Microsoft.Network applicationGateways 2019-12-01

Bicep resource definition

The applicationGateways resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/applicationGateways resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/applicationGateways@2019-12-01' = {
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    authenticationCertificates: [
      {
        id: 'string'
        name: 'string'
        properties: {
          data: 'string'
        }
      }
    ]
    autoscaleConfiguration: {
      maxCapacity: int
      minCapacity: int
    }
    backendAddressPools: [
      {
        id: 'string'
        name: 'string'
        properties: {
          backendAddresses: [
            {
              fqdn: 'string'
              ipAddress: 'string'
            }
          ]
        }
      }
    ]
    backendHttpSettingsCollection: [
      {
        id: 'string'
        name: 'string'
        properties: {
          affinityCookieName: 'string'
          authenticationCertificates: [
            {
              id: 'string'
            }
          ]
          connectionDraining: {
            drainTimeoutInSec: int
            enabled: bool
          }
          cookieBasedAffinity: 'string'
          hostName: 'string'
          path: 'string'
          pickHostNameFromBackendAddress: bool
          port: int
          probe: {
            id: 'string'
          }
          probeEnabled: bool
          protocol: 'string'
          requestTimeout: int
          trustedRootCertificates: [
            {
              id: 'string'
            }
          ]
        }
      }
    ]
    customErrorConfigurations: [
      {
        customErrorPageUrl: 'string'
        statusCode: 'string'
      }
    ]
    enableFips: bool
    enableHttp2: bool
    firewallPolicy: {
      id: 'string'
    }
    frontendIPConfigurations: [
      {
        id: 'string'
        name: 'string'
        properties: {
          privateIPAddress: 'string'
          privateIPAllocationMethod: 'string'
          publicIPAddress: {
            id: 'string'
          }
          subnet: {
            id: 'string'
          }
        }
      }
    ]
    frontendPorts: [
      {
        id: 'string'
        name: 'string'
        properties: {
          port: int
        }
      }
    ]
    gatewayIPConfigurations: [
      {
        id: 'string'
        name: 'string'
        properties: {
          subnet: {
            id: 'string'
          }
        }
      }
    ]
    httpListeners: [
      {
        id: 'string'
        name: 'string'
        properties: {
          customErrorConfigurations: [
            {
              customErrorPageUrl: 'string'
              statusCode: 'string'
            }
          ]
          firewallPolicy: {
            id: 'string'
          }
          frontendIPConfiguration: {
            id: 'string'
          }
          frontendPort: {
            id: 'string'
          }
          hostName: 'string'
          hostNames: [
            'string'
          ]
          protocol: 'string'
          requireServerNameIndication: bool
          sslCertificate: {
            id: 'string'
          }
        }
      }
    ]
    probes: [
      {
        id: 'string'
        name: 'string'
        properties: {
          host: 'string'
          interval: int
          match: {
            body: 'string'
            statusCodes: [
              'string'
            ]
          }
          minServers: int
          path: 'string'
          pickHostNameFromBackendHttpSettings: bool
          port: int
          protocol: 'string'
          timeout: int
          unhealthyThreshold: int
        }
      }
    ]
    redirectConfigurations: [
      {
        id: 'string'
        name: 'string'
        properties: {
          includePath: bool
          includeQueryString: bool
          pathRules: [
            {
              id: 'string'
            }
          ]
          redirectType: 'string'
          requestRoutingRules: [
            {
              id: 'string'
            }
          ]
          targetListener: {
            id: 'string'
          }
          targetUrl: 'string'
          urlPathMaps: [
            {
              id: 'string'
            }
          ]
        }
      }
    ]
    requestRoutingRules: [
      {
        id: 'string'
        name: 'string'
        properties: {
          backendAddressPool: {
            id: 'string'
          }
          backendHttpSettings: {
            id: 'string'
          }
          httpListener: {
            id: 'string'
          }
          priority: int
          redirectConfiguration: {
            id: 'string'
          }
          rewriteRuleSet: {
            id: 'string'
          }
          ruleType: 'string'
          urlPathMap: {
            id: 'string'
          }
        }
      }
    ]
    rewriteRuleSets: [
      {
        id: 'string'
        name: 'string'
        properties: {
          rewriteRules: [
            {
              actionSet: {
                requestHeaderConfigurations: [
                  {
                    headerName: 'string'
                    headerValue: 'string'
                  }
                ]
                responseHeaderConfigurations: [
                  {
                    headerName: 'string'
                    headerValue: 'string'
                  }
                ]
                urlConfiguration: {
                  modifiedPath: 'string'
                  modifiedQueryString: 'string'
                  reroute: bool
                }
              }
              conditions: [
                {
                  ignoreCase: bool
                  negate: bool
                  pattern: 'string'
                  variable: 'string'
                }
              ]
              name: 'string'
              ruleSequence: int
            }
          ]
        }
      }
    ]
    sku: {
      capacity: int
      name: 'string'
      tier: 'string'
    }
    sslCertificates: [
      {
        id: 'string'
        name: 'string'
        properties: {
          data: 'string'
          keyVaultSecretId: 'string'
          password: 'string'
        }
      }
    ]
    sslPolicy: {
      cipherSuites: [
        'string'
      ]
      disabledSslProtocols: [
        'string'
      ]
      minProtocolVersion: 'string'
      policyName: 'string'
      policyType: 'string'
    }
    trustedRootCertificates: [
      {
        id: 'string'
        name: 'string'
        properties: {
          data: 'string'
          keyVaultSecretId: 'string'
        }
      }
    ]
    urlPathMaps: [
      {
        id: 'string'
        name: 'string'
        properties: {
          defaultBackendAddressPool: {
            id: 'string'
          }
          defaultBackendHttpSettings: {
            id: 'string'
          }
          defaultRedirectConfiguration: {
            id: 'string'
          }
          defaultRewriteRuleSet: {
            id: 'string'
          }
          pathRules: [
            {
              id: 'string'
              name: 'string'
              properties: {
                backendAddressPool: {
                  id: 'string'
                }
                backendHttpSettings: {
                  id: 'string'
                }
                firewallPolicy: {
                  id: 'string'
                }
                paths: [
                  'string'
                ]
                redirectConfiguration: {
                  id: 'string'
                }
                rewriteRuleSet: {
                  id: 'string'
                }
              }
            }
          ]
        }
      }
    ]
    webApplicationFirewallConfiguration: {
      disabledRuleGroups: [
        {
          ruleGroupName: 'string'
          rules: [
            int
          ]
        }
      ]
      enabled: bool
      exclusions: [
        {
          matchVariable: 'string'
          selector: 'string'
          selectorMatchOperator: 'string'
        }
      ]
      fileUploadLimitInMb: int
      firewallMode: 'string'
      maxRequestBodySize: int
      maxRequestBodySizeInKb: int
      requestBodyCheck: bool
      ruleSetType: 'string'
      ruleSetVersion: 'string'
    }
  }
  tags: {
    {customized property}: 'string'
  }
  zones: [
    'string'
  ]
}

Property values

ApplicationGatewayAuthenticationCertificate

Name Description Value
id Resource ID. string
name Name of the authentication certificate that is unique within an Application Gateway. string
properties Properties of the application gateway authentication certificate. ApplicationGatewayAuthenticationCertificatePropertiesFormat

ApplicationGatewayAuthenticationCertificatePropertiesFormat

Name Description Value
data Certificate public data. string

ApplicationGatewayAutoscaleConfiguration

Name Description Value
maxCapacity Upper bound on number of Application Gateway capacity. int

Constraints:
Min value = 2
minCapacity Lower bound on number of Application Gateway capacity. int

Constraints:
Min value = 0 (required)

ApplicationGatewayBackendAddress

Name Description Value
fqdn Fully qualified domain name (FQDN). string
ipAddress IP address. string

ApplicationGatewayBackendAddressPool

Name Description Value
id Resource ID. string
name Name of the backend address pool that is unique within an Application Gateway. string
properties Properties of the application gateway backend address pool. ApplicationGatewayBackendAddressPoolPropertiesFormat

ApplicationGatewayBackendAddressPoolPropertiesFormat

Name Description Value
backendAddresses Backend addresses. ApplicationGatewayBackendAddress[]

ApplicationGatewayBackendHttpSettings

Name Description Value
id Resource ID. string
name Name of the backend http settings that is unique within an Application Gateway. string
properties Properties of the application gateway backend HTTP settings. ApplicationGatewayBackendHttpSettingsPropertiesFormat

ApplicationGatewayBackendHttpSettingsPropertiesFormat

Name Description Value
affinityCookieName Cookie name to use for the affinity cookie. string
authenticationCertificates Array of references to application gateway authentication certificates. SubResource[]
connectionDraining Connection draining of the backend http settings resource. ApplicationGatewayConnectionDraining
cookieBasedAffinity Cookie based affinity. 'Disabled'
'Enabled'
hostName Host header to be sent to the backend servers. string
path Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. string
pickHostNameFromBackendAddress Whether to pick host header should be picked from the host name of the backend server. Default value is false. bool
port The destination port on the backend. int
probe Probe resource of an application gateway. SubResource
probeEnabled Whether the probe is enabled. Default value is false. bool
protocol The protocol used to communicate with the backend. 'Http'
'Https'
requestTimeout Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. int
trustedRootCertificates Array of references to application gateway trusted root certificates. SubResource[]

ApplicationGatewayConnectionDraining

Name Description Value
drainTimeoutInSec The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. int

Constraints:
Min value = 1
Max value = 3600 (required)
enabled Whether connection draining is enabled or not. bool (required)

ApplicationGatewayCustomError

Name Description Value
customErrorPageUrl Error page URL of the application gateway customer error. string
statusCode Status code of the application gateway customer error. 'HttpStatus403'
'HttpStatus502'

ApplicationGatewayFirewallDisabledRuleGroup

Name Description Value
ruleGroupName The name of the rule group that will be disabled. string (required)
rules The list of rules that will be disabled. If null, all rules of the rule group will be disabled. int[]

