth will force to check the negation of the condition given by the user. | bool |
pattern | The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. | string |
variable | The condition parameter of the RewriteRuleCondition. | string |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the rewrite rule set that is unique within an Application Gateway. | string |
properties | Properties of the application gateway rewrite rule set. | ApplicationGatewayRewriteRuleSetPropertiesFormat |
Name | Description | Value |
rewriteRules | Rewrite rules in the rewrite rule set. | ApplicationGatewayRewriteRule[] |
Name | Description | Value |
capacity | Capacity (instance count) of an application gateway. | int |
name | Name of an application gateway SKU. | 'Standard_Large' 'Standard_Medium' 'Standard_Small' 'Standard_v2' 'WAF_Large' 'WAF_Medium' 'WAF_v2' |
tier | Tier of an application gateway. | 'Standard' 'Standard_v2' 'WAF' 'WAF_v2' |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the SSL certificate that is unique within an Application Gateway. | string |
properties | Properties of the application gateway SSL certificate. | ApplicationGatewaySslCertificatePropertiesFormat |
Name | Description | Value |
data | Base-64 encoded pfx certificate. Only applicable in PUT Request. | string |
keyVaultSecretId | Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. | string |
password | Password for the pfx file specified in data. Only applicable in PUT request. | string |
Name | Description | Value |
disabledSslProtocols | Ssl protocols to be disabled on application gateway. | String array containing any of: 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' |
minProtocolVersion | Minimum version of Ssl protocol to be supported on application gateway. | 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' |
policyName | Name of Ssl predefined policy. | 'AppGwSslPolicy20150501' 'AppGwSslPolicy20170401' 'AppGwSslPolicy20170401S' |
policyType | Type of Ssl Policy. | 'Custom' 'Predefined' |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the trusted root certificate that is unique within an Application Gateway. | string |
properties | Properties of the application gateway trusted root certificate. | ApplicationGatewayTrustedRootCertificatePropertiesFormat |
Name | Description | Value |
data | Certificate public data. | string |
keyVaultSecretId | Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. | string |
Name | Description | Value |
modifiedPath | Url path which user has provided for url rewrite. Null means no path will be updated. Default value is null. | string |
modifiedQueryString | Query string which user has provided for url rewrite. Null means no query string will be updated. Default value is null. | string |
reroute | If set as true, it will re-evaluate the url path map provided in path based request routing rules using modified path. Default value is false. | bool |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the URL path map that is unique within an Application Gateway. | string |
properties | Properties of the application gateway URL path map. | ApplicationGatewayUrlPathMapPropertiesFormat |
Name | Description | Value |
defaultBackendAddressPool | Default backend address pool resource of URL path map. | SubResource |
defaultBackendHttpSettings | Default backend http settings resource of URL path map. | SubResource |
defaultRedirectConfiguration | Default redirect configuration resource of URL path map. | SubResource |
defaultRewriteRuleSet | Default Rewrite rule set resource of URL path map. | SubResource |
pathRules | Path rule of URL path map resource. | ApplicationGatewayPathRule[] |
Name | Description | Value |
disabledRuleGroups | The disabled rule groups. | ApplicationGatewayFirewallDisabledRuleGroup[] |
enabled | Whether the web application firewall is enabled or not. | bool (required) |
exclusions | The exclusion list. | ApplicationGatewayFirewallExclusion[] |
fileUploadLimitInMb | Maximum file upload size in Mb for WAF. | int Constraints: Min value = 0 |
firewallMode | Web application firewall mode. | 'Detection' 'Prevention' (required) |
maxRequestBodySize | Maximum request body size for WAF. | int Constraints: Min value = 8 Max value = 128 |
maxRequestBodySizeInKb | Maximum request body size in Kb for WAF. | int Constraints: Min value = 8 Max value = 128 |
requestBodyCheck | Whether allow WAF to check request Body. | bool |
ruleSetType | The type of the web application firewall rule set. Possible values are: 'OWASP'. | string (required) |
ruleSetVersion | The version of the rule set type. | string (required) |
Name | Description | Value |
Name | Description | Value |
type | The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | ManagedServiceIdentityUserAssignedIdentities |
Name | Description | Value |
Name | Description | Value |
identity | The identity of the application gateway, if configured. | ManagedServiceIdentity |
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of the application gateway. | ApplicationGatewayPropertiesFormat |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
zones | A list of availability zones denoting where the resource needs to come from. | string[] |
Name | Description | Value |
Name | Description | Value |
id | Resource ID. | string |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
Module | Description |
Application Gateway | AVM Resource Module for Application Gateway |
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
Bicep File | Description |
AKS Cluster with a NAT Gateway and an Application Gateway | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
AKS cluster with the Application Gateway Ingress Controller | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
Application Gateway for Url Path Based Routing | This template creates an Application Gateway and configures it for URL Path Based Routing. |
Application Gateway with internal API Management and Web App | Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. |
Application Gateway with WAF and firewall policy | This template creates an Application Gateway with WAF configured along with a firewall policy |
Create a Web App, PE and Application Gateway v2 | This template creates an Azure Web App with Private endpoint in Azure Virtual Network Subnet , an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet). The Web App restricts access to traffic from the subnet using private endpoint |
Create an Application Gateway v2 | This template creates an application gateway v2 in a virtual network and sets up auto scaling properties and an HTTP load-balancing rule with public frontend |
Create an Azure Application Gateway v2 | This template creates an Azure Application Gateway with two Windows Server 2016 servers in the backend pool |
Create an Azure WAF v2 on Azure Application Gateway | This template creates an Azure Web Application Firewall v2 on Azure Application Gateway with two Windows Server 2016 servers in the backend pool |
Create API Management in Internal VNet with App Gateway | This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway. |
Create Application Gateway with Certificates | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
Deploy a Windows VM scale set with Azure Application Gateway | This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs |
Front Door Standard/Premium with Application Gateway origin | This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin. |
Front Door with Container Instances and Application Gateway | This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
ARM template resource definition
The applicationGateways resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/applicationGateways resource, add the following JSON to your template.
