Technical Lab: Configure rewrite rule sets
Questionsβ
Question 1 β Multiple Choiceβ
A network architect needs to configure an Application Gateway to remove the X-Powered-By header from all HTTP responses before sending them to the client. He creates a rewrite rule set and associates it with the correct listener.
What is the correct combination of elements that should compose this rule?
A) Condition with http_req_header, Action of type set with empty value
B) Condition is not necessary; Action of type delete applied to http_res_header
C) Condition with http_res_header, Action of type delete applied to http_req_header
D) Condition with http_res_header, Action of type set with empty value applied to the same response header
Question 2 β Technical Scenarioβ
A team configured the following rewrite rule in the Application Gateway:
Condition:
Variable: uri_path
Pattern: ^/api/v1/(.*)
Case-sensitive: false
Action:
URL rewrite
Modified path: /api/v2/{var_uri_path_1}
After deployment, requests to /api/v1/users reach the backend as /api/v2/api/v1/users instead of /api/v2/users. What is the cause of the problem?
A) Application Gateway does not support capture groups in URL path conditions
B) The variable {var_uri_path_1} captures the complete value of the original uri_path, not just the capture group
C) The case-insensitive flag invalidates the use of capture groups in regex
D) The URL rewrite action should use {var_uri_path} without the numeric suffix to reference groups
Question 3 β True or Falseβ
A rewrite rule set created in Application Gateway can be simultaneously associated with multiple request routing rules, and this association determines which traffic flows the rewrites will be applied to.
True or False?
Question 4 β Technical Scenarioβ
A company uses Application Gateway to expose an internal application. The security team requires that every HTTP response includes the header Strict-Transport-Security: max-age=31536000. The network engineer created a rewrite rule with the correct Action, but the header doesn't appear in responses observed by the client.
After investigation, it was identified that the rewrite rule set is configured correctly, but is not being applied. What is the most likely cause?
A) Application Gateway requires manual restart after any changes to rewrite rule sets
B) The rewrite rule set was created, but was not associated with any request routing rule
C) Security headers like Strict-Transport-Security are blocked by default by WAF
D) The Action to insert response headers only works when there is a Condition defined in the same rule
Question 5 β Multiple Choiceβ
When configuring a Condition in an Application Gateway rewrite rule, the Pattern field accepts regular expressions. An engineer wants the rule to be applied only when the request's Accept-Language header contains pt-BR or pt-PT.
Which pattern correctly meets this requirement?
A) pt-BR|pt-PT
B) ^pt-(BR|PT)$
C) pt-BR&pt-PT
D) (pt-BR)(pt-PT)
Answer Key and Explanationsβ
Answer Key β Question 1β
Answer: B
In Application Gateway rewrite rules, the Action is the mandatory element; the Condition is optional and serves only to make rule execution conditional. To remove a header, the Action must be of type delete applied to the http_res_header variable, since the X-Powered-By header belongs to the backend response, not the client request.
The main mistake in the distractors is confusing the header direction (req vs res) and assuming that a Condition is mandatory. Choosing set with an empty value does not remove the header: the header remains present in the response, just without a value, which does not satisfy the security requirement.
Answer Key β Question 2β
Answer: B
In Application Gateway, when a regex with capture groups is defined in the Condition, the groups are referenced in the Action with variables in the format {var_uri_path_1}, {var_uri_path_2} etc. The numeral indicates the capture group index, and the var_ prefix followed by the condition variable name indicates the source.
The problem here is that {var_uri_path_1} should correctly capture only the group (.*), which would be users. However, if the path configured in the Action is /api/v2/{var_uri_path_1} and the variable is returning the entire path, this indicates that the condition variable name was defined incorrectly or that the reference includes the complete path. In practice, the most common error that produces this symptom is using the condition variable with the wrong name, making it resolve to the raw value of uri_path instead of the captured group. The other distractors are false: capture groups are supported, the case-insensitive flag doesn't affect them, and the numeric suffix is precisely the correct mechanism to reference groups.
Answer Key β Question 3β
Answer: True
A rewrite rule set is an independent object in Application Gateway and can be associated with one or more request routing rules. This association is the mechanism that defines the scope of application for the rewrites: the same set of rules can be reused in multiple traffic flows without configuration duplication.
The non-obvious behavior here is that the association is made on the request routing rule, not on the listener or backend pool. Engineers who confuse this hierarchy often associate the rewrite rule set with the listener and don't understand why the rewrite is not applied.
Answer Key β Question 4β
Answer: B
In Application Gateway, creating a rewrite rule set is not sufficient for it to take effect. The rule set needs to be explicitly associated with one or more request routing rules. Without this association, the rule set exists in the configuration but doesn't intercept any traffic flow.
The other distractors represent common misconceptions: Application Gateway applies configuration changes without manual service restart; WAF inspects requests and responses for threats, but doesn't block legitimate security headers inserted by rewrite rules; and the presence of a Condition is never a prerequisite for an Action to be executed.
Answer Key β Question 5β
Answer: A
The Pattern field in Application Gateway Conditions uses regular expression syntax compatible with PCRE. The | operator is the correct logical alternator to express "pt-BR or pt-PT", and the pattern pt-BR|pt-PT evaluates whether the header value contains either of the two strings.
Distractor B would use anchors ^ and $, which would require the header value to be exactly pt-BR or pt-PT, with nothing else. Depending on the context this may or may not be desirable, but the question asks only that the header "contains" the values. Distractor C uses &, which is not an alternation operator in regex. Distractor D requires both strings to be present and consecutive in the same value, which doesn't correspond to the requirement.