ApplicationGatewayFirewallExclusion

Name Description Value
matchVariable The variable to be excluded. string (required)
selector When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. string (required)
selectorMatchOperator When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. string (required)

ApplicationGatewayFrontendIPConfiguration

Name Description Value
id Resource ID. string
name Name of the frontend IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway frontend IP configuration. ApplicationGatewayFrontendIPConfigurationPropertiesFormat

ApplicationGatewayFrontendIPConfigurationPropertiesFormat

Name Description Value
privateIPAddress PrivateIPAddress of the network interface IP Configuration. string
privateIPAllocationMethod The private IP address allocation method. 'Dynamic'
'Static'
publicIPAddress Reference to the PublicIP resource. SubResource
subnet Reference to the subnet resource. SubResource

ApplicationGatewayFrontendPort

Name Description Value
id Resource ID. string
name Name of the frontend port that is unique within an Application Gateway. string
properties Properties of the application gateway frontend port. ApplicationGatewayFrontendPortPropertiesFormat

ApplicationGatewayFrontendPortPropertiesFormat

Name Description Value
port Frontend port. int

ApplicationGatewayHeaderConfiguration

Name Description Value
headerName Header name of the header configuration. string
headerValue Header value of the header configuration. string

ApplicationGatewayHttpListener

Name Description Value
id Resource ID. string
name Name of the HTTP listener that is unique within an Application Gateway. string
properties Properties of the application gateway HTTP listener. ApplicationGatewayHttpListenerPropertiesFormat

ApplicationGatewayHttpListenerPropertiesFormat

Name Description Value
customErrorConfigurations Custom error configurations of the HTTP listener. ApplicationGatewayCustomError[]
firewallPolicy Reference to the FirewallPolicy resource. SubResource
frontendIPConfiguration Frontend IP configuration resource of an application gateway. SubResource
frontendPort Frontend port resource of an application gateway. SubResource
hostName Host name of HTTP listener. string
hostNames List of Host names for HTTP Listener that allows special wildcard characters as well. string[]
protocol Protocol of the HTTP listener. 'Http'
'Https'
requireServerNameIndication Applicable only if protocol is https. Enables SNI for multi-hosting. bool
sslCertificate SSL certificate resource of an application gateway. SubResource

ApplicationGatewayIPConfiguration

Name Description Value
id Resource ID. string
name Name of the IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway IP configuration. ApplicationGatewayIPConfigurationPropertiesFormat

ApplicationGatewayIPConfigurationPropertiesFormat

Name Description Value
subnet Reference to the subnet resource. A subnet from where application gateway gets its private address. SubResource

ApplicationGatewayPathRule

Name Description Value
id Resource ID. string
name Name of the path rule that is unique within an Application Gateway. string
properties Properties of the application gateway path rule. ApplicationGatewayPathRulePropertiesFormat

ApplicationGatewayPathRulePropertiesFormat

Name Description Value
backendAddressPool Backend address pool resource of URL path map path rule. SubResource
backendHttpSettings Backend http settings resource of URL path map path rule. SubResource
firewallPolicy Reference to the FirewallPolicy resource. SubResource
paths Path rules of URL path map. string[]
redirectConfiguration Redirect configuration resource of URL path map path rule. SubResource
rewriteRuleSet Rewrite rule set resource of URL path map path rule. SubResource

ApplicationGatewayProbe

Name Description Value
id Resource ID. string
name Name of the probe that is unique within an Application Gateway. string
properties Properties of the application gateway probe. ApplicationGatewayProbePropertiesFormat

ApplicationGatewayProbeHealthResponseMatch

Name Description Value
body Body that must be contained in the health response. Default value is empty. string
statusCodes Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. string[]

ApplicationGatewayProbePropertiesFormat

Name Description Value
host Host name to send the probe to. string
interval The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. int
match Criterion for classifying a healthy probe response. ApplicationGatewayProbeHealthResponseMatch
minServers Minimum number of servers that are always marked healthy. Default value is 0. int
path Relative path of probe. Valid path starts from '/'. Probe is sent to <Protocol>://<host>:<port><path>. string
pickHostNameFromBackendHttpSettings Whether the host header should be picked from the backend http settings. Default value is false. bool
port Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from http settings will be used. This property is valid for Standard_v2 and WAF_v2 only. int

Constraints:
Min value = 1
Max value = 65535
protocol The protocol used for the probe. 'Http'
'Https'
timeout The probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. int
unhealthyThreshold The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. int

ApplicationGatewayPropertiesFormat

Name Description Value
authenticationCertificates Authentication certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayAuthenticationCertificate[]
autoscaleConfiguration Autoscale Configuration. ApplicationGatewayAutoscaleConfiguration
backendAddressPools Backend address pool of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayBackendAddressPool[]
backendHttpSettingsCollection Backend http settings of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayBackendHttpSettings[]
customErrorConfigurations Custom error configurations of the application gateway resource. ApplicationGatewayCustomError[]
enableFips Whether FIPS is enabled on the application gateway resource. bool
enableHttp2 Whether HTTP2 is enabled on the application gateway resource. bool
firewallPolicy Reference to the FirewallPolicy resource. SubResource
frontendIPConfigurations Frontend IP addresses of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayFrontendIPConfiguration[]
frontendPorts Frontend ports of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayFrontendPort[]
gatewayIPConfigurations Subnets of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayIPConfiguration[]
httpListeners Http listeners of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayHttpListener[]
probes Probes of the application gateway resource. ApplicationGatewayProbe[]
redirectConfigurations Redirect configurations of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayRedirectConfiguration[]
requestRoutingRules Request routing rules of the application gateway resource. ApplicationGatewayRequestRoutingRule[]
rewriteRuleSets Rewrite rules for the application gateway resource. ApplicationGatewayRewriteRuleSet[]
sku SKU of the application gateway resource. ApplicationGatewaySku
sslCertificates SSL certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewaySslCertificate[]
sslPolicy SSL policy of the application gateway resource. ApplicationGatewaySslPolicy
trustedRootCertificates Trusted Root certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayTrustedRootCertificate[]
urlPathMaps URL path map of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayUrlPathMap[]
webApplicationFirewallConfiguration Web application firewall configuration. ApplicationGatewayWebApplicationFirewallConfiguration

ApplicationGatewayRedirectConfiguration

Name Description Value
id Resource ID. string
name Name of the redirect configuration that is unique within an Application Gateway. string
properties Properties of the application gateway redirect configuration. ApplicationGatewayRedirectConfigurationPropertiesFormat

ApplicationGatewayRedirectConfigurationPropertiesFormat

Name Description Value
includePath Include path in the redirected url. bool
includeQueryString Include query string in the redirected url. bool
pathRules Path rules specifying redirect configuration. SubResource[]
redirectType HTTP redirection type. 'Found'
'Permanent'
'SeeOther'
'Temporary'
requestRoutingRules Request routing specifying redirect configuration. SubResource[]
targetListener Reference to a listener to redirect the request to. SubResource
targetUrl Url to redirect the request to. string
urlPathMaps Url path maps specifying default redirect configuration. SubResource[]

ApplicationGatewayRequestRoutingRule

Name Description Value
id Resource ID. string
name Name of the request routing rule that is unique within an Application Gateway. string
properties Properties of the application gateway request routing rule. ApplicationGatewayRequestRoutingRulePropertiesFormat

ApplicationGatewayRequestRoutingRulePropertiesFormat

Name Description Value
backendAddressPool Backend address pool resource of the application gateway. SubResource
backendHttpSettings Backend http settings resource of the application gateway. SubResource
httpListener Http listener resource of the application gateway. SubResource
priority Priority of the request routing rule. int

Constraints:
Min value = 1
Max value = 20000
redirectConfiguration Redirect configuration resource of the application gateway. SubResource
rewriteRuleSet Rewrite Rule Set resource in Basic rule of the application gateway. SubResource
ruleType Rule type. 'Basic'
'PathBasedRouting'
urlPathMap URL path map resource of the application gateway. SubResource

ApplicationGatewayRewriteRule

Name Description Value
actionSet Set of actions to be done as part of the rewrite Rule. ApplicationGatewayRewriteRuleActionSet
conditions Conditions based on which the action set execution will be evaluated. ApplicationGatewayRewriteRuleCondition[]
name Name of the rewrite rule that is unique within an Application Gateway. string
ruleSequence Rule Sequence of the rewrite rule that determines the order of execution of a particular rule in a RewriteRuleSet. int

ApplicationGatewayRewriteRuleActionSet

Name Description Value
requestHeaderConfigurations Request Header Actions in the Action Set. ApplicationGatewayHeaderConfiguration[]
responseHeaderConfigurations Response Header Actions in the Action Set. ApplicationGatewayHeaderConfiguration[]
urlConfiguration Url Configuration Action in the Action Set. ApplicationGatewayUrlConfiguration

ApplicationGatewayRewriteRuleCondition

Name Description Value
ignoreCase Setting this parameter to truth value with force the pattern to do a case in-sensitive comparison. bool
negate Setting this value as truth will force to check the negation of the condition given by the user. bool
pattern The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. string
variable The condition parameter of the RewriteRuleCondition. string

ApplicationGatewayRewriteRuleSet

Name Description Value
id Resource ID. string
name Name of the rewrite rule set that is unique within an Application Gateway. string
properties Properties of the application gateway rewrite rule set. ApplicationGatewayRewriteRuleSetPropertiesFormat

ApplicationGatewayRewriteRuleSetPropertiesFormat

Name Description Value
rewriteRules Rewrite rules in the rewrite rule set. ApplicationGatewayRewriteRule[]

ApplicationGatewaySku

Name Description Value
capacity Capacity (instance count) of an application gateway. int
name Name of an application gateway SKU. 'Standard_Large'
'Standard_Medium'
'Standard_Small'
'Standard_v2'
'WAF_Large'
'WAF_Medium'
'WAF_v2'
tier Tier of an application gateway. 'Standard'
'Standard_v2'
'WAF'
'WAF_v2'