"type": "Microsoft.Network/applicationGateways",
"apiVersion": "2020-03-01",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
"location": "string",
"properties": {
"authenticationCertificates": [
"id": "string",
"name": "string",
"properties": {
"data": "string"
"autoscaleConfiguration": {
"maxCapacity": "int",
"minCapacity": "int"
"backendAddressPools": [
"id": "string",
"name": "string",
"properties": {
"backendAddresses": [
"fqdn": "string",
"ipAddress": "string"
"backendHttpSettingsCollection": [
"id": "string",
"name": "string",
"properties": {
"affinityCookieName": "string",
"authenticationCertificates": [
"id": "string"
"connectionDraining": {
"drainTimeoutInSec": "int",
"enabled": "bool"
"cookieBasedAffinity": "string",
"hostName": "string",
"path": "string",
"pickHostNameFromBackendAddress": "bool",
"port": "int",
"probe": {
"id": "string"
"probeEnabled": "bool",
"protocol": "string",
"requestTimeout": "int",
"trustedRootCertificates": [
"id": "string"
"customErrorConfigurations": [
"customErrorPageUrl": "string",
"statusCode": "string"
"enableFips": "bool",
"enableHttp2": "bool",
"firewallPolicy": {
"id": "string"
"forceFirewallPolicyAssociation": "bool",
"frontendIPConfigurations": [
"id": "string",
"name": "string",
"properties": {
"privateIPAddress": "string",
"privateIPAllocationMethod": "string",
"publicIPAddress": {
"id": "string"
"subnet": {
"id": "string"
"frontendPorts": [
"id": "string",
"name": "string",
"properties": {
"port": "int"
"gatewayIPConfigurations": [
"id": "string",
"name": "string",
"properties": {
"subnet": {
"id": "string"
"httpListeners": [
"id": "string",
"name": "string",
"properties": {
"customErrorConfigurations": [
"customErrorPageUrl": "string",
"statusCode": "string"
"firewallPolicy": {
"id": "string"
"frontendIPConfiguration": {
"id": "string"
"frontendPort": {
"id": "string"
"hostName": "string",
"hostNames": [ "string" ],
"protocol": "string",
"requireServerNameIndication": "bool",
"sslCertificate": {
"id": "string"
"probes": [
"id": "string",
"name": "string",
"properties": {
"host": "string",
"interval": "int",
"match": {
"body": "string",
"statusCodes": [ "string" ]
"minServers": "int",
"path": "string",
"pickHostNameFromBackendHttpSettings": "bool",
"port": "int",
"protocol": "string",
"timeout": "int",
"unhealthyThreshold": "int"
"redirectConfigurations": [
"id": "string",
"name": "string",
"properties": {
"includePath": "bool",
"includeQueryString": "bool",
"pathRules": [
"id": "string"
"redirectType": "string",
"requestRoutingRules": [
"id": "string"
"targetListener": {
"id": "string"
"targetUrl": "string",
"urlPathMaps": [
"id": "string"
"requestRoutingRules": [
"id": "string",
"name": "string",
"properties": {
"backendAddressPool": {
"id": "string"
"backendHttpSettings": {
"id": "string"
"httpListener": {
"id": "string"
"priority": "int",
"redirectConfiguration": {
"id": "string"
"rewriteRuleSet": {
"id": "string"
"ruleType": "string",
"urlPathMap": {
"id": "string"
"rewriteRuleSets": [
"id": "string",
"name": "string",
"properties": {
"rewriteRules": [
"actionSet": {
"requestHeaderConfigurations": [
"headerName": "string",
"headerValue": "string"
"responseHeaderConfigurations": [
"headerName": "string",
"headerValue": "string"
"urlConfiguration": {
"modifiedPath": "string",
"modifiedQueryString": "string",
"reroute": "bool"
"conditions": [
"ignoreCase": "bool",
"negate": "bool",
"pattern": "string",
"variable": "string"
"name": "string",
"ruleSequence": "int"
"sku": {
"capacity": "int",
"name": "string",
"tier": "string"
"sslCertificates": [
"id": "string",
"name": "string",
"properties": {
"data": "string",
"keyVaultSecretId": "string",
"password": "string"
"sslPolicy": {
"cipherSuites": [ "string" ],
"disabledSslProtocols": [ "string" ],
"minProtocolVersion": "string",
"policyName": "string",
"policyType": "string"
"trustedRootCertificates": [
"id": "string",
"name": "string",
"properties": {
"data": "string",
"keyVaultSecretId": "string"
"urlPathMaps": [
"id": "string",
"name": "string",
"properties": {
"defaultBackendAddressPool": {
"id": "string"
"defaultBackendHttpSettings": {
"id": "string"
"defaultRedirectConfiguration": {
"id": "string"
"defaultRewriteRuleSet": {
"id": "string"
"pathRules": [
"id": "string",
"name": "string",
"properties": {
"backendAddressPool": {
"id": "string"
"backendHttpSettings": {
"id": "string"
"firewallPolicy": {
"id": "string"
"paths": [ "string" ],
"redirectConfiguration": {
"id": "string"
"rewriteRuleSet": {
"id": "string"
"webApplicationFirewallConfiguration": {
"disabledRuleGroups": [
"ruleGroupName": "string",
"rules": [ "int" ]
"enabled": "bool",
"exclusions": [
"matchVariable": "string",
"selector": "string",
"selectorMatchOperator": "string"
"fileUploadLimitInMb": "int",
"firewallMode": "string",
"maxRequestBodySize": "int",
"maxRequestBodySizeInKb": "int",
"requestBodyCheck": "bool",
"ruleSetType": "string",
"ruleSetVersion": "string"
"tags": {
"{customized property}": "string"
"zones": [ "string" ]
Property Values
Name | Description | Value |
id | Resource ID. | string |
name | Name of the authentication certificate that is unique within an Application Gateway. | string |
properties | Properties of the application gateway authentication certificate. | ApplicationGatewayAuthenticationCertificatePropertiesFormat |
Name | Description | Value |
data | Certificate public data. | string |
Name | Description | Value |
maxCapacity | Upper bound on number of Application Gateway capacity. | int Constraints: Min value = 2 |
minCapacity | Lower bound on number of Application Gateway capacity. | int Constraints: Min value = 0 (required) |
Name | Description | Value |
fqdn | Fully qualified domain name (FQDN). | string |
ipAddress | IP address. | string |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the backend address pool that is unique within an Application Gateway. | string |
properties | Properties of the application gateway backend address pool. | ApplicationGatewayBackendAddressPoolPropertiesFormat |
Name | Description | Value |
backendAddresses | Backend addresses. | ApplicationGatewayBackendAddress[] |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the backend http settings that is unique within an Application Gateway. | string |
properties | Properties of the application gateway backend HTTP settings. | ApplicationGatewayBackendHttpSettingsPropertiesFormat |
Name | Description | Value |
affinityCookieName | Cookie name to use for the affinity cookie. | string |
authenticationCertificates | Array of references to application gateway authentication certificates. | SubResource[] |
connectionDraining | Connection draining of the backend http settings resource. | ApplicationGatewayConnectionDraining |
cookieBasedAffinity | Cookie based affinity. | 'Disabled' 'Enabled' |
hostName | Host header to be sent to the backend servers. | string |
path | Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. | string |
pickHostNameFromBackendAddress | Whether to pick host header should be picked from the host name of the backend server. Default value is false. | bool |
port | The destination port on the backend. | int |
probe | Probe resource of an application gateway. | SubResource |
probeEnabled | Whether the probe is enabled. Default value is false. | bool |
protocol | The protocol used to communicate with the backend. | 'Http' 'Https' |
requestTimeout | Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. | int |
trustedRootCertificates | Array of references to application gateway trusted root certificates. | SubResource[] |
Name | Description | Value |
drainTimeoutInSec | The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. | int Constraints: Min value = 1 Max value = 3600 (required) |
enabled | Whether connection draining is enabled or not. | bool (required) |
