I have configured Azure Application Gateway with WAF2 as Edge Gateway! The requests are sent to backendpool within same Vnet. The backendpool is the IP of Istio Ingress Gateway
! The Ingress Gateway
is configured for multiple host as below and similar virtual services are mapped to the Ingress Gateway
.
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: httpbin-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "dev.example.com"
- "stage.example.com"
With this configuration I always get 404 since the Azure Application gateway does not send the Host header to Istio Ingress gateway and hence the latter does not understand on which host it should accept! However I tried to add rewrite set for the gateway to send the Host header but since the backendpool configured is internal vnet IP, It does not allow me to do add headers! I even try to add envoy lua filter on gateway to get X-Original-Host
and set as Host
but it does not work since the request does not even reach istio gateway. However Istio does not honour the X-Forwarded-Host
.
So to make the long story short, I would like to send the Host headers from ApplicationGateway to Istio Ingress gateway What is the best way to do it!