ApplicationGatewaySslCertificate

Name Description Value
id Resource ID. string
name Name of the SSL certificate that is unique within an Application Gateway. string
properties Properties of the application gateway SSL certificate. ApplicationGatewaySslCertificatePropertiesFormat

ApplicationGatewaySslCertificatePropertiesFormat

Name Description Value
data Base-64 encoded pfx certificate. Only applicable in PUT Request. string
keyVaultSecretId Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. string
password Password for the pfx file specified in data. Only applicable in PUT request. string

ApplicationGatewaySslPolicy

Name Description Value
cipherSuites Ssl cipher suites to be enabled in the specified order to application gateway. String array containing any of:
'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256'
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256'
'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'
'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256'
'TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384'
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA'
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256'
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384'
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384'
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'
'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
'TLS_RSA_WITH_AES_128_CBC_SHA'
'TLS_RSA_WITH_AES_128_CBC_SHA256'
'TLS_RSA_WITH_AES_128_GCM_SHA256'
'TLS_RSA_WITH_AES_256_CBC_SHA'
'TLS_RSA_WITH_AES_256_CBC_SHA256'
'TLS_RSA_WITH_AES_256_GCM_SHA384'
disabledSslProtocols Ssl protocols to be disabled on application gateway. String array containing any of:
'TLSv1_0'
'TLSv1_1'
'TLSv1_2'
minProtocolVersion Minimum version of Ssl protocol to be supported on application gateway. 'TLSv1_0'
'TLSv1_1'
'TLSv1_2'
policyName Name of Ssl predefined policy. 'AppGwSslPolicy20150501'
'AppGwSslPolicy20170401'
'AppGwSslPolicy20170401S'
policyType Type of Ssl Policy. 'Custom'
'Predefined'

ApplicationGatewayTrustedRootCertificate

Name Description Value
id Resource ID. string
name Name of the trusted root certificate that is unique within an Application Gateway. string
properties Properties of the application gateway trusted root certificate. ApplicationGatewayTrustedRootCertificatePropertiesFormat

ApplicationGatewayTrustedRootCertificatePropertiesFormat

Name Description Value
data Certificate public data. string
keyVaultSecretId Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. string

ApplicationGatewayUrlConfiguration

Name Description Value
modifiedPath Url path which user has provided for url rewrite. Null means no path will be updated. Default value is null. string
modifiedQueryString Query string which user has provided for url rewrite. Null means no query string will be updated. Default value is null. string
reroute If set as true, it will re-evaluate the url path map provided in path based request routing rules using modified path. Default value is false. bool

ApplicationGatewayUrlPathMap

Name Description Value
id Resource ID. string
name Name of the URL path map that is unique within an Application Gateway. string
properties Properties of the application gateway URL path map. ApplicationGatewayUrlPathMapPropertiesFormat

ApplicationGatewayUrlPathMapPropertiesFormat

Name Description Value
defaultBackendAddressPool Default backend address pool resource of URL path map. SubResource
defaultBackendHttpSettings Default backend http settings resource of URL path map. SubResource
defaultRedirectConfiguration Default redirect configuration resource of URL path map. SubResource
defaultRewriteRuleSet Default Rewrite rule set resource of URL path map. SubResource
pathRules Path rule of URL path map resource. ApplicationGatewayPathRule[]

ApplicationGatewayWebApplicationFirewallConfiguration

Name Description Value
disabledRuleGroups The disabled rule groups. ApplicationGatewayFirewallDisabledRuleGroup[]
enabled Whether the web application firewall is enabled or not. bool (required)
exclusions The exclusion list. ApplicationGatewayFirewallExclusion[]
fileUploadLimitInMb Maximum file upload size in Mb for WAF. int

Constraints:
Min value = 0
firewallMode Web application firewall mode. 'Detection'
'Prevention' (required)
maxRequestBodySize Maximum request body size for WAF. int

Constraints:
Min value = 8
Max value = 128
maxRequestBodySizeInKb Maximum request body size in Kb for WAF. int

Constraints:
Min value = 8
Max value = 128
requestBodyCheck Whether allow WAF to check request Body. bool
ruleSetType The type of the web application firewall rule set. Possible values are: 'OWASP'. string (required)
ruleSetVersion The version of the rule set type. string (required)

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name Description Value

ManagedServiceIdentity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

Microsoft.Network/applicationGateways

Name Description Value
identity The identity of the application gateway, if configured. ManagedServiceIdentity
location Resource location. string
name The resource name string (required)
properties Properties of the application gateway. ApplicationGatewayPropertiesFormat
tags Resource tags Dictionary of tag names and values. See Tags in templates
zones A list of availability zones denoting where the resource needs to come from. string[]

ResourceTags

Name Description Value

SubResource

Name Description Value
id Resource ID. string

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
AKS Cluster with a NAT Gateway and an Application Gateway This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Application Gateway with internal API Management and Web App Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.
Application Gateway with WAF and firewall policy This template creates an Application Gateway with WAF configured along with a firewall policy
Create a Web App, PE and Application Gateway v2 This template creates an Azure Web App with Private endpoint in Azure Virtual Network Subnet , an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet). The Web App restricts access to traffic from the subnet using private endpoint
Create an Application Gateway v2 This template creates an application gateway v2 in a virtual network and sets up auto scaling properties and an HTTP load-balancing rule with public frontend
Create an Azure Application Gateway v2 This template creates an Azure Application Gateway with two Windows Server 2016 servers in the backend pool
Create an Azure WAF v2 on Azure Application Gateway This template creates an Azure Web Application Firewall v2 on Azure Application Gateway with two Windows Server 2016 servers in the backend pool
Create API Management in Internal VNet with App Gateway This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway.
Create Application Gateway with Certificates This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway.
Deploy a Windows VM scale set with Azure Application Gateway This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs
Front Door Standard/Premium with Application Gateway origin This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin.
Front Door with Container Instances and Application Gateway This template creates a Front Door Standard/Premium with a container group and Application Gateway.

ARM template resource definition

The applicationGateways resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/applicationGateways resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/applicationGateways",
  "apiVersion": "2019-12-01",
  "name": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "authenticationCertificates": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "data": "string"
        }
      }
    ],
    "autoscaleConfiguration": {
      "maxCapacity": "int",
      "minCapacity": "int"
    },
    "backendAddressPools": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "backendAddresses": [
            {
              "fqdn": "string",
              "ipAddress": "string"
            }
          ]
        }
      }
    ],
    "backendHttpSettingsCollection": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "affinityCookieName": "string",
          "authenticationCertificates": [
            {
              "id": "string"
            }
          ],
          "connectionDraining": {
            "drainTimeoutInSec": "int",
            "enabled": "bool"
          },
          "cookieBasedAffinity": "string",
          "hostName": "string",
          "path": "string",
          "pickHostNameFromBackendAddress": "bool",
          "port": "int",
          "probe": {
            "id": "string"
          },
          "probeEnabled": "bool",
          "protocol": "string",
          "requestTimeout": "int",
          "trustedRootCertificates": [
            {
              "id": "string"
            }
          ]
        }
      }
    ],
    "customErrorConfigurations": [
      {
        "customErrorPageUrl": "string",
        "statusCode": "string"
      }
    ],
    "enableFips": "bool",
    "enableHttp2": "bool",
    "firewallPolicy": {
      "id": "string"
    },
    "frontendIPConfigurations": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "privateIPAddress": "string",
          "privateIPAllocationMethod": "string",
          "publicIPAddress": {
            "id": "string"
          },
          "subnet": {
            "id": "string"
          }
        }
      }
    ],
    "frontendPorts": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "port": "int"
        }
      }
    ],
    "gatewayIPConfigurations": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "subnet": {
            "id": "string"
          }
        }
      }
    ],
    "httpListeners": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "customErrorConfigurations": [
            {
              "customErrorPageUrl": "string",
              "statusCode": "string"
            }
          ],
          "firewallPolicy": {
            "id": "string"
          },
          "frontendIPConfiguration": {
            "id": "string"
          },
          "frontendPort": {
            "id": "string"
          },
          "hostName": "string",
          "hostNames": [ "string" ],
          "protocol": "string",
          "requireServerNameIndication": "bool",
          "sslCertificate": {
            "id": "string"
          }
        }
      }
    ],
    "probes": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "host": "string",
          "interval": "int",
          "match": {
            "body": "string",
            "statusCodes": [ "string" ]
          },
          "minServers": "int",
          "path": "string",
          "pickHostNameFromBackendHttpSettings": "bool",
          "port": "int",
          "protocol": "string",
          "timeout": "int",
          "unhealthyThreshold": "int"
        }
      }
    ],
    "redirectConfigurations": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "includePath": "bool",
          "includeQueryString": "bool",
          "pathRules": [
            {
              "id": "string"
            }
          ],
          "redirectType": "string",
          "requestRoutingRules": [
            {
              "id": "string"
            }
          ],
          "targetListener": {
            "id": "string"
          },
          "targetUrl": "string",
          "urlPathMaps": [
            {
              "id": "string"
            }
          ]
        }
      }
    ],
    "requestRoutingRules": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "backendAddressPool": {
            "id": "string"
          },
          "backendHttpSettings": {
            "id": "string"
          },
          "httpListener": {
            "id": "string"
          },
          "priority": "int",
          "redirectConfiguration": {
            "id": "string"
          },
          "rewriteRuleSet": {
            "id": "string"
          },
          "ruleType": "string",
          "urlPathMap": {
            "id": "string"
          }
        }
      }
    ],
    "rewriteRuleSets": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "rewriteRules": [
            {
              "actionSet": {
                "requestHeaderConfigurations": [
                  {
                    "headerName": "string",
                    "headerValue": "string"
                  }
                ],
                "responseHeaderConfigurations": [
                  {
                    "headerName": "string",
                    "headerValue": "string"
                  }
                ],
                "urlConfiguration": {
                  "modifiedPath": "string",
                  "modifiedQueryString": "string",
                  "reroute": "bool"
                }
              },
              "conditions": [
                {
                  "ignoreCase": "bool",
                  "negate": "bool",
                  "pattern": "string",
                  "variable": "string"
                }
              ],
              "name": "string",
              "ruleSequence": "int"
            }
          ]
        }
      }
    ],
    "sku": {
      "capacity": "int",
      "name": "string",
      "tier": "string"
    },
    "sslCertificates": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "data": "string",
          "keyVaultSecretId": "string",
          "password": "string"
        }
      }
    ],
    "sslPolicy": {
      "cipherSuites": [ "string" ],
      "disabledSslProtocols": [ "string" ],
      "minProtocolVersion": "string",
      "policyName": "string",
      "policyType": "string"
    },
    "trustedRootCertificates": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "data": "string",
          "keyVaultSecretId": "string"
        }
      }
    ],
    "urlPathMaps": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "defaultBackendAddressPool": {
            "id": "string"
          },
          "defaultBackendHttpSettings": {
            "id": "string"
          },
          "defaultRedirectConfiguration": {
            "id": "string"
          },
          "defaultRewriteRuleSet": {
            "id": "string"
          },
          "pathRules": [
            {
              "id": "string",
              "name": "string",
              "properties": {
                "backendAddressPool": {
                  "id": "string"
                },
                "backendHttpSettings": {
                  "id": "string"
                },
                "firewallPolicy": {
                  "id": "string"
                },
                "paths": [ "string" ],
                "redirectConfiguration": {
                  "id": "string"
                },
                "rewriteRuleSet": {
                  "id": "string"
                }
              }
            }
          ]
        }
      }
    ],
    "webApplicationFirewallConfiguration": {
      "disabledRuleGroups": [
        {
          "ruleGroupName": "string",
          "rules": [ "int" ]
        }
      ],
      "enabled": "bool",
      "exclusions": [
        {
          "matchVariable": "string",
          "selector": "string",
          "selectorMatchOperator": "string"
        }
      ],
      "fileUploadLimitInMb": "int",
      "firewallMode": "string",
      "maxRequestBodySize": "int",
      "maxRequestBodySizeInKb": "int",
      "requestBodyCheck": "bool",
      "ruleSetType": "string",
      "ruleSetVersion": "string"
    }
  },
  "tags": {
    "{customized property}": "string"
  },
  "zones": [ "string" ]
}

