Is it a good practice to use Azure Front Door behind the CloudFlare or not?

Sali 21 Reputation points
2022-04-06T09:36:55.213+00:00

I'm curious if it will be a security enhancement to use both CloudFlare and AzureFD together or not.
The architecture would be like this:

Client => CloudFlare => Azure FD Premium => App Service

Also I want to know if it is possible to parse and validate the JWT token in the AzureFD WAF or not.

Considering security enhancement and DDoS protection (CDN and API Caching are not my priority).
I'l appreciate your ideas and suggestions, as well as your experience on this topic.

Azure DDos Protection
Azure DDos Protection
An Azure service that provides defense against distributed denial-of-service (DDoS) attacks.
49 questions
Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
383 questions
0 comments
Accepted answer
  1. Andriy Bilous 8,726 Reputation points
    2022-04-06T15:09:38.93+00:00

    Hello @Sali

    Your architecture "Client => CloudFlare => Azure FD Premium => App Service" could make sense if you have specific requirements(Capctha, unlimited DDoS Protection, etc).

    Cloudflare has similiar functionality with their own WAF features, custom rules, but with some more advanced options such as JS challenge or Capctha, while Front door has Block, log or redirect action. Cloudflare also provide unlimited DDoS Protection as well.

    Azure Front Door – All traffic from Cloudflare WAF will be routed to Azure Front Door before arriving at App Service.
    Cloudflare – The web application firewall, which manages all traffic that is sent to the App Service.
    App Service - Hosted application

    https://learn.microsoft.com/en-us/Azure/active-directory-b2c/partner-cloudflare

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest