How to stop domain fronting on my Azure CDN

Question

I've received an email from Microsoft advising I need to take action to stop domain fronting on my Azure CDNs.
--
Action required: Azure Front Door/Azure CDN blocking domain fronting

Please take action to stop domain fronting on your application before 8 November 2023
You're receiving this email because you currently use Azure Front Door or Azure CDN Standard from Microsoft (classic).
Since 29 April 2022, we've changed the behavior of Azure Front Door and Azure CDN from Microsoft to align with our commitment to stop allowing domain fronting behavior on our platform. With that change, we offered the option to enable blocking domain fronting for existing or newly created Azure Front Door, Azure Front Door (classic) and Azure CDN Standard from Microsoft (classic) resources, through opening a support request. See details in Generally available: Controls to block domain fronting behavior on customer resources | Azure updates | Microsoft Azure.
To continue our commitment, we're making changes in two phases to stop allowing domain fronting behavior on our platform.

1. Beginning 8 November 2022, all the newly created Azure Front Door, Azure Front Door (classic) or Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain fronting behavior. Previously existing Front Door, Front Door (classic) and CDN from Microsoft (classic) resources aren't affected by these changes.
2. Beginning 8 November 2023, all existing Azure Front Door, Azure Front Door (classic) and Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain fronting behavior .
   Recommended action
   Between now and 7 November 2023, if you want to block domain fronting for any existing Azure Front Door or Azure CDN Standard from Microsoft (classic) resources created before 8 November 2022, please open a support request. Provide your subscription and Azure Front Door, Azure Front Door (classic), or Azure CDN Standard from Microsoft (classic) resource information in the support request. Once blocking of domain fronting has been enabled, Azure Front Door, Azure Front Door (classic), and Azure CDN Standard from Microsoft (classic) resources will block any HTTP requests that exhibit this behavior.
   If your application uses a different TLS SNI extension during the TLS negotiation from the request Host header, you should prioritize changing this behavior on your application by 7 November 2023 to ensure they match. Otherwise, your application or API may be impacted by this change on 8 November 2023.
   If you have any questions, please open a support request and provide your subscription details along with your Front Door or Azure CDN from Microsoft resource information.
   If you have any questions, please contact us.
   ---

I have 2 Azure CDN's created before 8 Nov 2022 and would like to enable blocking domain fronting on them as recommended, but following the instructions and creating an Azure support request, the recommended solutions do not provide information on how to achieve this and as I have a Basic support plan, it doesn't allow me to continue with the support request.

Should I just ignore this email and hope that on 8 Nov 2023 the blocking of domain fronting will be activated automatically, or is there a way for me to activate it now that doesn't require paying for an upgraded Azure support plan?

Answer 1

@Richard McElroy ,

Welcome to the Microsoft Q&A forum.

Based on my understanding from your question above you want to block domain fronting for your existing Azure CDNs. Yes, as stated in this public announcement as well a support request is required to enable domain fronting for your existing Azure CDNs. I understand you do not have a Support Plan; I can help in this regard. I will make a private comment here shortly to help you further on this issue.