Name | Description | Value |
customErrorPageUrl | Error page URL of the application gateway customer error. | string |
statusCode | Status code of the application gateway customer error. | 'HttpStatus403' 'HttpStatus502' |
Name | Description | Value |
ruleGroupName | The name of the rule group that will be disabled. | string (required) |
rules | The list of rules that will be disabled. If null, all rules of the rule group will be disabled. | int[] |
Name | Description | Value |
matchVariable | The variable to be excluded. | string (required) |
selector | When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. | string (required) |
selectorMatchOperator | When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. | string (required) |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the frontend IP configuration that is unique within an Application Gateway. | string |
properties | Properties of the application gateway frontend IP configuration. | ApplicationGatewayFrontendIPConfigurationPropertiesFormat |
Name | Description | Value |
privateIPAddress | PrivateIPAddress of the network interface IP Configuration. | string |
privateIPAllocationMethod | The private IP address allocation method. | 'Dynamic' 'Static' |
publicIPAddress | Reference to the PublicIP resource. | SubResource |
subnet | Reference to the subnet resource. | SubResource |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the frontend port that is unique within an Application Gateway. | string |
properties | Properties of the application gateway frontend port. | ApplicationGatewayFrontendPortPropertiesFormat |
Name | Description | Value |
port | Frontend port. | int |
Name | Description | Value |
headerName | Header name of the header configuration. | string |
headerValue | Header value of the header configuration. | string |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the HTTP listener that is unique within an Application Gateway. | string |
properties | Properties of the application gateway HTTP listener. | ApplicationGatewayHttpListenerPropertiesFormat |
Name | Description | Value |
customErrorConfigurations | Custom error configurations of the HTTP listener. | ApplicationGatewayCustomError[] |
firewallPolicy | Reference to the FirewallPolicy resource. | SubResource |
frontendIPConfiguration | Frontend IP configuration resource of an application gateway. | SubResource |
frontendPort | Frontend port resource of an application gateway. | SubResource |
hostName | Host name of HTTP listener. | string |
hostNames | List of Host names for HTTP Listener that allows special wildcard characters as well. | string[] |
protocol | Protocol of the HTTP listener. | 'Http' 'Https' |
requireServerNameIndication | Applicable only if protocol is https. Enables SNI for multi-hosting. | bool |
sslCertificate | SSL certificate resource of an application gateway. | SubResource |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the IP configuration that is unique within an Application Gateway. | string |
properties | Properties of the application gateway IP configuration. | ApplicationGatewayIPConfigurationPropertiesFormat |
Name | Description | Value |
subnet | Reference to the subnet resource. A subnet from where application gateway gets its private address. | SubResource |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the path rule that is unique within an Application Gateway. | string |
properties | Properties of the application gateway path rule. | ApplicationGatewayPathRulePropertiesFormat |
Name | Description | Value |
backendAddressPool | Backend address pool resource of URL path map path rule. | SubResource |
backendHttpSettings | Backend http settings resource of URL path map path rule. | SubResource |
firewallPolicy | Reference to the FirewallPolicy resource. | SubResource |
paths | Path rules of URL path map. | string[] |
redirectConfiguration | Redirect configuration resource of URL path map path rule. | SubResource |
rewriteRuleSet | Rewrite rule set resource of URL path map path rule. | SubResource |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the probe that is unique within an Application Gateway. | string |
properties | Properties of the application gateway probe. | ApplicationGatewayProbePropertiesFormat |
Name | Description | Value |
body | Body that must be contained in the health response. Default value is empty. | string |
statusCodes | Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. | string[] |
Name | Description | Value |
host | Host name to send the probe to. | string |
interval | The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. | int |
match | Criterion for classifying a healthy probe response. | ApplicationGatewayProbeHealthResponseMatch |
minServers | Minimum number of servers that are always marked healthy. Default value is 0. | int |
path | Relative path of probe. Valid path starts from '/'. Probe is sent to <Protocol>://<host>:<port><path>. | string |
pickHostNameFromBackendHttpSettings | Whether the host header should be picked from the backend http settings. Default value is false. | bool |
port | Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from http settings will be used. This property is valid for Standard_v2 and WAF_v2 only. | int Constraints: Min value = 1 Max value = 65535 |
protocol | The protocol used for the probe. | 'Http' 'Https' |
timeout | The probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. | int |
unhealthyThreshold | The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. | int |
Name | Description | Value |
authenticationCertificates | Authentication certificates of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayAuthenticationCertificate[] |
autoscaleConfiguration | Autoscale Configuration. | ApplicationGatewayAutoscaleConfiguration |
backendAddressPools | Backend address pool of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayBackendAddressPool[] |
backendHttpSettingsCollection | Backend http settings of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayBackendHttpSettings[] |
customErrorConfigurations | Custom error configurations of the application gateway resource. | ApplicationGatewayCustomError[] |
enableFips | Whether FIPS is enabled on the application gateway resource. | bool |
enableHttp2 | Whether HTTP2 is enabled on the application gateway resource. | bool |
firewallPolicy | Reference to the FirewallPolicy resource. | SubResource |
forceFirewallPolicyAssociation | If true, associates a firewall policy with an application gateway regardless whether the policy differs from the WAF Config. | bool |
frontendIPConfigurations | Frontend IP addresses of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayFrontendIPConfiguration[] |
frontendPorts | Frontend ports of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayFrontendPort[] |
gatewayIPConfigurations | Subnets of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayIPConfiguration[] |
httpListeners | Http listeners of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayHttpListener[] |
probes | Probes of the application gateway resource. | ApplicationGatewayProbe[] |
redirectConfigurations | Redirect configurations of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayRedirectConfiguration[] |
requestRoutingRules | Request routing rules of the application gateway resource. | ApplicationGatewayRequestRoutingRule[] |
rewriteRuleSets | Rewrite rules for the application gateway resource. | ApplicationGatewayRewriteRuleSet[] |
sku | SKU of the application gateway resource. | ApplicationGatewaySku |
sslCertificates | SSL certificates of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewaySslCertificate[] |
sslPolicy | SSL policy of the application gateway resource. | ApplicationGatewaySslPolicy |