Property values

ApplicationGatewayAuthenticationCertificate

Name Description Value
id Resource ID. string
name Name of the authentication certificate that is unique within an Application Gateway. string
properties Properties of the application gateway authentication certificate. ApplicationGatewayAuthenticationCertificatePropertiesFormat

ApplicationGatewayAuthenticationCertificatePropertiesFormat

Name Description Value
data Certificate public data. string

ApplicationGatewayAutoscaleConfiguration

Name Description Value
maxCapacity Upper bound on number of Application Gateway capacity. int

Constraints:
Min value = 2
minCapacity Lower bound on number of Application Gateway capacity. int

Constraints:
Min value = 0 (required)

ApplicationGatewayBackendAddress

Name Description Value
fqdn Fully qualified domain name (FQDN). string
ipAddress IP address. string

ApplicationGatewayBackendAddressPool

Name Description Value
id Resource ID. string
name Name of the backend address pool that is unique within an Application Gateway. string
properties Properties of the application gateway backend address pool. ApplicationGatewayBackendAddressPoolPropertiesFormat

ApplicationGatewayBackendAddressPoolPropertiesFormat

Name Description Value
backendAddresses Backend addresses. ApplicationGatewayBackendAddress[]

ApplicationGatewayBackendHttpSettings

Name Description Value
id Resource ID. string
name Name of the backend http settings that is unique within an Application Gateway. string
properties Properties of the application gateway backend HTTP settings. ApplicationGatewayBackendHttpSettingsPropertiesFormat

ApplicationGatewayBackendHttpSettingsPropertiesFormat

Name Description Value
affinityCookieName Cookie name to use for the affinity cookie. string
authenticationCertificates Array of references to application gateway authentication certificates. SubResource[]
connectionDraining Connection draining of the backend http settings resource. ApplicationGatewayConnectionDraining
cookieBasedAffinity Cookie based affinity. 'Disabled'
'Enabled'
hostName Host header to be sent to the backend servers. string
path Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. string
pickHostNameFromBackendAddress Whether to pick host header should be picked from the host name of the backend server. Default value is false. bool
port The destination port on the backend. int
probe Probe resource of an application gateway. SubResource
probeEnabled Whether the probe is enabled. Default value is false. bool
protocol The protocol used to communicate with the backend. 'Http'
'Https'
requestTimeout Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. int
trustedRootCertificates Array of references to application gateway trusted root certificates. SubResource[]

ApplicationGatewayConnectionDraining

Name Description Value
drainTimeoutInSec The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. int

Constraints:
Min value = 1
Max value = 3600 (required)
enabled Whether connection draining is enabled or not. bool (required)

ApplicationGatewayCustomError

Name Description Value
customErrorPageUrl Error page URL of the application gateway customer error. string
statusCode Status code of the application gateway customer error. 'HttpStatus403'
'HttpStatus502'

ApplicationGatewayFirewallDisabledRuleGroup

Name Description Value
ruleGroupName The name of the rule group that will be disabled. string (required)
rules The list of rules that will be disabled. If null, all rules of the rule group will be disabled. int[]

ApplicationGatewayFirewallExclusion

Name Description Value
matchVariable The variable to be excluded. string (required)
selector When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. string (required)
selectorMatchOperator When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. string (required)

ApplicationGatewayFrontendIPConfiguration

Name Description Value
id Resource ID. string
name Name of the frontend IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway frontend IP configuration. ApplicationGatewayFrontendIPConfigurationPropertiesFormat

ApplicationGatewayFrontendIPConfigurationPropertiesFormat

Name Description Value
privateIPAddress PrivateIPAddress of the network interface IP Configuration. string
privateIPAllocationMethod The private IP address allocation method. 'Dynamic'
'Static'
publicIPAddress Reference to the PublicIP resource. SubResource
subnet Reference to the subnet resource. SubResource

ApplicationGatewayFrontendPort

Name Description Value
id Resource ID. string
name Name of the frontend port that is unique within an Application Gateway. string
properties Properties of the application gateway frontend port. ApplicationGatewayFrontendPortPropertiesFormat

ApplicationGatewayFrontendPortPropertiesFormat

Name Description Value
port Frontend port. int

ApplicationGatewayHeaderConfiguration

Name Description Value
headerName Header name of the header configuration. string
headerValue Header value of the header configuration. string

ApplicationGatewayHttpListener

Name Description Value
id Resource ID. string
name Name of the HTTP listener that is unique within an Application Gateway. string
properties Properties of the application gateway HTTP listener. ApplicationGatewayHttpListenerPropertiesFormat

ApplicationGatewayHttpListenerPropertiesFormat

Name Description Value
customErrorConfigurations Custom error configurations of the HTTP listener. ApplicationGatewayCustomError[]
firewallPolicy Reference to the FirewallPolicy resource. SubResource
frontendIPConfiguration Frontend IP configuration resource of an application gateway. SubResource
frontendPort Frontend port resource of an application gateway. SubResource
hostName Host name of HTTP listener. string
hostNames List of Host names for HTTP Listener that allows special wildcard characters as well. string[]
protocol Protocol of the HTTP listener. 'Http'
'Https'
requireServerNameIndication Applicable only if protocol is https. Enables SNI for multi-hosting. bool
sslCertificate SSL certificate resource of an application gateway. SubResource

ApplicationGatewayIPConfiguration

Name Description Value
id Resource ID. string
name Name of the IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway IP configuration. ApplicationGatewayIPConfigurationPropertiesFormat

ApplicationGatewayIPConfigurationPropertiesFormat

Name Description Value
subnet Reference to the subnet resource. A subnet from where application gateway gets its private address. SubResource

ApplicationGatewayPathRule

Name Description Value
id Resource ID. string
name Name of the path rule that is unique within an Application Gateway. string
properties Properties of the application gateway path rule. ApplicationGatewayPathRulePropertiesFormat

ApplicationGatewayPathRulePropertiesFormat

Name Description Value
backendAddressPool Backend address pool resource of URL path map path rule. SubResource
backendHttpSettings Backend http settings resource of URL path map path rule. SubResource
firewallPolicy Reference to the FirewallPolicy resource. SubResource
paths Path rules of URL path map. string[]
redirectConfiguration Redirect configuration resource of URL path map path rule. SubResource
rewriteRuleSet Rewrite rule set resource of URL path map path rule. SubResource

ApplicationGatewayProbe

Name Description Value
id Resource ID. string
name Name of the probe that is unique within an Application Gateway. string
properties Properties of the application gateway probe. ApplicationGatewayProbePropertiesFormat

ApplicationGatewayProbeHealthResponseMatch

Name Description Value
body Body that must be contained in the health response. Default value is empty. string
statusCodes Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. string[]

ApplicationGatewayProbePropertiesFormat

Name Description Value
host Host name to send the probe to. string
interval The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. int
match Criterion for classifying a healthy probe response. ApplicationGatewayProbeHealthResponseMatch
minServers Minimum number of servers that are always marked healthy. Default value is 0. int
path Relative path of probe. Valid path starts from '/'. Probe is sent to <Protocol>://<host>:<port><path>. string
pickHostNameFromBackendHttpSettings Whether the host header should be picked from the backend http settings. Default value is false. bool
port Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from http settings will be used. This property is valid for Standard_v2 and WAF_v2 only. int

Constraints:
Min value = 1
Max value = 65535
protocol The protocol used for the probe. 'Http'
'Https'
timeout The probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. int
unhealthyThreshold The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. int

