Hosting a separate app service as a website directory

Question

Is it possible to include a separate Azure App Service as part of another App Service?

For example lets say that I have a website called www.mycompany.com hosted in its own Azure App Service. I have another Azure App Service that I want to make it accessible by going to a specific URL in the first App Service.

So in other words when a request comes to www.mycompany.com/eu/ I want the content of this endpoint (/eu) to be served from the other app service. Would a load balancer work? The reason I want to do this is because the /eu endpoint has grown too big and I would like to separate that from the main site and host it on a separate app service. I hope my question is clear.

Thanks in advance.

Answer 1

For this purpose you could use Application Gateway.

In a certain sense it resembles a load balancer (it is a L7 LB indeed) as you indicated, but the product provides many additional features.

The following image, extracted from the product documentation, explains how it works:

Basically, as outlined in the aforementioned docs, when describing how an Application Gateway accepts a request (note they mention WAF in the explanation, an optional security threat prevention system):

1. Before a client sends a request to an application gateway, it resolves the domain name of the application gateway by using a Domain Name System (DNS) server. Azure controls the DNS entry because all application gateways are in the azure.com domain.

2. The Azure DNS returns the IP address to the client, which is the frontend IP address of the application gateway.

3. The application gateway accepts incoming traffic on one or more listeners. A listener is a logical entity that checks for connection requests. It's configured with a frontend IP address, protocol, and port number for connections from clients to the application gateway.

4. If a web application firewall (WAF) is in use, the application gateway checks the request headers and the body, if present, against WAF rules. This action determines if the request is valid request or a security threat. If the request is valid, it's routed to the backend. If the request isn't valid and WAF is in Prevention mode, it's blocked as a security threat. If it's in Detection mode, the request is evaluated and logged, but still forwarded to the backend server.

The routing to one backend or another can be based on URL Paths:

You can find an example of this configuration in this related Microsoft article.

In your use case, you will need to define two backends, one for every App Service, and define routing rules as appropriate.

As indicated before, your DNS should point to the Application Gateway: it will handle the routing to one or other App Service based on the route, /eu/* or /*, provided by the client.

The order of the routes is important: once a rule is matched, it will be the one processed.

Application Gateway is a regional service: Azure Front Door leverages a similar functionality (and much more) globally.

Please, consider review the associated costs of these services.