trustedRootCertificates | Trusted Root certificates of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayTrustedRootCertificate[] |
urlPathMaps | URL path map of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayUrlPathMap[] |
webApplicationFirewallConfiguration | Web application firewall configuration. | ApplicationGatewayWebApplicationFirewallConfiguration |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the redirect configuration that is unique within an Application Gateway. | string |
properties | Properties of the application gateway redirect configuration. | ApplicationGatewayRedirectConfigurationPropertiesFormat |
Name | Description | Value |
includePath | Include path in the redirected url. | bool |
includeQueryString | Include query string in the redirected url. | bool |
pathRules | Path rules specifying redirect configuration. | SubResource[] |
redirectType | HTTP redirection type. | 'Found' 'Permanent' 'SeeOther' 'Temporary' |
requestRoutingRules | Request routing specifying redirect configuration. | SubResource[] |
targetListener | Reference to a listener to redirect the request to. | SubResource |
targetUrl | Url to redirect the request to. | string |
urlPathMaps | Url path maps specifying default redirect configuration. | SubResource[] |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the request routing rule that is unique within an Application Gateway. | string |
properties | Properties of the application gateway request routing rule. | ApplicationGatewayRequestRoutingRulePropertiesFormat |
Name | Description | Value |
backendAddressPool | Backend address pool resource of the application gateway. | SubResource |
backendHttpSettings | Backend http settings resource of the application gateway. | SubResource |
httpListener | Http listener resource of the application gateway. | SubResource |
priority | Priority of the request routing rule. | int Constraints: Min value = 1 Max value = 20000 |
redirectConfiguration | Redirect configuration resource of the application gateway. | SubResource |
rewriteRuleSet | Rewrite Rule Set resource in Basic rule of the application gateway. | SubResource |
ruleType | Rule type. | 'Basic' 'PathBasedRouting' |
urlPathMap | URL path map resource of the application gateway. | SubResource |
Name | Description | Value |
actionSet | Set of actions to be done as part of the rewrite Rule. | ApplicationGatewayRewriteRuleActionSet |
conditions | Conditions based on which the action set execution will be evaluated. | ApplicationGatewayRewriteRuleCondition[] |
name | Name of the rewrite rule that is unique within an Application Gateway. | string |
ruleSequence | Rule Sequence of the rewrite rule that determines the order of execution of a particular rule in a RewriteRuleSet. | int |
Name | Description | Value |
requestHeaderConfigurations | Request Header Actions in the Action Set. | ApplicationGatewayHeaderConfiguration[] |
responseHeaderConfigurations | Response Header Actions in the Action Set. | ApplicationGatewayHeaderConfiguration[] |
urlConfiguration | Url Configuration Action in the Action Set. | ApplicationGatewayUrlConfiguration |
Name | Description | Value |
ignoreCase | Setting this parameter to truth value with force the pattern to do a case in-sensitive comparison. | bool |
negate | Setting this value as truth will force to check the negation of the condition given by the user. | bool |
pattern | The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. | string |
variable | The condition parameter of the RewriteRuleCondition. | string |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the rewrite rule set that is unique within an Application Gateway. | string |
properties | Properties of the application gateway rewrite rule set. | ApplicationGatewayRewriteRuleSetPropertiesFormat |
Name | Description | Value |
rewriteRules | Rewrite rules in the rewrite rule set. | ApplicationGatewayRewriteRule[] |
Name | Description | Value |
capacity | Capacity (instance count) of an application gateway. | int |
name | Name of an application gateway SKU. | 'Standard_Large' 'Standard_Medium' 'Standard_Small' 'Standard_v2' 'WAF_Large' 'WAF_Medium' 'WAF_v2' |
tier | Tier of an application gateway. | 'Standard' 'Standard_v2' 'WAF' 'WAF_v2' |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the SSL certificate that is unique within an Application Gateway. | string |
properties | Properties of the application gateway SSL certificate. | ApplicationGatewaySslCertificatePropertiesFormat |
Name | Description | Value |
data | Base-64 encoded pfx certificate. Only applicable in PUT Request. | string |
keyVaultSecretId | Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. | string |
password | Password for the pfx file specified in data. Only applicable in PUT request. | string |
Name | Description | Value |
disabledSslProtocols | Ssl protocols to be disabled on application gateway. | String array containing any of: 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' |
minProtocolVersion | Minimum version of Ssl protocol to be supported on application gateway. | 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' |
policyName | Name of Ssl predefined policy. | 'AppGwSslPolicy20150501' 'AppGwSslPolicy20170401' 'AppGwSslPolicy20170401S' |
policyType | Type of Ssl Policy. | 'Custom' 'Predefined' |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the trusted root certificate that is unique within an Application Gateway. | string |
properties | Properties of the application gateway trusted root certificate. | ApplicationGatewayTrustedRootCertificatePropertiesFormat |
Name | Description | Value |
data | Certificate public data. | string |
keyVaultSecretId | Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. | string |
Name | Description | Value |
modifiedPath | Url path which user has provided for url rewrite. Null means no path will be updated. Default value is null. | string |
modifiedQueryString | Query string which user has provided for url rewrite. Null means no query string will be updated. Default value is null. | string |
reroute | If set as true, it will re-evaluate the url path map provided in path based request routing rules using modified path. Default value is false. | bool |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the URL path map that is unique within an Application Gateway. | string |
properties | Properties of the application gateway URL path map. | ApplicationGatewayUrlPathMapPropertiesFormat |
Name | Description | Value |
defaultBackendAddressPool | Default backend address pool resource of URL path map. | SubResource |
defaultBackendHttpSettings | Default backend http settings resource of URL path map. | SubResource |
defaultRedirectConfiguration | Default redirect configuration resource of URL path map. | SubResource |
defaultRewriteRuleSet | Default Rewrite rule set resource of URL path map. | SubResource |
pathRules | Path rule of URL path map resource. | ApplicationGatewayPathRule[] |
Name | Description | Value |
disabledRuleGroups | The disabled rule groups. | ApplicationGatewayFirewallDisabledRuleGroup[] |
enabled | Whether the web application firewall is enabled or not. | bool (required) |
exclusions | The exclusion list. | ApplicationGatewayFirewallExclusion[] |
fileUploadLimitInMb | Maximum file upload size in Mb for WAF. | int Constraints: Min value = 0 |
firewallMode | Web application firewall mode. | 'Detection' 'Prevention' (required) |
maxRequestBodySize | Maximum request body size for WAF. | int Constraints: Min value = 8 Max value = 128 |
maxRequestBodySizeInKb | Maximum request body size in Kb for WAF. | int Constraints: Min value = 8 Max value = 128 |
requestBodyCheck | Whether allow WAF to check request Body. | bool |
ruleSetType | The type of the web application firewall rule set. Possible values are: 'OWASP'. | string (required) |
