how to make an azurefd endpoint to be like brand.azurefd.net than brand7990090.azurefd.net ?

pedistellar 0 Reputation points
2023-08-01T09:34:23.6566667+00:00

how to make an azurefd endpoint to be like brand.azurefd.net than brand7990090.azurefd.net ?

It's autogenerated and it becomes brand7990090.azurefd.net , but then I see people are making something like: brand.azurefd.net

how to do that?

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
858 questions
{count} votes

1 answer

Sort by: Most helpful
  1. KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator
    2023-08-01T10:31:45.2266667+00:00

    @pedistellar

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to create an endpoint with a streamlined name in Azure Front Door.

    I am afraid this won't be possible.

    Azure generates a unique subdomain in this format : <endpointname>-hash.z01.azurefd.net

    The intention here is to prevent subdomain takeover

    What is a Subdomain TakeOver:

    • Let's say we have a legitimate user USERA (from CompanyA) and Malicious actor USERX
    • USERA creates a domain companyA.azurefd.net
      • All the users of companyA access through companyA.azurefd.net
    • For some reason, companyA.azurefd.net endPoint gets deleted
    • Now, Malicious actor USERX creates a new endPoint companyA.azurefd.net (in a different subscription with different backend Origins)
    • In this case, users are forwarded to Malicious origins behind the newly created companyA.azurefd.net endPoint.
      • Thus, this leads to users to an unknown site.
    • More information:

    What can be done here is:

    • You must consider Adding a custom domain to Azure Front Door
    • Let's say you create an endPoint companyA-hashA.azurefd.net
    • And your CNAME(www.companyA.com) points towards "companyA-hashA.azurefd.net"
    • Now, even if Malicious actor USERX tried to create an endPoint "companyA", they will end up with "companyA-hashX.azurefd.net"
    • So, your CNAME record will always be pointing to companyA-hashA.azurefd.net (even if the endPoint is deleted) and never to companyA-hashX.azurefd.net

    Hope I was able to provide clarity on why we add this hash to the endPoint names.

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil


    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.