ApplicationGatewayPropertiesFormat

Name Description Value
authenticationCertificates Authentication certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayAuthenticationCertificate[]
autoscaleConfiguration Autoscale Configuration. ApplicationGatewayAutoscaleConfiguration
backendAddressPools Backend address pool of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayBackendAddressPool[]
backendHttpSettingsCollection Backend http settings of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayBackendHttpSettings[]
customErrorConfigurations Custom error configurations of the application gateway resource. ApplicationGatewayCustomError[]
enableFips Whether FIPS is enabled on the application gateway resource. bool
enableHttp2 Whether HTTP2 is enabled on the application gateway resource. bool
firewallPolicy Reference to the FirewallPolicy resource. SubResource
frontendIPConfigurations Frontend IP addresses of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayFrontendIPConfiguration[]
frontendPorts Frontend ports of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayFrontendPort[]
gatewayIPConfigurations Subnets of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayIPConfiguration[]
httpListeners Http listeners of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayHttpListener[]
probes Probes of the application gateway resource. ApplicationGatewayProbe[]
redirectConfigurations Redirect configurations of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayRedirectConfiguration[]
requestRoutingRules Request routing rules of the application gateway resource. ApplicationGatewayRequestRoutingRule[]
rewriteRuleSets Rewrite rules for the application gateway resource. ApplicationGatewayRewriteRuleSet[]
sku SKU of the application gateway resource. ApplicationGatewaySku
sslCertificates SSL certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewaySslCertificate[]
sslPolicy SSL policy of the application gateway resource. ApplicationGatewaySslPolicy
trustedRootCertificates Trusted Root certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayTrustedRootCertificate[]
urlPathMaps URL path map of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayUrlPathMap[]
webApplicationFirewallConfiguration Web application firewall configuration. ApplicationGatewayWebApplicationFirewallConfiguration

ApplicationGatewayRedirectConfiguration

Name Description Value
id Resource ID. string
name Name of the redirect configuration that is unique within an Application Gateway. string
properties Properties of the application gateway redirect configuration. ApplicationGatewayRedirectConfigurationPropertiesFormat

ApplicationGatewayRedirectConfigurationPropertiesFormat

Name Description Value
includePath Include path in the redirected url. bool
includeQueryString Include query string in the redirected url. bool
pathRules Path rules specifying redirect configuration. SubResource[]
redirectType HTTP redirection type. 'Found'
'Permanent'
'SeeOther'
'Temporary'
requestRoutingRules Request routing specifying redirect configuration. SubResource[]
targetListener Reference to a listener to redirect the request to. SubResource
targetUrl Url to redirect the request to. string
urlPathMaps Url path maps specifying default redirect configuration. SubResource[]

ApplicationGatewayRequestRoutingRule

Name Description Value
id Resource ID. string
name Name of the request routing rule that is unique within an Application Gateway. string
properties Properties of the application gateway request routing rule. ApplicationGatewayRequestRoutingRulePropertiesFormat

ApplicationGatewayRequestRoutingRulePropertiesFormat

Name Description Value
backendAddressPool Backend address pool resource of the application gateway. SubResource
backendHttpSettings Backend http settings resource of the application gateway. SubResource
httpListener Http listener resource of the application gateway. SubResource
priority Priority of the request routing rule. int

Constraints:
Min value = 1
Max value = 20000
redirectConfiguration Redirect configuration resource of the application gateway. SubResource
rewriteRuleSet Rewrite Rule Set resource in Basic rule of the application gateway. SubResource
ruleType Rule type. 'Basic'
'PathBasedRouting'
urlPathMap URL path map resource of the application gateway. SubResource

ApplicationGatewayRewriteRule

Name Description Value
actionSet Set of actions to be done as part of the rewrite Rule. ApplicationGatewayRewriteRuleActionSet
conditions Conditions based on which the action set execution will be evaluated. ApplicationGatewayRewriteRuleCondition[]
name Name of the rewrite rule that is unique within an Application Gateway. string
ruleSequence Rule Sequence of the rewrite rule that determines the order of execution of a particular rule in a RewriteRuleSet. int

ApplicationGatewayRewriteRuleActionSet

Name Description Value
requestHeaderConfigurations Request Header Actions in the Action Set. ApplicationGatewayHeaderConfiguration[]
responseHeaderConfigurations Response Header Actions in the Action Set. ApplicationGatewayHeaderConfiguration[]
urlConfiguration Url Configuration Action in the Action Set. ApplicationGatewayUrlConfiguration

ApplicationGatewayRewriteRuleCondition

Name Description Value
ignoreCase Setting this parameter to truth value with force the pattern to do a case in-sensitive comparison. bool
negate Setting this value as truth will force to check the negation of the condition given by the user. bool
pattern The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. string
variable The condition parameter of the RewriteRuleCondition. string

ApplicationGatewayRewriteRuleSet

Name Description Value
id Resource ID. string
name Name of the rewrite rule set that is unique within an Application Gateway. string
properties Properties of the application gateway rewrite rule set. ApplicationGatewayRewriteRuleSetPropertiesFormat

ApplicationGatewayRewriteRuleSetPropertiesFormat

Name Description Value
rewriteRules Rewrite rules in the rewrite rule set. ApplicationGatewayRewriteRule[]

ApplicationGatewaySku

Name Description Value
capacity Capacity (instance count) of an application gateway. int
name Name of an application gateway SKU. 'Standard_Large'
'Standard_Medium'
'Standard_Small'
'Standard_v2'
'WAF_Large'
'WAF_Medium'
'WAF_v2'
tier Tier of an application gateway. 'Standard'
'Standard_v2'
'WAF'
'WAF_v2'

ApplicationGatewaySslCertificate

Name Description Value
id Resource ID. string
name Name of the SSL certificate that is unique within an Application Gateway. string
properties Properties of the application gateway SSL certificate. ApplicationGatewaySslCertificatePropertiesFormat

ApplicationGatewaySslCertificatePropertiesFormat

Name Description Value
data Base-64 encoded pfx certificate. Only applicable in PUT Request. string
keyVaultSecretId Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. string
password Password for the pfx file specified in data. Only applicable in PUT request. string

ApplicationGatewaySslPolicy

Name Description Value
cipherSuites Ssl cipher suites to be enabled in the specified order to application gateway. String array containing any of:
'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256'
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256'
'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'
'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256'
'TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384'
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA'
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256'
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384'
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384'
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'
'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
'TLS_RSA_WITH_AES_128_CBC_SHA'
'TLS_RSA_WITH_AES_128_CBC_SHA256'
'TLS_RSA_WITH_AES_128_GCM_SHA256'
'TLS_RSA_WITH_AES_256_CBC_SHA'
'TLS_RSA_WITH_AES_256_CBC_SHA256'
'TLS_RSA_WITH_AES_256_GCM_SHA384'
disabledSslProtocols Ssl protocols to be disabled on application gateway. String array containing any of:
'TLSv1_0'
'TLSv1_1'
'TLSv1_2'
minProtocolVersion Minimum version of Ssl protocol to be supported on application gateway. 'TLSv1_0'
'TLSv1_1'
'TLSv1_2'
policyName Name of Ssl predefined policy. 'AppGwSslPolicy20150501'
'AppGwSslPolicy20170401'
'AppGwSslPolicy20170401S'
policyType Type of Ssl Policy. 'Custom'
'Predefined'

ApplicationGatewayTrustedRootCertificate

Name Description Value
id Resource ID. string
name Name of the trusted root certificate that is unique within an Application Gateway. string
properties Properties of the application gateway trusted root certificate. ApplicationGatewayTrustedRootCertificatePropertiesFormat

ApplicationGatewayTrustedRootCertificatePropertiesFormat

Name Description Value
data Certificate public data. string
keyVaultSecretId Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. string

ApplicationGatewayUrlConfiguration

Name Description Value
modifiedPath Url path which user has provided for url rewrite. Null means no path will be updated. Default value is null. string
modifiedQueryString Query string which user has provided for url rewrite. Null means no query string will be updated. Default value is null. string
reroute If set as true, it will re-evaluate the url path map provided in path based request routing rules using modified path. Default value is false. bool

ApplicationGatewayUrlPathMap

Name Description Value
id Resource ID. string
name Name of the URL path map that is unique within an Application Gateway. string
properties Properties of the application gateway URL path map. ApplicationGatewayUrlPathMapPropertiesFormat

ApplicationGatewayUrlPathMapPropertiesFormat

Name Description Value
defaultBackendAddressPool Default backend address pool resource of URL path map. SubResource
defaultBackendHttpSettings Default backend http settings resource of URL path map. SubResource
defaultRedirectConfiguration Default redirect configuration resource of URL path map. SubResource
defaultRewriteRuleSet Default Rewrite rule set resource of URL path map. SubResource
pathRules Path rule of URL path map resource. ApplicationGatewayPathRule[]

ApplicationGatewayWebApplicationFirewallConfiguration

Name Description Value
disabledRuleGroups The disabled rule groups. ApplicationGatewayFirewallDisabledRuleGroup[]
enabled Whether the web application firewall is enabled or not. bool (required)
exclusions The exclusion list. ApplicationGatewayFirewallExclusion[]
fileUploadLimitInMb Maximum file upload size in Mb for WAF. int

Constraints:
Min value = 0
firewallMode Web application firewall mode. 'Detection'
'Prevention' (required)
maxRequestBodySize Maximum request body size for WAF. int

Constraints:
Min value = 8
Max value = 128
maxRequestBodySizeInKb Maximum request body size in Kb for WAF. int

Constraints:
Min value = 8
Max value = 128
requestBodyCheck Whether allow WAF to check request Body. bool
ruleSetType The type of the web application firewall rule set. Possible values are: 'OWASP'. string (required)
ruleSetVersion The version of the rule set type. string (required)

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name Description Value

ManagedServiceIdentity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

Microsoft.Network/applicationGateways

Name Description Value
apiVersion The api version '2019-12-01'
identity The identity of the application gateway, if configured. ManagedServiceIdentity
location Resource location. string
name The resource name string (required)
properties Properties of the application gateway. ApplicationGatewayPropertiesFormat
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Network/applicationGateways'
zones A list of availability zones denoting where the resource needs to come from. string[]