ruleSetVersion | The version of the rule set type. | string (required) |
Name | Description | Value |
Name | Description | Value |
type | The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | ManagedServiceIdentityUserAssignedIdentities |
Name | Description | Value |
Name | Description | Value |
apiVersion | The api version | '2020-03-01' |
identity | The identity of the application gateway, if configured. | ManagedServiceIdentity |
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of the application gateway. | ApplicationGatewayPropertiesFormat |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Network/applicationGateways' |
zones | A list of availability zones denoting where the resource needs to come from. | string[] |
Name | Description | Value |
Name | Description | Value |
id | Resource ID. | string |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
Template | Description |
AKS Cluster with a NAT Gateway and an Application Gateway |
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
App Gateway with WAF, SSL, IIS and HTTPS redirection |
This template deploys an Application Gateway with WAF, end to end SSL and HTTP to HTTPS redirect on the IIS servers. |
Application Gateway for a Web App with IP Restriction |
This template creates an application gateway in front of an Azure Web App with IP restriction enabled on the Web App. |
Application Gateway for Multi Hosting |
This template creates an Application Gateway and configures it for Multi Hosting on port 443. |
Application Gateway for Url Path Based Routing |
This template creates an Application Gateway and configures it for URL Path Based Routing. |
Application Gateway with internal API Management and Web App |
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. |
Application Gateway with WAF and firewall policy |
This template creates an Application Gateway with WAF configured along with a firewall policy |
Autoscale LANSA Windows VM ScaleSet with Azure SQL Database |
The template deploys a Windows VMSS with a desired count of VMs in the scale set and a LANSA MSI to install into each VM. Once the VM Scale Set is deployed a custom script extension is used to install the LANSA MSI) |
Azure Application Gateway Demo Setup |
This template allows you to quickly deploy Azure Application Gateway demo to test load-balancing with or without cookie-based affinity. |
Create a Web App protected by Application Gateway v2 |
This template creates an Azure Web App with Access Restriction for an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet) which has a 'Microsoft.Web' Service Endpoint enabled. The Web App restricts access to traffic from the subnet. |
Create a Web App, PE and Application Gateway v2 |
This template creates an Azure Web App with Private endpoint in Azure Virtual Network Subnet , an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet). The Web App restricts access to traffic from the subnet using private endpoint |
Create a WordPress site in a virtual network |
This template creates a WordPress site on Container Instance in a virtual network. And output a public site FQDN which could access WordPress site. |
Create an Application Gateway |
This template creates an application gateway in a virtual network and sets up load balancing rules for any number of virtual machines |
Create an Application Gateway (Custom SSL) |
This template deploys an Application Gateway configured with a custom ssl policy. |
Create an Application Gateway (SSL Policy) |
This template deploys an Application Gateway configured with a predefined ssl policy. |
Create an Application Gateway (WAF) |
This template creates an application gateway with Web Application Firewall functionality in a virtual network and sets up load balancing rules for any number of virtual machines |
Create an Application Gateway for WebApps |
This template creates an application gateway in front of two Azure Web Apps with a custom probe enabled. |
Create an Application Gateway v2 |
This template creates an application gateway v2 in a virtual network and sets up auto scaling properties and an HTTP load-balancing rule with public frontend |
Create an Application Gateway V2 with Key Vault |
This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway. |
Create an Application Gateway with Path Override |
This template deploys an Application Gateway and shows usage of the path override feature for a backend address pool. |
Create an Application Gateway with Probe |
This template deploys an Application Gateway with enhanced probe functionality. |
Create an Application Gateway with Public IP |
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Http Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers. |
Create an Application Gateway with Public IP (Offload) |
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Ssl Offload and Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers. |
Create an Application Gateway with Redirect |
This template creates an application gateway with Redirect functionalities in a virtual network and sets up load balancing and redirect rules (basic and pathbased) |
Create an Application Gateway with Rewrite |
This template creates an application gateway with Rewrite functionalities in a virtual network and sets up load balancing, rewrite rules |
Create an Azure Application Gateway v2 |
This template creates an Azure Application Gateway with two Windows Server 2016 servers in the backend pool |
Create an Azure WAF v2 on Azure Application Gateway |
This template creates an Azure Web Application Firewall v2 on Azure Application Gateway with two Windows Server 2016 servers in the backend pool |
Create an IPv6 Application Gateway |
This template creates an application gateway with an IPv6 frontend in a dual-stack virtual network. |
Create API Management in Internal VNet with App Gateway |
This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway. |
Create Application Gateway with Certificates |
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
Deploy a Windows VM scale set with Azure Application Gateway |
This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs |
Deploy an Ubuntu VM scale set with Azure Application Gateway |
This template allows you to deploy a simple Ubuntu VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs |
eShop Website with ILB ASE |
An App Service Environment is a Premium service plan option of Azure App Service that provides a fully isolated and dedicated environment for securely running Azure App Service apps at high scale, including Web Apps, Mobile Apps, and API Apps. |
Front Door Standard/Premium with Application Gateway origin |
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin. |
Front Door with Container Instances and Application Gateway |
This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
Multi tier App with NSG, ILB, AppGateway |
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing |
Multi tier traffic manager, L4 ILB, L7 AppGateway |
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing |
Terraform (AzAPI provider) resource definition
The applicationGateways resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/applicationGateways resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/applicationGateways@2020-03-01"
name = "string"
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
location = "string"
tags = {
{customized property} = "string"
zones = [
body = jsonencode({
properties = {
authenticationCertificates = [
id = "string"
name = "string"
properties = {
data = "string"
autoscaleConfiguration = {
maxCapacity = int
minCapacity = int
backendAddressPools = [
id = "string"
name = "string"
properties = {
backendAddresses = [
fqdn = "string"
ipAddress = "string"
backendHttpSettingsCollection = [
id = "string"
