Hope this helps Not sure why you want to restrict access to the site to only traffic coming from the Application Gateway because if you configure it and add the website in the backend of Application Gateway. The traffic from a client will always reach the website through the Application gateway as the Application Gateway works as an application proxy by accepting traffic and based on rules that are defined with it, routes the traffic to the appropriate back-end instances. You may want to know to restrict access on the application gateway subnet via NSG. Then the inbound or outbound traffic in the Application Gateway subnet will be filtered via NSG.
should help you out Spoke to Microsoft support who said the traffic from my Application Gateway to my Web App will stay on the Microsoft backbone. He also pointed me to the following knowledge article; which states:
Azure Traffic Manager monitoring status is 'degraded' for Azure Application Gateway
I hope this helps you . I got the solution, this issue comes only if your listener is Multisites. If the listener is Basic for app gateway then it works as expected. The solution, need to set custom header settings against the hostname. Like below:
Azure Application Gateway error 502 when using application gateway
should help you out About the 502 errors after configuring the application gateway, The main reasons are as follows. NSG, UDR or Custom DNS is blocking access to backend pool members. Back-end VMs or instances of virtual machine scale set are not responding to the default health probe. Invalid or improper configuration of custom health probes. Azure Application Gateway's back-end pool is not configured or empty. None of the VMs or instances in virtual machine scale set are healthy. Request time-out or connectivity issues with user requests.