ResourceTags

Name Description Value

SubResource

Name Description Value
id Resource ID. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
App Gateway with WAF, SSL, IIS and HTTPS redirection

Deploy to Azure
This template deploys an Application Gateway with WAF, end to end SSL and HTTP to HTTPS redirect on the IIS servers.
Application Gateway for a Web App with IP Restriction

Deploy to Azure
This template creates an application gateway in front of an Azure Web App with IP restriction enabled on the Web App.
Application Gateway for Multi Hosting

Deploy to Azure
This template creates an Application Gateway and configures it for Multi Hosting on port 443.
Application Gateway for Url Path Based Routing

Deploy to Azure
This template creates an Application Gateway and configures it for URL Path Based Routing.
Application Gateway with internal API Management and Web App

Deploy to Azure
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.
Application Gateway with WAF and firewall policy

Deploy to Azure
This template creates an Application Gateway with WAF configured along with a firewall policy
Autoscale LANSA Windows VM ScaleSet with Azure SQL Database

Deploy to Azure
The template deploys a Windows VMSS with a desired count of VMs in the scale set and a LANSA MSI to install into each VM. Once the VM Scale Set is deployed a custom script extension is used to install the LANSA MSI)
Azure Application Gateway Demo Setup

Deploy to Azure
This template allows you to quickly deploy Azure Application Gateway demo to test load-balancing with or without cookie-based affinity.
Create a Web App protected by Application Gateway v2

Deploy to Azure
This template creates an Azure Web App with Access Restriction for an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet) which has a 'Microsoft.Web' Service Endpoint enabled. The Web App restricts access to traffic from the subnet.
Create a Web App, PE and Application Gateway v2

Deploy to Azure
This template creates an Azure Web App with Private endpoint in Azure Virtual Network Subnet , an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet). The Web App restricts access to traffic from the subnet using private endpoint
Create a WordPress site in a virtual network

Deploy to Azure
This template creates a WordPress site on Container Instance in a virtual network. And output a public site FQDN which could access WordPress site.
Create an Application Gateway

Deploy to Azure
This template creates an application gateway in a virtual network and sets up load balancing rules for any number of virtual machines
Create an Application Gateway (Custom SSL)

Deploy to Azure
This template deploys an Application Gateway configured with a custom ssl policy.
Create an Application Gateway (SSL Policy)

Deploy to Azure
This template deploys an Application Gateway configured with a predefined ssl policy.
Create an Application Gateway (WAF)

Deploy to Azure
This template creates an application gateway with Web Application Firewall functionality in a virtual network and sets up load balancing rules for any number of virtual machines
Create an Application Gateway for WebApps

Deploy to Azure
This template creates an application gateway in front of two Azure Web Apps with a custom probe enabled.
Create an Application Gateway v2

Deploy to Azure
This template creates an application gateway v2 in a virtual network and sets up auto scaling properties and an HTTP load-balancing rule with public frontend
Create an Application Gateway V2 with Key Vault

Deploy to Azure
This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway.
Create an Application Gateway with Path Override

Deploy to Azure
This template deploys an Application Gateway and shows usage of the path override feature for a backend address pool.
Create an Application Gateway with Probe

Deploy to Azure
This template deploys an Application Gateway with enhanced probe functionality.
Create an Application Gateway with Public IP

Deploy to Azure
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Http Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers.
Create an Application Gateway with Public IP (Offload)

Deploy to Azure
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Ssl Offload and Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers.
Create an Application Gateway with Redirect

Deploy to Azure
This template creates an application gateway with Redirect functionalities in a virtual network and sets up load balancing and redirect rules (basic and pathbased)
Create an Application Gateway with Rewrite

Deploy to Azure
This template creates an application gateway with Rewrite functionalities in a virtual network and sets up load balancing, rewrite rules
Create an Azure Application Gateway v2

Deploy to Azure
This template creates an Azure Application Gateway with two Windows Server 2016 servers in the backend pool
Create an Azure WAF v2 on Azure Application Gateway

Deploy to Azure
This template creates an Azure Web Application Firewall v2 on Azure Application Gateway with two Windows Server 2016 servers in the backend pool
Create an IPv6 Application Gateway

Deploy to Azure
This template creates an application gateway with an IPv6 frontend in a dual-stack virtual network.
Create API Management in Internal VNet with App Gateway

Deploy to Azure
This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway.
Create Application Gateway with Certificates

Deploy to Azure
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway.
Deploy a Windows VM scale set with Azure Application Gateway

Deploy to Azure
This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs
Deploy an Ubuntu VM scale set with Azure Application Gateway

Deploy to Azure
This template allows you to deploy a simple Ubuntu VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs
eShop Website with ILB ASE

Deploy to Azure
An App Service Environment is a Premium service plan option of Azure App Service that provides a fully isolated and dedicated environment for securely running Azure App Service apps at high scale, including Web Apps, Mobile Apps, and API Apps.
Front Door Standard/Premium with Application Gateway origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin.
Front Door with Container Instances and Application Gateway

Deploy to Azure
This template creates a Front Door Standard/Premium with a container group and Application Gateway.
Multi tier App with NSG, ILB, AppGateway

Deploy to Azure
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing
Multi tier traffic manager, L4 ILB, L7 AppGateway

Deploy to Azure
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing

Terraform (AzAPI provider) resource definition

The applicationGateways resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/applicationGateways resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/applicationGateways@2019-12-01"
  name = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  location = "string"
  body = jsonencode({
    properties = {
      authenticationCertificates = [
        {
          id = "string"
          name = "string"
          properties = {
            data = "string"
          }
        }
      ]
      autoscaleConfiguration = {
        maxCapacity = int
        minCapacity = int
      }
      backendAddressPools = [
        {
          id = "string"
          name = "string"
          properties = {
            backendAddresses = [
              {
                fqdn = "string"
                ipAddress = "string"
              }
            ]
          }
        }
      ]
      backendHttpSettingsCollection = [
        {
          id = "string"
          name = "string"
          properties = {
            affinityCookieName = "string"
            authenticationCertificates = [
              {
                id = "string"
              }
            ]
            connectionDraining = {
              drainTimeoutInSec = int
              enabled = bool
            }
            cookieBasedAffinity = "string"
            hostName = "string"
            path = "string"
            pickHostNameFromBackendAddress = bool
            port = int
            probe = {
              id = "string"
            }
            probeEnabled = bool
            protocol = "string"
            requestTimeout = int
            trustedRootCertificates = [
              {
                id = "string"
              }
            ]
          }
        }
      ]
      customErrorConfigurations = [
        {
          customErrorPageUrl = "string"
          statusCode = "string"
        }
      ]
      enableFips = bool
      enableHttp2 = bool
      firewallPolicy = {
        id = "string"
      }
      frontendIPConfigurations = [
        {
          id = "string"
          name = "string"
          properties = {
            privateIPAddress = "string"
            privateIPAllocationMethod = "string"
            publicIPAddress = {
              id = "string"
            }
            subnet = {
              id = "string"
            }
          }
        }
      ]
      frontendPorts = [
        {
          id = "string"
          name = "string"
          properties = {
            port = int
          }
        }
      ]
      gatewayIPConfigurations = [
        {
          id = "string"
          name = "string"
          properties = {
            subnet = {
              id = "string"
            }
          }
        }
      ]
      httpListeners = [
        {
          id = "string"
          name = "string"
          properties = {
            customErrorConfigurations = [
              {
                customErrorPageUrl = "string"
                statusCode = "string"
              }
            ]
            firewallPolicy = {
              id = "string"
            }
            frontendIPConfiguration = {
              id = "string"
            }
            frontendPort = {
              id = "string"
            }
            hostName = "string"
            hostNames = [
              "string"
            ]
            protocol = "string"
            requireServerNameIndication = bool
            sslCertificate = {
              id = "string"
            }
          }
        }
      ]
      probes = [
        {
          id = "string"
          name = "string"
          properties = {
            host = "string"
            interval = int
            match = {
              body = "string"
              statusCodes = [
                "string"
              ]
            }
            minServers = int
            path = "string"
            pickHostNameFromBackendHttpSettings = bool
            port = int
            protocol = "string"
            timeout = int
            unhealthyThreshold = int
          }
        }
      ]
      redirectConfigurations = [
        {
          id = "string"
          name = "string"
          properties = {
            includePath = bool
            includeQueryString = bool
            pathRules = [
              {
                id = "string"
              }
            ]
            redirectType = "string"
            requestRoutingRules = [
              {
                id = "string"
              }
            ]
            targetListener = {
              id = "string"
            }
            targetUrl = "string"
            urlPathMaps = [
              {
                id = "string"
              }
            ]
          }
        }
      ]
      requestRoutingRules = [
        {
          id = "string"
          name = "string"
          properties = {
            backendAddressPool = {
              id = "string"
            }
            backendHttpSettings = {
              id = "string"
            }
            httpListener = {
              id = "string"
            }
            priority = int
            redirectConfiguration = {
              id = "string"
            }
            rewriteRuleSet = {
              id = "string"
            }
            ruleType = "string"
            urlPathMap = {
              id = "string"
            }
          }
        }
      ]
      rewriteRuleSets = [
        {
          id = "string"
          name = "string"
          properties = {
            rewriteRules = [
              {
                actionSet = {
                  requestHeaderConfigurations = [
                    {
                      headerName = "string"
                      headerValue = "string"
                    }
                  ]
                  responseHeaderConfigurations = [
                    {
                      headerName = "string"
                      headerValue = "string"
                    }
                  ]
                  urlConfiguration = {
                    modifiedPath = "string"
                    modifiedQueryString = "string"
                    reroute = bool
                  }
                }
                conditions = [
                  {
                    ignoreCase = bool
                    negate = bool
                    pattern = "string"
                    variable = "string"
                  }
                ]
                name = "string"
                ruleSequence = int
              }
            ]
          }
        }
      ]
      sku = {
        capacity = int
        name = "string"
        tier = "string"
      }
      sslCertificates = [
        {
          id = "string"
          name = "string"
          properties = {
            data = "string"
            keyVaultSecretId = "string"
            password = "string"
          }
        }
      ]
      sslPolicy = {
        cipherSuites = [
          "string"
        ]
        disabledSslProtocols = [
          "string"
        ]
        minProtocolVersion = "string"
        policyName = "string"
        policyType = "string"
      }
      trustedRootCertificates = [
        {
          id = "string"
          name = "string"
          properties = {
            data = "string"
            keyVaultSecretId = "string"
          }
        }
      ]
      urlPathMaps = [
        {
          id = "string"
          name = "string"
          properties = {
            defaultBackendAddressPool = {
              id = "string"
            }
            defaultBackendHttpSettings = {
              id = "string"
            }
            defaultRedirectConfiguration = {
              id = "string"
            }
            defaultRewriteRuleSet = {
              id = "string"
            }
            pathRules = [
              {
                id = "string"
                name = "string"
                properties = {
                  backendAddressPool = {
                    id = "string"
                  }
                  backendHttpSettings = {
                    id = "string"
                  }
                  firewallPolicy = {
                    id = "string"
                  }
                  paths = [
                    "string"
                  ]
                  redirectConfiguration = {
                    id = "string"
                  }
                  rewriteRuleSet = {
                    id = "string"
                  }
                }
              }
            ]
          }
        }
      ]
      webApplicationFirewallConfiguration = {
        disabledRuleGroups = [
          {
            ruleGroupName = "string"
            rules = [
              int
            ]
          }
        ]
        enabled = bool
        exclusions = [
          {
            matchVariable = "string"
            selector = "string"
            selectorMatchOperator = "string"
          }
        ]
        fileUploadLimitInMb = int
        firewallMode = "string"
        maxRequestBodySize = int
        maxRequestBodySizeInKb = int
        requestBodyCheck = bool
        ruleSetType = "string"
        ruleSetVersion = "string"
      }
    }
  })
  tags = {
    {customized property} = "string"
  }
  zones = [
    "string"
  ]
}