name = "string"
properties = {
affinityCookieName = "string"
authenticationCertificates = [
id = "string"
connectionDraining = {
drainTimeoutInSec = int
enabled = bool
cookieBasedAffinity = "string"
hostName = "string"
path = "string"
pickHostNameFromBackendAddress = bool
port = int
probe = {
id = "string"
probeEnabled = bool
protocol = "string"
requestTimeout = int
trustedRootCertificates = [
id = "string"
customErrorConfigurations = [
customErrorPageUrl = "string"
statusCode = "string"
enableFips = bool
enableHttp2 = bool
firewallPolicy = {
id = "string"
forceFirewallPolicyAssociation = bool
frontendIPConfigurations = [
id = "string"
name = "string"
properties = {
privateIPAddress = "string"
privateIPAllocationMethod = "string"
publicIPAddress = {
id = "string"
subnet = {
id = "string"
frontendPorts = [
id = "string"
name = "string"
properties = {
port = int
gatewayIPConfigurations = [
id = "string"
name = "string"
properties = {
subnet = {
id = "string"
httpListeners = [
id = "string"
name = "string"
properties = {
customErrorConfigurations = [
customErrorPageUrl = "string"
statusCode = "string"
firewallPolicy = {
id = "string"
frontendIPConfiguration = {
id = "string"
frontendPort = {
id = "string"
hostName = "string"
hostNames = [
protocol = "string"
requireServerNameIndication = bool
sslCertificate = {
id = "string"
probes = [
id = "string"
name = "string"
properties = {
host = "string"
interval = int
match = {
body = "string"
statusCodes = [
minServers = int
path = "string"
pickHostNameFromBackendHttpSettings = bool
port = int
protocol = "string"
timeout = int
unhealthyThreshold = int
redirectConfigurations = [
id = "string"
name = "string"
properties = {
includePath = bool
includeQueryString = bool
pathRules = [
id = "string"
redirectType = "string"
requestRoutingRules = [
id = "string"
targetListener = {
id = "string"
targetUrl = "string"
urlPathMaps = [
id = "string"
requestRoutingRules = [
id = "string"
name = "string"
properties = {
backendAddressPool = {
id = "string"
backendHttpSettings = {
id = "string"
httpListener = {
id = "string"
priority = int
redirectConfiguration = {
id = "string"
rewriteRuleSet = {
id = "string"
ruleType = "string"
urlPathMap = {
id = "string"
rewriteRuleSets = [
id = "string"
name = "string"
properties = {
rewriteRules = [
actionSet = {
requestHeaderConfigurations = [
headerName = "string"
headerValue = "string"
responseHeaderConfigurations = [
headerName = "string"
headerValue = "string"
urlConfiguration = {
modifiedPath = "string"
modifiedQueryString = "string"
reroute = bool
conditions = [
ignoreCase = bool
negate = bool
pattern = "string"
variable = "string"
name = "string"
ruleSequence = int
sku = {
capacity = int
name = "string"
tier = "string"
sslCertificates = [
id = "string"
name = "string"
properties = {
data = "string"
keyVaultSecretId = "string"
password = "string"
sslPolicy = {
cipherSuites = [
disabledSslProtocols = [
minProtocolVersion = "string"
policyName = "string"
policyType = "string"
trustedRootCertificates = [
id = "string"
name = "string"
properties = {
data = "string"
keyVaultSecretId = "string"
urlPathMaps = [
id = "string"
name = "string"
properties = {
defaultBackendAddressPool = {
id = "string"
defaultBackendHttpSettings = {
id = "string"
defaultRedirectConfiguration = {
id = "string"
defaultRewriteRuleSet = {
id = "string"
pathRules = [
id = "string"
name = "string"
properties = {
backendAddressPool = {
id = "string"
backendHttpSettings = {
id = "string"
firewallPolicy = {
id = "string"
paths = [
redirectConfiguration = {
id = "string"
rewriteRuleSet = {
id = "string"
webApplicationFirewallConfiguration = {
disabledRuleGroups = [
ruleGroupName = "string"
rules = [
enabled = bool
exclusions = [
matchVariable = "string"
selector = "string"
selectorMatchOperator = "string"
fileUploadLimitInMb = int
firewallMode = "string"
maxRequestBodySize = int
maxRequestBodySizeInKb = int
requestBodyCheck = bool
ruleSetType = "string"
ruleSetVersion = "string"
Property Values
Name | Description | Value |
id | Resource ID. | string |
name | Name of the authentication certificate that is unique within an Application Gateway. | string |
properties | Properties of the application gateway authentication certificate. | ApplicationGatewayAuthenticationCertificatePropertiesFormat |
Name | Description | Value |
data | Certificate public data. | string |
Name | Description | Value |
maxCapacity | Upper bound on number of Application Gateway capacity. | int Constraints: Min value = 2 |
minCapacity | Lower bound on number of Application Gateway capacity. | int Constraints: Min value = 0 (required) |
Name | Description | Value |
fqdn | Fully qualified domain name (FQDN). | string |
ipAddress | IP address. | string |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the backend address pool that is unique within an Application Gateway. | string |
properties | Properties of the application gateway backend address pool. | ApplicationGatewayBackendAddressPoolPropertiesFormat |
Name | Description | Value |
backendAddresses | Backend addresses. | ApplicationGatewayBackendAddress[] |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the backend http settings that is unique within an Application Gateway. | string |
properties | Properties of the application gateway backend HTTP settings. | ApplicationGatewayBackendHttpSettingsPropertiesFormat |
Name | Description | Value |
affinityCookieName | Cookie name to use for the affinity cookie. | string |
authenticationCertificates | Array of references to application gateway authentication certificates. | SubResource[] |
connectionDraining | Connection draining of the backend http settings resource. | ApplicationGatewayConnectionDraining |
cookieBasedAffinity | Cookie based affinity. | 'Disabled' 'Enabled' |
hostName | Host header to be sent to the backend servers. | string |
path | Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. | string |
pickHostNameFromBackendAddress | Whether to pick host header should be picked from the host name of the backend server. Default value is false. | bool |
port | The destination port on the backend. | int |
probe | Probe resource of an application gateway. | SubResource |
probeEnabled | Whether the probe is enabled. Default value is false. | bool |
protocol | The protocol used to communicate with the backend. | 'Http' 'Https' |
requestTimeout | Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. | int |
trustedRootCertificates | Array of references to application gateway trusted root certificates. | SubResource[] |
Name | Description | Value |
drainTimeoutInSec | The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. | int Constraints: Min value = 1 Max value = 3600 (required) |
enabled | Whether connection draining is enabled or not. | bool (required) |
Name | Description | Value |
customErrorPageUrl | Error page URL of the application gateway customer error. | string |
statusCode | Status code of the application gateway customer error. | 'HttpStatus403' 'HttpStatus502' |
Name | Description | Value |
ruleGroupName | The name of the rule group that will be disabled. | string (required) |
rules | The list of rules that will be disabled. If null, all rules of the rule group will be disabled. | int[] |
Name | Description | Value |
matchVariable | The variable to be excluded. | string (required) |
selector | When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. | string (required) |
selectorMatchOperator | When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. | string (required) |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the frontend IP configuration that is unique within an Application Gateway. | string |
properties | Properties of the application gateway frontend IP configuration. | ApplicationGatewayFrontendIPConfigurationPropertiesFormat |
