Azure Front Door - 如何使用默认后端主机名自定义域？

Question

I have an azure app service which enabled custom domain as "www.mysite.com" , we would like to set up a web application firewall on front door to protect slow read http attack.

After setting up Azure Front Door, my front end host is shown as "mysite.azurefd.net" , and the issue of slow read http attack was gone, which is perfect!

But the new problem is, we want to custom front end host to "www.mysite.com" which eventually forwards/redirects to app service with the same domain name, not the default "mysite.azurefd.net" . Because i always want user goes through front door to delivery request to my Azure app service

Is this doable?

Answer 1

just add the custom domain name to the front door and point your dns servers to the front door and you are done.

https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain

Answer 2

But the new problem is, we want to custom front end host to "www.mysite.com" which eventually forwards/redirects to app service with the same domain name, not the default "mysite.azurefd.net".

You can add a custom name to your Azure front door frontend host name but you can not add the same domain name as the custom domain in your app service as A CNAME record is not allowed to coexist with any other data from RFC1912 section 2.4

In this case, you have to add a different domain like sub.mysite.com as the frontend host to your Azure front door like this , then add or update an existing routing rule that map frontend hosts sub.mysite.com with your path like /* to your existing backend pool of web app.