Property values

ApplicationGatewayAuthenticationCertificate

Name Description Value
id Resource ID. string
name Name of the authentication certificate that is unique within an Application Gateway. string
properties Properties of the application gateway authentication certificate. ApplicationGatewayAuthenticationCertificatePropertiesFormat

ApplicationGatewayAuthenticationCertificatePropertiesFormat

Name Description Value
data Certificate public data. string

ApplicationGatewayAutoscaleConfiguration

Name Description Value
maxCapacity Upper bound on number of Application Gateway capacity. int

Constraints:
Min value = 2
minCapacity Lower bound on number of Application Gateway capacity. int

Constraints:
Min value = 0 (required)

ApplicationGatewayBackendAddress

Name Description Value
fqdn Fully qualified domain name (FQDN). string
ipAddress IP address. string

ApplicationGatewayBackendAddressPool

Name Description Value
id Resource ID. string
name Name of the backend address pool that is unique within an Application Gateway. string
properties Properties of the application gateway backend address pool. ApplicationGatewayBackendAddressPoolPropertiesFormat

ApplicationGatewayBackendAddressPoolPropertiesFormat

Name Description Value
backendAddresses Backend addresses. ApplicationGatewayBackendAddress[]

ApplicationGatewayBackendHttpSettings

Name Description Value
id Resource ID. string
name Name of the backend http settings that is unique within an Application Gateway. string
properties Properties of the application gateway backend HTTP settings. ApplicationGatewayBackendHttpSettingsPropertiesFormat

ApplicationGatewayBackendHttpSettingsPropertiesFormat

Name Description Value
affinityCookieName Cookie name to use for the affinity cookie. string
authenticationCertificates Array of references to application gateway authentication certificates. SubResource[]
connectionDraining Connection draining of the backend http settings resource. ApplicationGatewayConnectionDraining
cookieBasedAffinity Cookie based affinity. 'Disabled'
'Enabled'
hostName Host header to be sent to the backend servers. string
path Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. string
pickHostNameFromBackendAddress Whether to pick host header should be picked from the host name of the backend server. Default value is false. bool
port The destination port on the backend. int
probe Probe resource of an application gateway. SubResource
probeEnabled Whether the probe is enabled. Default value is false. bool
protocol The protocol used to communicate with the backend. 'Http'
'Https'
requestTimeout Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. int
trustedRootCertificates Array of references to application gateway trusted root certificates. SubResource[]

ApplicationGatewayConnectionDraining

Name Description Value
drainTimeoutInSec The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. int

Constraints:
Min value = 1
Max value = 3600 (required)
enabled Whether connection draining is enabled or not. bool (required)

ApplicationGatewayCustomError

Name Description Value
customErrorPageUrl Error page URL of the application gateway customer error. string
statusCode Status code of the application gateway customer error. 'HttpStatus403'
'HttpStatus502'

ApplicationGatewayFirewallDisabledRuleGroup

Name Description Value
ruleGroupName The name of the rule group that will be disabled. string (required)
rules The list of rules that will be disabled. If null, all rules of the rule group will be disabled. int[]

ApplicationGatewayFirewallExclusion

Name Description Value
matchVariable The variable to be excluded. string (required)
selector When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. string (required)
selectorMatchOperator When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. string (required)

ApplicationGatewayFrontendIPConfiguration

Name Description Value
id Resource ID. string
name Name of the frontend IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway frontend IP configuration. ApplicationGatewayFrontendIPConfigurationPropertiesFormat

ApplicationGatewayFrontendIPConfigurationPropertiesFormat

Name Description Value
privateIPAddress PrivateIPAddress of the network interface IP Configuration. string
privateIPAllocationMethod The private IP address allocation method. 'Dynamic'
'Static'
publicIPAddress Reference to the PublicIP resource. SubResource
subnet Reference to the subnet resource. SubResource

ApplicationGatewayFrontendPort

Name Description Value
id Resource ID. string
name Name of the frontend port that is unique within an Application Gateway. string
properties Properties of the application gateway frontend port. ApplicationGatewayFrontendPortPropertiesFormat

ApplicationGatewayFrontendPortPropertiesFormat

Name Description Value
port Frontend port. int

ApplicationGatewayHeaderConfiguration

Name Description Value
headerName Header name of the header configuration. string
headerValue Header value of the header configuration. string

ApplicationGatewayHttpListener

Name Description Value
id Resource ID. string
name Name of the HTTP listener that is unique within an Application Gateway. string
properties Properties of the application gateway HTTP listener. ApplicationGatewayHttpListenerPropertiesFormat

ApplicationGatewayHttpListenerPropertiesFormat

Name Description Value
customErrorConfigurations Custom error configurations of the HTTP listener. ApplicationGatewayCustomError[]
firewallPolicy Reference to the FirewallPolicy resource. SubResource
frontendIPConfiguration Frontend IP configuration resource of an application gateway. SubResource
frontendPort Frontend port resource of an application gateway. SubResource
hostName Host name of HTTP listener. string
hostNames List of Host names for HTTP Listener that allows special wildcard characters as well. string[]
protocol Protocol of the HTTP listener. 'Http'
'Https'
requireServerNameIndication Applicable only if protocol is https. Enables SNI for multi-hosting. bool
sslCertificate SSL certificate resource of an application gateway. SubResource

ApplicationGatewayIPConfiguration

Name Description Value
id Resource ID. string
name Name of the IP configuration that is unique within an Application Gateway. string
properties Properties of the application gateway IP configuration. ApplicationGatewayIPConfigurationPropertiesFormat

ApplicationGatewayIPConfigurationPropertiesFormat

Name Description Value
subnet Reference to the subnet resource. A subnet from where application gateway gets its private address. SubResource

ApplicationGatewayPathRule

Name Description Value
id Resource ID. string
name Name of the path rule that is unique within an Application Gateway. string
properties Properties of the application gateway path rule. ApplicationGatewayPathRulePropertiesFormat

ApplicationGatewayPathRulePropertiesFormat

Name Description Value
backendAddressPool Backend address pool resource of URL path map path rule. SubResource
backendHttpSettings Backend http settings resource of URL path map path rule. SubResource
firewallPolicy Reference to the FirewallPolicy resource. SubResource
paths Path rules of URL path map. string[]
redirectConfiguration Redirect configuration resource of URL path map path rule. SubResource
rewriteRuleSet Rewrite rule set resource of URL path map path rule. SubResource

ApplicationGatewayProbe

Name Description Value
id Resource ID. string
name Name of the probe that is unique within an Application Gateway. string
properties Properties of the application gateway probe. ApplicationGatewayProbePropertiesFormat

ApplicationGatewayProbeHealthResponseMatch

Name Description Value
body Body that must be contained in the health response. Default value is empty. string
statusCodes Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. string[]

ApplicationGatewayProbePropertiesFormat

Name Description Value
host Host name to send the probe to. string
interval The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. int
match Criterion for classifying a healthy probe response. ApplicationGatewayProbeHealthResponseMatch
minServers Minimum number of servers that are always marked healthy. Default value is 0. int
path Relative path of probe. Valid path starts from '/'. Probe is sent to <Protocol>://<host>:<port><path>. string
pickHostNameFromBackendHttpSettings Whether the host header should be picked from the backend http settings. Default value is false. bool
port Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from http settings will be used. This property is valid for Standard_v2 and WAF_v2 only. int

Constraints:
Min value = 1
Max value = 65535
protocol The protocol used for the probe. 'Http'
'Https'
timeout The probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. int
unhealthyThreshold The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. int

