504 Gateway Timeout on my site via Azure Front Door.

Question

"Hi AzureSupport, I’m getting a persistent 504 Gateway Timeout on my site via Azure Front Door. The error says it can't connect to the origin server. My backend seems fine, but the connection is failing at the Front Door level. Can you help me check for any regional issues or common misconfigurations for origin timeouts? Site is #bookanyinfluencer.

Answer 1

Hello **Ahmad Mahmood
**I understand you’re encountering a 504 error when accessing the front door URL.

Could you let me know what the backend for the front door is?

Also, please check the front door access logs to see how much time the server is taking during the 504 error. Compare the time taken by the front door and the server. If the backend is taking more time, try increasing the timeout at the front door level and check again.**

**You can also collect the tracking reference ID in the access logs when encountering the 504 error. Use this reference ID to check logs in your Azure portal. Please refer to the following document for collecting the logs:

https://learn.microsoft.com/en-us/troubleshoot/azure/front-door/refstring?source=recommendations&tabs=edge

According to Microsoft’s troubleshooting documentation, a 504 response from Azure Front Door usually happens when:

• The origin server takes longer than the set timeout to respond.
• The backends response transmission goes beyond the allowed timeout period.
• Or the origin server cannot be reached from the Azure Front Door edge network.
• And check if you have configured the health probe and whether it is responding properly.

Azure Front Door also checks backend health using regular health probes. These probes use the same routing protocol and port, and the backend must return an HTTP 200 OK response to be seen as healthy. Any other response or connection issue may mark the origin as unhealthy, leading to request failures or timeout errors.

Reference document:

https://learn.microsoft.com/en-us/troubleshoot/azure/front-door/troubleshoot-issues

https://learn.microsoft.com/en-us/azure/frontdoor/health-probes

Additionally, Azure Front Door Standard/Premium lets you set the Origin Response Timeout between 16 and 240 seconds. If your backend needs more time to process requests in certain cases, adjusting this timeout may reduce such responses. It’s also important to check backend performance and connectivity.

 At this point, we suggest checking the backend network allow-list, health probe setup, Origin Host Header, and TLS certificate alignment in your Azure Front Door configuration for the application.

---

I hope the above answer helps you! Please let us know if you have any further questions.

Please don't forget to "upvote" where the information provided will help you, this can be beneficial to other members of the community.

Answer 2

Ahmad Mahmood hey hey and thx for stay with us at Q&A.

504 from Front Door = it cant reach ur backend or backend too slow. “backend seems fine” usually means “works from ur laptop” 😄 not from Front Door edge. most common issues are origin not reachable from internet Front Door needs public access unless u set up private link correctly, try to test from outside

curl -I https://your-origin

if that fails thats it

wrong host header / TLS mismatch if origin expects specific host (like app service), but Front Door sends default backend rejects, check origin config

• origin host header
• custom domain binding on backend

timeout Front Door default timeout is not huge if backend slow (db, cold start, whatever) 504

network restrictions backend blocked by

• NSG
• firewall
• app service access restrictions

Front Door IPs must be allowed. Health probes failing if probe cant reach backend > Front Door marks it unhealthy > u get 504, check probe path + response (must return 200 fast)

So.... quick reality check hit backend directly via its public URL then hit through Front Door if direct works but FD fails, config issue 100 percent

rgds,

Alex

Answer 3

Hi Ahmad Mahmood,

Thanks for reaching out in Microsoft Q&A forum,

Can you help me check for any regional issues or common misconfigurations for origin timeouts? Site is #bookanyinfluencer.

There are no active regional Azure Front Door outages reported today (April 7, 2026). The last major global incident was in October 2025 and has been fully resolved.

Since your backend is fine but Front Door can't connect, here's what's most likely happening and how to fix it.

1. Check Origin Health Status First Head to the Azure Portal and navigate to your Front Door profile → Origin groups → select your group → check the "Health status" column. If it shows "Unhealthy" or "Unknown," that's your smoking gun. You can also run this in Cloud Shell:

      az afd origin show \
      --resource-group <your-rg> \
      --profile-name <your-frontdoor-profile> \
      --origin-group-name <origin-group> \
      --name <origin-name>
   

2. Most Common Causes for "Cannot Connect to Origin"
   • NSG or Firewall blocking Front Door – This is the #1 culprit. Your backend's network security group or firewall needs to allow inbound traffic from the AzureFrontDoor.Backend service tag on port 443 (or 80 if HTTP). Without this, Front Door's probes and requests get dropped silently.
   • Private Link not approved – If you're using a Private Endpoint, make sure it's in "Connected" state, not "Pending." A pending approval means Front Door can't route traffic through.
   • Health probe failing – Your probe path needs to return a clean 200 OK. If it's returning a 301 redirect (common with HTTP→HTTPS redirects) or 404, Front Door marks the origin unhealthy and stops sending traffic.
   • Origin timeout too short – The default timeout might be too aggressive for your backend. You can bump this up to 120–240 seconds temporarily in the Front Door profile settings under "Origin response timeout."
   • Certificate name mismatch – If you're using an IP address as your origin instead of an FQDN, Front Door's certificate validation will fail. Either switch to an FQDN or disable EnforceCertificateNameCheck in the origin settings.
3. Test Backend Directly from the Same Region Spin up a Cloud Shell session or Azure VM in the same region as your origin and hit it directly:

      curl -o /dev/null -s -w "Total: %{time_total}s\n" https://<your-origin-url>
   

   If this completes in under 5 seconds but Front Door still times out, you've got a network path issue—almost certainly an NSG rule, firewall, or Private Link configuration problem.
4. Enable Diagnostics for Real-Time Debugging If you have diagnostics logging enabled, run this Kusto query in Log Analytics to see exactly what's timing out:

      AzureDiagnostics
      | where ResourceProvider == "MICROSOFT.CDN"
      | where httpStatusCode_d == 504
      | project TimeGenerated, requestUri_s, originName_s, originResponseTime_s, failureReason_s
      | order by TimeGenerated desc
      | take 50
   

   This shows you the exact timeout values, which origin failed, and often the specific failure reason.

Immediate Action Plan

1. Check Azure Service Health for your specific subscription at the Azure Status Portal
2. Verify your NSG rules allow the AzureFrontDoor.Backend service tag on the right ports
3. Temporarily increase the origin response timeout to 120 seconds in the Front Door profile settings
4. Check your health probe logs for 301/302 redirects or connection failures

For #bookanyinfluencer, if you're running on Azure App Service, a VM, or containers, the most likely culprit is an NSG rule or a health probe that's getting redirected instead of returning 200. Start there and you should find it quickly.

Reference: Troubleshoot Azure Front Door common issues

Kindly let us know if the above helps or you need further assistance on this issue.

Please do not forget to and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.