Designing Reliable Health Check Endpoints for IIS Behind Azure Application Gateway

Azure Application Gateway relies on health probes to assess backend instance health, determining traffic routing. If probes fail due to redirects, timeouts, or authentication issues, the backend is marked unhealthy, leading to user errors. Many 502 errors originate from probe failures, not actual application issues, highlighting the importance of proper configuration. Application Gateway periodically sends probes to the backend instances, expecting a 200 OK response from a dedicated endpoint. Common pitfalls include probing paths that require authentication or redirect, or slow endpoints. A good health endpoint is lightweight, anonymous, fast, always returning a 200 OK, and independent of business logic. To solve health probe failure create a dedicated, unauthenticated, and simple `/health` endpoint. This dedicated endpoint should be excluded from authentication and ideally serve static content. Properly configured probes with specific settings are essential for correct host header usage and avoiding certificate issues. Regularly validate probe behavior and troubleshoot common failures, such as authentication errors or certificate mismatches. This approach improves platform stability by minimizing false outages.