ApplicationGatewayPropertiesFormat

Name Description Value
authenticationCertificates Authentication certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayAuthenticationCertificate[]
autoscaleConfiguration Autoscale Configuration. ApplicationGatewayAutoscaleConfiguration
backendAddressPools Backend address pool of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayBackendAddressPool[]
backendHttpSettingsCollection Backend http settings of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayBackendHttpSettings[]
customErrorConfigurations Custom error configurations of the application gateway resource. ApplicationGatewayCustomError[]
enableFips Whether FIPS is enabled on the application gateway resource. bool
enableHttp2 Whether HTTP2 is enabled on the application gateway resource. bool
firewallPolicy Reference to the FirewallPolicy resource. SubResource
frontendIPConfigurations Frontend IP addresses of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayFrontendIPConfiguration[]
frontendPorts Frontend ports of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayFrontendPort[]
gatewayIPConfigurations Subnets of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayIPConfiguration[]
httpListeners Http listeners of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayHttpListener[]
probes Probes of the application gateway resource. ApplicationGatewayProbe[]
redirectConfigurations Redirect configurations of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayRedirectConfiguration[]
requestRoutingRules Request routing rules of the application gateway resource. ApplicationGatewayRequestRoutingRule[]
rewriteRuleSets Rewrite rules for the application gateway resource. ApplicationGatewayRewriteRuleSet[]
sku SKU of the application gateway resource. ApplicationGatewaySku
sslCertificates SSL certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewaySslCertificate[]
sslPolicy SSL policy of the application gateway resource. ApplicationGatewaySslPolicy
trustedRootCertificates Trusted Root certificates of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayTrustedRootCertificate[]
urlPathMaps URL path map of the application gateway resource. For default limits, see Application Gateway limits. ApplicationGatewayUrlPathMap[]
webApplicationFirewallConfiguration Web application firewall configuration. ApplicationGatewayWebApplicationFirewallConfiguration

ApplicationGatewayRedirectConfiguration

Name Description Value
id Resource ID. string
name Name of the redirect configuration that is unique within an Application Gateway. string
properties Properties of the application gateway redirect configuration. ApplicationGatewayRedirectConfigurationPropertiesFormat

ApplicationGatewayRedirectConfigurationPropertiesFormat

Name Description Value
includePath Include path in the redirected url. bool
includeQueryString Include query string in the redirected url. bool
pathRules Path rules specifying redirect configuration. SubResource[]
redirectType HTTP redirection type. 'Found'
'Permanent'
'SeeOther'
'Temporary'
requestRoutingRules Request routing specifying redirect configuration. SubResource[]
targetListener Reference to a listener to redirect the request to. SubResource
targetUrl Url to redirect the request to. string
urlPathMaps Url path maps specifying default redirect configuration. SubResource[]

ApplicationGatewayRequestRoutingRule

Name Description Value
id Resource ID. string
name Name of the request routing rule that is unique within an Application Gateway. string
properties Properties of the application gateway request routing rule. ApplicationGatewayRequestRoutingRulePropertiesFormat

ApplicationGatewayRequestRoutingRulePropertiesFormat

Name Description Value
backendAddressPool Backend address pool resource of the application gateway. SubResource
backendHttpSettings Backend http settings resource of the application gateway. SubResource
httpListener Http listener resource of the application gateway. SubResource
priority Priority of the request routing rule. int

Constraints:
Min value = 1
Max value = 20000
redirectConfiguration Redirect configuration resource of the application gateway. SubResource
rewriteRuleSet Rewrite Rule Set resource in Basic rule of the application gateway. SubResource
ruleType Rule type. 'Basic'
'PathBasedRouting'
urlPathMap URL path map resource of the application gateway. SubResource

ApplicationGatewayRewriteRule

Name Description Value
actionSet Set of actions to be done as part of the rewrite Rule. ApplicationGatewayRewriteRuleActionSet
conditions Conditions based on which the action set execution will be evaluated. ApplicationGatewayRewriteRuleCondition[]
name Name of the rewrite rule that is unique within an Application Gateway. string
ruleSequence Rule Sequence of the rewrite rule that determines the order of execution of a particular rule in a RewriteRuleSet. int

ApplicationGatewayRewriteRuleActionSet

Name Description Value
requestHeaderConfigurations Request Header Actions in the Action Set. ApplicationGatewayHeaderConfiguration[]
responseHeaderConfigurations Response Header Actions in the Action Set. ApplicationGatewayHeaderConfiguration[]
urlConfiguration Url Configuration Action in the Action Set. ApplicationGatewayUrlConfiguration

ApplicationGatewayRewriteRuleCondition

Name Description Value
ignoreCase Setting this parameter to truth value with force the pattern to do a case in-sensitive comparison. bool
negate Setting this value as truth will force to check the negation of the condition given by the user. bool
pattern The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. string
variable The condition parameter of the RewriteRuleCondition. string

ApplicationGatewayRewriteRuleSet

Name Description Value
id Resource ID. string
name Name of the rewrite rule set that is unique within an Application Gateway. string
properties Properties of the application gateway rewrite rule set. ApplicationGatewayRewriteRuleSetPropertiesFormat

ApplicationGatewayRewriteRuleSetPropertiesFormat

Name Description Value
rewriteRules Rewrite rules in the rewrite rule set. ApplicationGatewayRewriteRule[]

ApplicationGatewaySku

Name Description Value
capacity Capacity (instance count) of an application gateway. int
name Name of an application gateway SKU. 'Standard_Large'
'Standard_Medium'
'Standard_Small'
'Standard_v2'
'WAF_Large'
'WAF_Medium'
'WAF_v2'
tier Tier of an application gateway. 'Standard'
'Standard_v2'
'WAF'
'WAF_v2'

ApplicationGatewaySslCertificate

Name Description Value
id Resource ID. string
name Name of the SSL certificate that is unique within an Application Gateway. string
properties Properties of the application gateway SSL certificate. ApplicationGatewaySslCertificatePropertiesFormat

ApplicationGatewaySslCertificatePropertiesFormat

Name Description Value
data Base-64 encoded pfx certificate. Only applicable in PUT Request. string
keyVaultSecretId Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. string
password Password for the pfx file specified in data. Only applicable in PUT request. string

ApplicationGatewaySslPolicy

Name Description Value
cipherSuites Ssl cipher suites to be enabled in the specified order to application gateway. String array containing any of:
'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256'
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA'
'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256'
'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'
'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256'
'TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384'
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA'
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256'
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384'
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384'
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'
'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
'TLS_RSA_WITH_AES_128_CBC_SHA'
'TLS_RSA_WITH_AES_128_CBC_SHA256'
'TLS_RSA_WITH_AES_128_GCM_SHA256'
'TLS_RSA_WITH_AES_256_CBC_SHA'
'TLS_RSA_WITH_AES_256_CBC_SHA256'
'TLS_RSA_WITH_AES_256_GCM_SHA384'
disabledSslProtocols Ssl protocols to be disabled on application gateway. String array containing any of:
'TLSv1_0'
'TLSv1_1'
'TLSv1_2'
minProtocolVersion Minimum version of Ssl protocol to be supported on application gateway. 'TLSv1_0'
'TLSv1_1'
'TLSv1_2'
policyName Name of Ssl predefined policy. 'AppGwSslPolicy20150501'
'AppGwSslPolicy20170401'
'AppGwSslPolicy20170401S'
policyType Type of Ssl Policy. 'Custom'
'Predefined'

ApplicationGatewayTrustedRootCertificate

Name Description Value
id Resource ID. string
name Name of the trusted root certificate that is unique within an Application Gateway. string
properties Properties of the application gateway trusted root certificate. ApplicationGatewayTrustedRootCertificatePropertiesFormat

ApplicationGatewayTrustedRootCertificatePropertiesFormat

Name Description Value
data Certificate public data. string
keyVaultSecretId Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. string

ApplicationGatewayUrlConfiguration

Name Description Value
modifiedPath Url path which user has provided for url rewrite. Null means no path will be updated. Default value is null. string
modifiedQueryString Query string which user has provided for url rewrite. Null means no query string will be updated. Default value is null. string
reroute If set as true, it will re-evaluate the url path map provided in path based request routing rules using modified path. Default value is false. bool

ApplicationGatewayUrlPathMap

Name Description Value
id Resource ID. string
name Name of the URL path map that is unique within an Application Gateway. string
properties Properties of the application gateway URL path map. ApplicationGatewayUrlPathMapPropertiesFormat

ApplicationGatewayUrlPathMapPropertiesFormat

Name Description Value
defaultBackendAddressPool Default backend address pool resource of URL path map. SubResource
defaultBackendHttpSettings Default backend http settings resource of URL path map. SubResource
defaultRedirectConfiguration Default redirect configuration resource of URL path map. SubResource
defaultRewriteRuleSet Default Rewrite rule set resource of URL path map. SubResource
pathRules Path rule of URL path map resource. ApplicationGatewayPathRule[]

ApplicationGatewayWebApplicationFirewallConfiguration

Name Description Value
disabledRuleGroups The disabled rule groups. ApplicationGatewayFirewallDisabledRuleGroup[]
enabled Whether the web application firewall is enabled or not. bool (required)
exclusions The exclusion list. ApplicationGatewayFirewallExclusion[]
fileUploadLimitInMb Maximum file upload size in Mb for WAF. int

Constraints:
Min value = 0
firewallMode Web application firewall mode. 'Detection'
'Prevention' (required)
maxRequestBodySize Maximum request body size for WAF. int

Constraints:
Min value = 8
Max value = 128
maxRequestBodySizeInKb Maximum request body size in Kb for WAF. int

Constraints:
Min value = 8
Max value = 128
requestBodyCheck Whether allow WAF to check request Body. bool
ruleSetType The type of the web application firewall rule set. Possible values are: 'OWASP'. string (required)
ruleSetVersion The version of the rule set type. string (required)

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name Description Value

ManagedServiceIdentity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

Microsoft.Network/applicationGateways

Name Description Value
identity The identity of the application gateway, if configured. ManagedServiceIdentity
location Resource location. string
name The resource name string (required)
properties Properties of the application gateway. ApplicationGatewayPropertiesFormat
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Network/applicationGateways@2019-12-01"
zones A list of availability zones denoting where the resource needs to come from. string[]

ResourceTags

Name Description Value

SubResource

Name Description Value
id Resource ID. string