Share via

Unable to use Application gateway (HTTP 502 error) as a reverse proxy for a web app running in App Services

Damian 20 Reputation points
2025-11-07T05:28:54.1466667+00:00

Hi,

We are trying to use Application Gateway and App Services for hosting an ASP.NET website and getting HTTP 502 error from the Gateway.

Below is our setup:

We created a ASP.NET WebApi using Visual Studio, and publish the app to the App Services (Linux).

When successful, Visual Studio opens the newly deployed WebApi in a browser, everything works fine.

We then created a path-based rules in the Gateway that points to the WebApi by:

  • Created a backend pool (test) that maps to the App Services of the WebApi
  • Created a backend settings (HTTPS) that overrides the backend path (/)
  • Created a path-based rules /test that points to the backend pool (test)

However, we got HTTP 502 Bad Gateway using the /test. The path seems to have been correctly modified by the Gateway. The path has been rewritten as / instead of /test, and the Gateway knows the target backend pool is the test), but we got ERRORINFO_UPSTREAM_NO_LIVE.

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
0 comments
Answer accepted by question author
  1. Priya ranjan Jena 2,295 Reputation points Microsoft External Staff Moderator
    2025-11-07T07:22:49.47+00:00

    Hi Damian,

    Thanks for contacting Microsoft Q&A forum,

    The HTTP 502 Bad Gateway with ERRORINFO_UPSTREAM_NO_LIVE from Azure Application Gateway means cannot reach any healthy backend instances

    As you mentioned that using the App Services (Linux), so you can check & validate some below steps:

    Checklist to Resolve 502 with App Service (Linux) Behind Application Gateway

    1. App Service Must Be in the Same Region

    Ensure the App Service is in the same region as the Application Gateway. Cross-region App Services are not supported as backend targets.

    1. Use Custom Domain or Regional VNet Integration

    App Services (Linux) do not support direct IP-based backend pool configuration, You must use:

    • FQDN-based backend pool (e.g., yourapp.azurewebsites.net)
    • Ensure "Pick hostname from backend settings" is enabled in the backend HTTP settings.
    1. Health Probe Configuration

    Application Gateway uses health probes to determine backend availability. If probes fail, you get ERRORINFO_UPSTREAM_NO_LIVE.

    • Create a custom probe that matches your App Service endpoint:
    • Protocol: HTTPS
      • Host: yourapp.azurewebsites.net
      • Path: / or /test depending on your app
      • Match expected status code (e.g., 200)
      • Associate this probe with the backend HTTP settings.
    1. Backend HTTP Settings
    • Override with new host name: Set to yourapp.azurewebsites.net
    • Override path: Set to / if your app expects root
    • Use HTTPS: Ensure SSL is enabled

    Pick hostname from backend settings-Enabled

    1. App Service Must Respond to the Path

    If your App Service only responds to / and not /test, ensure the path rewrite is working correctly:

    • Use rewrite rules in Application Gateway to rewrite /test to /
    • Alternatively, configure your App Service to handle /test route
    1. TLS/SSL Issues

    If the App Service uses a custom domain with HTTPS, ensure:

    • The certificate is valid
    • Application Gateway trusts the certificate (use a trusted CA)

    Hope, you find this comment helpful, if yes, please “up-vote” for the information provided , this can be beneficial to community members.

    Kindly let us know if you have any additional questions.

    Thanks

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.