Name | Description | Value |
privateIPAddress | PrivateIPAddress of the network interface IP Configuration. | string |
privateIPAllocationMethod | The private IP address allocation method. | 'Dynamic' 'Static' |
publicIPAddress | Reference to the PublicIP resource. | SubResource |
subnet | Reference to the subnet resource. | SubResource |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the frontend port that is unique within an Application Gateway. | string |
properties | Properties of the application gateway frontend port. | ApplicationGatewayFrontendPortPropertiesFormat |
Name | Description | Value |
port | Frontend port. | int |
Name | Description | Value |
headerName | Header name of the header configuration. | string |
headerValue | Header value of the header configuration. | string |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the HTTP listener that is unique within an Application Gateway. | string |
properties | Properties of the application gateway HTTP listener. | ApplicationGatewayHttpListenerPropertiesFormat |
Name | Description | Value |
customErrorConfigurations | Custom error configurations of the HTTP listener. | ApplicationGatewayCustomError[] |
firewallPolicy | Reference to the FirewallPolicy resource. | SubResource |
frontendIPConfiguration | Frontend IP configuration resource of an application gateway. | SubResource |
frontendPort | Frontend port resource of an application gateway. | SubResource |
hostName | Host name of HTTP listener. | string |
hostNames | List of Host names for HTTP Listener that allows special wildcard characters as well. | string[] |
protocol | Protocol of the HTTP listener. | 'Http' 'Https' |
requireServerNameIndication | Applicable only if protocol is https. Enables SNI for multi-hosting. | bool |
sslCertificate | SSL certificate resource of an application gateway. | SubResource |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the IP configuration that is unique within an Application Gateway. | string |
properties | Properties of the application gateway IP configuration. | ApplicationGatewayIPConfigurationPropertiesFormat |
Name | Description | Value |
subnet | Reference to the subnet resource. A subnet from where application gateway gets its private address. | SubResource |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the path rule that is unique within an Application Gateway. | string |
properties | Properties of the application gateway path rule. | ApplicationGatewayPathRulePropertiesFormat |
Name | Description | Value |
backendAddressPool | Backend address pool resource of URL path map path rule. | SubResource |
backendHttpSettings | Backend http settings resource of URL path map path rule. | SubResource |
firewallPolicy | Reference to the FirewallPolicy resource. | SubResource |
paths | Path rules of URL path map. | string[] |
redirectConfiguration | Redirect configuration resource of URL path map path rule. | SubResource |
rewriteRuleSet | Rewrite rule set resource of URL path map path rule. | SubResource |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the probe that is unique within an Application Gateway. | string |
properties | Properties of the application gateway probe. | ApplicationGatewayProbePropertiesFormat |
Name | Description | Value |
body | Body that must be contained in the health response. Default value is empty. | string |
statusCodes | Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. | string[] |
Name | Description | Value |
host | Host name to send the probe to. | string |
interval | The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. | int |
match | Criterion for classifying a healthy probe response. | ApplicationGatewayProbeHealthResponseMatch |
minServers | Minimum number of servers that are always marked healthy. Default value is 0. | int |
path | Relative path of probe. Valid path starts from '/'. Probe is sent to <Protocol>://<host>:<port><path>. | string |
pickHostNameFromBackendHttpSettings | Whether the host header should be picked from the backend http settings. Default value is false. | bool |
port | Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from http settings will be used. This property is valid for Standard_v2 and WAF_v2 only. | int Constraints: Min value = 1 Max value = 65535 |
protocol | The protocol used for the probe. | 'Http' 'Https' |
timeout | The probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. | int |
unhealthyThreshold | The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. | int |
Name | Description | Value |
authenticationCertificates | Authentication certificates of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayAuthenticationCertificate[] |
autoscaleConfiguration | Autoscale Configuration. | ApplicationGatewayAutoscaleConfiguration |
backendAddressPools | Backend address pool of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayBackendAddressPool[] |
backendHttpSettingsCollection | Backend http settings of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayBackendHttpSettings[] |
customErrorConfigurations | Custom error configurations of the application gateway resource. | ApplicationGatewayCustomError[] |
enableFips | Whether FIPS is enabled on the application gateway resource. | bool |
enableHttp2 | Whether HTTP2 is enabled on the application gateway resource. | bool |
firewallPolicy | Reference to the FirewallPolicy resource. | SubResource |
forceFirewallPolicyAssociation | If true, associates a firewall policy with an application gateway regardless whether the policy differs from the WAF Config. | bool |
frontendIPConfigurations | Frontend IP addresses of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayFrontendIPConfiguration[] |
frontendPorts | Frontend ports of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayFrontendPort[] |
gatewayIPConfigurations | Subnets of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayIPConfiguration[] |
httpListeners | Http listeners of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayHttpListener[] |
probes | Probes of the application gateway resource. | ApplicationGatewayProbe[] |
redirectConfigurations | Redirect configurations of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayRedirectConfiguration[] |
requestRoutingRules | Request routing rules of the application gateway resource. | ApplicationGatewayRequestRoutingRule[] |
rewriteRuleSets | Rewrite rules for the application gateway resource. | ApplicationGatewayRewriteRuleSet[] |
sku | SKU of the application gateway resource. | ApplicationGatewaySku |
sslCertificates | SSL certificates of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewaySslCertificate[] |
sslPolicy | SSL policy of the application gateway resource. | ApplicationGatewaySslPolicy |
trustedRootCertificates | Trusted Root certificates of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayTrustedRootCertificate[] |
urlPathMaps | URL path map of the application gateway resource. For default limits, see Application Gateway limits. | ApplicationGatewayUrlPathMap[] |
webApplicationFirewallConfiguration | Web application firewall configuration. | ApplicationGatewayWebApplicationFirewallConfiguration |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the redirect configuration that is unique within an Application Gateway. | string |
properties | Properties of the application gateway redirect configuration. | ApplicationGatewayRedirectConfigurationPropertiesFormat |
Name | Description | Value |
includePath | Include path in the redirected url. | bool |
includeQueryString | Include query string in the redirected url. | bool |
pathRules | Path rules specifying redirect configuration. | SubResource[] |
redirectType | HTTP redirection type. | 'Found' 'Permanent' 'SeeOther' 'Temporary' |
