Does Azure Application Gateway support receiving PROXY protocol proxied requests

Elias Juremalm 30 Reputation points
2024-08-29T12:44:59.22+00:00

Hello! I'm having an issue currently when trying to put a self hosted proxy in front of an application gateway (AGW). The proxy uses PROXY protocol (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) and is supposed to proxy all packages to the AGW. When trying to send a request to the AGW via the proxy it results in an SSL error packet too long. When trying to send a request to the AGW not via the proxy it all works fine. I've had a hard time seeing if AGW actually supports receiving proxied packets that uses the PROXY PROTOCOL and wanted to verify this. The reason the proxy uses the PROXY protocol is to make sure that the original client ip can be known from the application behind the AGW. If it supports I would very much be greateful for any help to make this work. If you need any more information or elabaration I will provide as much as I can.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,401 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,048 questions
0 comments
Accepted answer
  1. Sina Salam 10,036 Reputation points
    2024-08-29T16:48:01.4766667+00:00

    Hello Elias Juremalm,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you have configured Azure Application Gateway (AGW) and proxy, you would like to know and verify if AGW supports receiving proxied packets that uses the proxy protocol due to SSL error packet you had when trying to send a request to the AGW via the proxy.

    You will need to understand that Azure Application Gateway (AGW) can handle TCP and TLS connections at the transport layer and HTTP/HTTPS connections at the application layer, but it does not include native support for the PROXY protocol. To read more: https://video2.skills-academy.com/en-us/azure/application-gateway/tcp-tls-proxy-overview and https://video2.skills-academy.com/en-us/azure/application-gateway/application-gateway-faq

    To resolve the issues and limitation you can try the following options:

    • Use Azure Load Balancer it supports the PROXY protocol and can be used in conjunction with AGW, and you can configure the Load Balancer to handle the PROXY protocol and then forward the traffic to AGW.
    • Or implement a custom solution where the proxy server extracts the client IP and passes it as a custom header to the AGW, where the backend application can then read this header to get the original client IP.
    • Use a different proxy solution that can handle the PROXY protocol and is compatible with AGW.

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    ** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.

    Best Regards,

    Sina Salam

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.