Configure rewrite sets

3.2 Azure Application Gateway

📘Microsoft Azure Networking Solutions (AZ-700)

1. What is a Rewrite Set?

A Rewrite Set in Azure Application Gateway allows you to modify HTTP request or HTTP response headers and URLs before traffic reaches the backend server or before it is sent back to the client.

In simple terms:

  • A request comes from a user to your application.
  • A response goes back from your application to the user.
  • A rewrite rule allows you to change certain parts of that request or response.

You can:

  • Modify headers
  • Add headers
  • Remove headers
  • Rewrite URLs (path or query string)

This feature is available in Application Gateway v2 SKU.

2. Why Rewrite Sets Are Important

Rewrite sets are used to:

  • Improve security
  • Modify URLs without changing backend code
  • Add or remove HTTP headers
  • Support legacy applications
  • Standardize responses
  • Improve SEO
  • Insert security headers

For the exam, remember:

Rewrite sets are commonly used when backend applications cannot be modified directly, but HTTP behavior must be changed.

3. Where Rewrite Sets Fit in Application Gateway Flow

Traffic flow:

  1. Client sends HTTP/HTTPS request
  2. Listener receives the request
  3. Routing rule processes it
  4. Rewrite set (if attached) modifies request
  5. Request goes to backend pool
  6. Backend responds
  7. Rewrite set can modify response
  8. Response goes back to client

Important for exam:

  • Rewrite sets are attached to routing rules
  • They work with listeners and backend HTTP settings

4. Components of a Rewrite Set

A rewrite set contains:

1️⃣ Rewrite Rule

Each rewrite set can contain multiple rules.

2️⃣ Conditions (Optional)

Rules can be applied only if certain conditions are met.

3️⃣ Actions

These define what will be modified.

5. What Can Be Rewritten?

You can rewrite:

A. HTTP Request Headers

Examples:

  • Change Host header
  • Add custom header
  • Remove header
  • Modify existing header

B. HTTP Response Headers

Examples:

  • Add security headers like:
    • Strict-Transport-Security
    • X-Frame-Options
    • Content-Security-Policy
  • Remove server information

C. URL Components

  • URL path
  • Query string parameters

6. Rewrite Conditions

A rewrite rule can include conditions.

A condition checks:

  • HTTP headers
  • Server variables
  • Query string
  • Request URI
  • Host name

If the condition matches, the rewrite action is executed.

Example Condition Scenario (IT Example)

If:

  • The request contains /admin
    Then:
  • Add a custom header

Or

If:

  • Host name equals app.contoso.com
    Then:
  • Rewrite the URL path

7. Server Variables (Important for Exam)

Rewrite rules can use server variables.

Examples:

  • http_req_Host
  • http_req_User-Agent
  • http_resp_Location
  • uri_path
  • query_string

These allow dynamic rewriting.

Example:

  • Capture part of a URL and reuse it in rewritten path.

8. URL Rewrite Types

There are two main types:

1️⃣ URL Path Rewrite

Changes the path of the request.

Example:

Client requests:

https://example.com/app1

Rewrite changes path to:

/internalapp

Backend receives:

https://backend/internalapp

The client does not see this change.

2️⃣ Query String Rewrite

Modifies query parameters.

Example:

Original:

https://example.com/app?id=100

Rewrite:

  • Change id=100 to userId=100

9. Rewriting Response Headers (Security Use Case)

Rewrite sets are often used to improve security without changing backend code.

For example, add:

  • Strict-Transport-Security
  • X-Content-Type-Options
  • X-XSS-Protection

This is important in enterprise environments where:

  • Backend developers cannot modify code
  • Security team requires specific headers

Exam tip:

Application Gateway can insert security headers using rewrite sets.

10. Rewrite with Regular Expressions (Regex)

Rewrite rules support pattern matching using regex.

You can:

  • Capture part of a URL
  • Replace part of it
  • Use captured values

Example:

If URL:

/products/123

Regex captures:

123

Rewrite to:

/item?id=123

This is important for:

  • Legacy application migration
  • API versioning

11. Rewrite Order

If multiple rewrite rules exist:

  • Rules are processed in order
  • Once a rule matches and rewrites, next rules may still evaluate depending on configuration

Always carefully plan rule priority.

12. How to Configure Rewrite Sets

You can configure rewrite sets using:

  • Azure Portal
  • Azure CLI
  • Azure PowerShell
  • ARM templates

Basic steps in Azure Portal:

  1. Go to Application Gateway
  2. Select Rewrite
  3. Create Rewrite Set
  4. Add rewrite rules
  5. Define conditions
  6. Define actions
  7. Attach rewrite set to routing rule

Important:

A rewrite set does nothing unless it is attached to a routing rule.

13. Limitations & Requirements

For the AZ-700 exam, remember:

  • Available only in v2 SKU
  • Cannot rewrite body content (only headers and URL)
  • Rewrite happens before request is sent to backend
  • Rewrite can happen on response before sending to client
  • Must be associated with a routing rule

14. Common Exam Scenarios

You may see questions like:

Scenario 1:

Backend application cannot be modified, but security headers must be added.

Answer:
→ Use Rewrite Set to insert response headers.

Scenario 2:

URL structure must change without modifying backend server.

Answer:
→ Use URL rewrite.

Scenario 3:

Legacy app requires specific Host header.

Answer:
→ Rewrite request header.

Scenario 4:

Remove sensitive header from response.

Answer:
→ Rewrite response header.

15. Difference Between Redirect and Rewrite (Very Important)

Students often confuse these.

Redirect

  • Client is told to go to a new URL
  • Browser URL changes
  • HTTP 301 or 302 returned

Rewrite

  • Happens internally
  • Browser does NOT see change
  • No redirect status code

Exam tip:

If requirement says “client should not see URL change”, use rewrite.

16. When to Use Rewrite Sets in Real IT Environments

Here are realistic IT-based scenarios:

✔ Application Migration

Old application uses /v1/api
New backend expects /api

Rewrite solves this without changing code.

✔ Multi-Tenant Web Application

Different hostnames must map to different internal paths.

✔ Security Compliance

Security team requires:

  • HSTS
  • CSP
  • Removal of “Server” header

Rewrite sets handle this centrally.

✔ API Gateway-Like Behavior

Application Gateway can manipulate headers before passing traffic to microservices.

17. Relationship with Other Features

Rewrite sets work together with:

  • Listeners
  • Routing rules
  • Backend HTTP settings
  • Path-based routing
  • Web Application Firewall (WAF)

Important:
Rewrite occurs before WAF response is sent.

18. Key Points to Remember for AZ-700

✔ Only available in v2 SKU
✔ Attached to routing rule
✔ Can modify request and response headers
✔ Can rewrite URL path and query string
✔ Supports regex
✔ Cannot modify body content
✔ Useful for security header insertion
✔ Internal change (not visible to client)
✔ Processed in order

19. Summary

A Rewrite Set in Azure Application Gateway allows you to:

  • Modify HTTP headers
  • Rewrite URLs
  • Insert security headers
  • Adjust traffic behavior without changing backend code

It is an advanced traffic manipulation feature used in enterprise networking environments.

For the AZ-700 exam, you must clearly understand:

  • What can be rewritten
  • When to use rewrite vs redirect
  • How it connects to routing rules
  • Security use cases
  • Regex usage
  • Limitations
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by