Traffic forwarding instead of redirecting.

Alex Lisitsa 1 Reputation point
2023-01-26T14:54:07.82+00:00

Hello everyone! I have the following infrastructure.

User's image

The main idea is to use the AFD as a proxy to forward traffic from the java apps to the different azure services (based on the endpoint path)

All the things that I was configuring in the AFD just redirected the traffic with the 3xx status.

And that shouldn't work for me because the Java app firewall allows only the coolhost.com host with the 443 port.

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
582 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 41,921 Reputation points
    2023-01-26T15:10:21.94+00:00

    Hi Alex,

    Did you used 308 for redirect? I suggest you to share the config and also review this link, [https://learn.microsoft.com/en-us/azure/frontdoor/front-door-url-redirect?pivots=front-door-standard-premium

    I suggest review the destination path config and apply to the AFD.

    Hope this helps.

    JS

    ==

    Please Accept the answer if the information helped you. This will help us and others in the community as well.

  2. KapilAnanth-MSFT 35,336 Reputation points Microsoft Employee
    2023-01-30T04:25:52.2166667+00:00

    Hi @Alex Lisitsa ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know why your Azure FrontDoor is redirecting the backend pool URL.

    Per our discussion, I see that,

    • AppService also has a domain of coolhost.com.
    • And the Azure VM has a domain of myvm.com. (different from AFD)

    This issue can be expected from the VM as there is a domain mismatch between the AFD's custom domain and that of VM's.

    However, as long as AppService and AFD have the same domain, this issue should not be happening.

    Having a different host name at the reverse proxy (in our case, AFD) than the one that's provided to the back-end application server can lead to cookies or redirect URLs that don't work properly. For example, session state can get lost, authentication can fail, or back-end URLs can inadvertently be exposed to end users. This is what is happening in your case.

    The recommended solution for this issue is to preserve the original HTTP host name when you use a reverse proxy in front of a web application.

    Refer the below docs for more details on this issue:

    You wanted to know if we can have the same host name for AppService and AFD,

    Keeping the same domain for AppService and AFD is doable.

    This would require you to have a custom domain configured in the App Service.

    You can refer to Configure a custom domain on Azure Front Door using the Azure portal

    Check Under Azure pre-validated domain to get this configured

    You wanted to know ,

    Is it possible to have the same domain name for the AppService and VM? In this case, I don't need to have the AFD service anymore.

    • I am afraid this is not a correct approach.
    • While we can have the same domain for both AppService and VM, you will not be able to configure the DNS part of it
    • Assume you have created a domain coolhost.com : And you have two Public IPs, one from AppService and one from VM.
    • Now, DNS of 'coolhost.com' can only resolve to one IP and thus, this method fails.

    Using a same domain for AppService, AzureVM and AFD should be the right approach to fix this.

    Additionally, you can consider using App Gateway in place of AFD.

    Please let me know if you require more information on this, I shall be glad to address them as always.

    Thanks,

    Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    Appreciate if you can upvote the same

    0 comments