Which is the correct way to configure Azure CDN for public web sites with particular attention to SEO

Simone 1 Reputation point

Hi everyone,
something is not clear using Azure CDN.
I explain step by step what I have done since my website has been created. Call my website www.mypublicwebsite.com. So:

  1. I created a web app on Azure. The website has the following url: https://mypublicwebsite.azurewebsites.net;
  2. I created a custom domain www.mypublicwebsite.com
  3. I redirected all the request from https://mypublicwebsite.azurewebsites.net to www.mypublicwebsite.com. So I solved the problem of duplicated contents for crawlers.

Everything is fine. Then, I decided to create CDN, according the documentation. Here the confusion starts.

  1. I created the CDN profile
  2. I created the endpoint. The endpoint has a new url https://mypublicwebsite.azureedge.net
  3. I deleted the custom domain from web app;
  4. I created the custom domain in cdn profile.

So the current state is this:


This situation is really problematic for SEO. It cannot be the correct configuration. My contents are triplicated.
I partially solved the situation:

  1. I redirected all the request from https://mypublicwebsite.azureedge.net to www.mypublicwebsite.com. So I solved the problem of duplicated content for crawlers.

But crawler (and perhaps users?) can still navigate the origin web site. I have been looking for different solutions:

  • Make a redirect from https://mypublicwebsite.azurewebsites.net to www.mypublicwebsite.com. But this create a infinite redirects loop between the CDN and the origin.
  • Try to hide the origin, but how?

I am honestly starting thinking this is not the correct way to manage cdn. And what if I would also add Front Door? I would have another url again: https://mypublicwebsite.azurefd.net... I think I have not understood something.

Any help please?

Thank you

Azure Content Delivery Network
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
4,939 questions
{count} votes

2 answers

Sort by: Most helpful
  1. SaiKishor-MSFT 16,776 Reputation points

    @Simone Thank you for your patience while I was investigating this issue. I reproduced this setup and was seeing similar behavior i.e., I can still reach the origin website. So in order to fix that, you need to lock down your backend so that only CDN IPs can access it and nothing else. Please follow instructions as given in document to do the same.

    Basically, you will be doing the following steps:

    1. Go to App Service --> Settings (on the left pane)--> Networking--> Access Restrictions - Configure Access Restrictions
    2. Add a rule to allow traffic from the range (Azure CDN from Microsoft's IPv4 backend IP space: with a lower priority example 100
    3. Block all other traffic i.e., traffic from with a higher priority i.e., 200

    This will block all traffic from accessing the origin directly and only allow CDN to reach it. Hope this fixes your issue. Please let me know if you have any further questions/concerns and we will be glad to assist you further. Thank you!


    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

  2. Simone 1 Reputation point

    Hi @SaiKishor-MSFT ,
    I have just a concern... Are you sure that all the Azure CDN from Microsoft all over the world is included in that IP range?

    Thank you