requestRoutingRules | Request routing specifying redirect configuration. | SubResource[] |
targetListener | Reference to a listener to redirect the request to. | SubResource |
targetUrl | Url to redirect the request to. | string |
urlPathMaps | Url path maps specifying default redirect configuration. | SubResource[] |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the request routing rule that is unique within an Application Gateway. | string |
properties | Properties of the application gateway request routing rule. | ApplicationGatewayRequestRoutingRulePropertiesFormat |
Name | Description | Value |
backendAddressPool | Backend address pool resource of the application gateway. | SubResource |
backendHttpSettings | Backend http settings resource of the application gateway. | SubResource |
httpListener | Http listener resource of the application gateway. | SubResource |
priority | Priority of the request routing rule. | int Constraints: Min value = 1 Max value = 20000 |
redirectConfiguration | Redirect configuration resource of the application gateway. | SubResource |
rewriteRuleSet | Rewrite Rule Set resource in Basic rule of the application gateway. | SubResource |
ruleType | Rule type. | 'Basic' 'PathBasedRouting' |
urlPathMap | URL path map resource of the application gateway. | SubResource |
Name | Description | Value |
actionSet | Set of actions to be done as part of the rewrite Rule. | ApplicationGatewayRewriteRuleActionSet |
conditions | Conditions based on which the action set execution will be evaluated. | ApplicationGatewayRewriteRuleCondition[] |
name | Name of the rewrite rule that is unique within an Application Gateway. | string |
ruleSequence | Rule Sequence of the rewrite rule that determines the order of execution of a particular rule in a RewriteRuleSet. | int |
Name | Description | Value |
requestHeaderConfigurations | Request Header Actions in the Action Set. | ApplicationGatewayHeaderConfiguration[] |
responseHeaderConfigurations | Response Header Actions in the Action Set. | ApplicationGatewayHeaderConfiguration[] |
urlConfiguration | Url Configuration Action in the Action Set. | ApplicationGatewayUrlConfiguration |
Name | Description | Value |
ignoreCase | Setting this parameter to truth value with force the pattern to do a case in-sensitive comparison. | bool |
negate | Setting this value as truth will force to check the negation of the condition given by the user. | bool |
pattern | The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. | string |
variable | The condition parameter of the RewriteRuleCondition. | string |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the rewrite rule set that is unique within an Application Gateway. | string |
properties | Properties of the application gateway rewrite rule set. | ApplicationGatewayRewriteRuleSetPropertiesFormat |
Name | Description | Value |
rewriteRules | Rewrite rules in the rewrite rule set. | ApplicationGatewayRewriteRule[] |
Name | Description | Value |
capacity | Capacity (instance count) of an application gateway. | int |
name | Name of an application gateway SKU. | 'Standard_Large' 'Standard_Medium' 'Standard_Small' 'Standard_v2' 'WAF_Large' 'WAF_Medium' 'WAF_v2' |
tier | Tier of an application gateway. | 'Standard' 'Standard_v2' 'WAF' 'WAF_v2' |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the SSL certificate that is unique within an Application Gateway. | string |
properties | Properties of the application gateway SSL certificate. | ApplicationGatewaySslCertificatePropertiesFormat |
Name | Description | Value |
data | Base-64 encoded pfx certificate. Only applicable in PUT Request. | string |
keyVaultSecretId | Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. | string |
password | Password for the pfx file specified in data. Only applicable in PUT request. | string |
Name | Description | Value |
disabledSslProtocols | Ssl protocols to be disabled on application gateway. | String array containing any of: 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' |
minProtocolVersion | Minimum version of Ssl protocol to be supported on application gateway. | 'TLSv1_0' 'TLSv1_1' 'TLSv1_2' |
policyName | Name of Ssl predefined policy. | 'AppGwSslPolicy20150501' 'AppGwSslPolicy20170401' 'AppGwSslPolicy20170401S' |
policyType | Type of Ssl Policy. | 'Custom' 'Predefined' |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the trusted root certificate that is unique within an Application Gateway. | string |
properties | Properties of the application gateway trusted root certificate. | ApplicationGatewayTrustedRootCertificatePropertiesFormat |
Name | Description | Value |
data | Certificate public data. | string |
keyVaultSecretId | Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. | string |
Name | Description | Value |
modifiedPath | Url path which user has provided for url rewrite. Null means no path will be updated. Default value is null. | string |
modifiedQueryString | Query string which user has provided for url rewrite. Null means no query string will be updated. Default value is null. | string |
reroute | If set as true, it will re-evaluate the url path map provided in path based request routing rules using modified path. Default value is false. | bool |
Name | Description | Value |
id | Resource ID. | string |
name | Name of the URL path map that is unique within an Application Gateway. | string |
properties | Properties of the application gateway URL path map. | ApplicationGatewayUrlPathMapPropertiesFormat |
Name | Description | Value |
defaultBackendAddressPool | Default backend address pool resource of URL path map. | SubResource |
defaultBackendHttpSettings | Default backend http settings resource of URL path map. | SubResource |
defaultRedirectConfiguration | Default redirect configuration resource of URL path map. | SubResource |
defaultRewriteRuleSet | Default Rewrite rule set resource of URL path map. | SubResource |
pathRules | Path rule of URL path map resource. | ApplicationGatewayPathRule[] |
Name | Description | Value |
disabledRuleGroups | The disabled rule groups. | ApplicationGatewayFirewallDisabledRuleGroup[] |
enabled | Whether the web application firewall is enabled or not. | bool (required) |
exclusions | The exclusion list. | ApplicationGatewayFirewallExclusion[] |
fileUploadLimitInMb | Maximum file upload size in Mb for WAF. | int Constraints: Min value = 0 |
firewallMode | Web application firewall mode. | 'Detection' 'Prevention' (required) |
maxRequestBodySize | Maximum request body size for WAF. | int Constraints: Min value = 8 Max value = 128 |
maxRequestBodySizeInKb | Maximum request body size in Kb for WAF. | int Constraints: Min value = 8 Max value = 128 |
requestBodyCheck | Whether allow WAF to check request Body. | bool |
ruleSetType | The type of the web application firewall rule set. Possible values are: 'OWASP'. | string (required) |
ruleSetVersion | The version of the rule set type. | string (required) |
Name | Description | Value |
Name | Description | Value |
type | The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | ManagedServiceIdentityUserAssignedIdentities |
Name | Description | Value |
Name | Description | Value |
identity | The identity of the application gateway, if configured. | ManagedServiceIdentity |
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of the application gateway. | ApplicationGatewayPropertiesFormat |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Network/applicationGateways@2020-03-01" |
zones | A list of availability zones denoting where the resource needs to come from. | string[] |
Name | Description | Value |
Name | Description | Value |
id | Resource ID. | string |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
Module | Description |
Application Gateway | AVM Resource Module for Application Gateway |