The redirect url is broken in AFD

Khang Vo Duy 20 Reputation points
2024-11-15T06:24:08.7633333+00:00

I have an App Service, in this app service there are 4 custom domains. I use AFD but when I access the url in font/domain it redirected to custom domain in App Service
Why is it like that?

Do I need to create a ruleset in AFD to point to the domain in fontends/domains?

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
699 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,960 questions
0 comments No comments
{count} votes

Accepted answer
  1. Ganesh Patapati 1,745 Reputation points Microsoft Vendor
    2024-11-15T15:40:24.6766667+00:00

    Hi Khang Vo Duy

    Greetings!

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    We recommend that you preserve the original HTTP host name when you use a reverse proxy in front of a web application. Having a different host name at the reverse proxy than the one that's provided to the back-end application server can lead to cookies or redirect URLs that don't work properly. For example, session state can get lost, authentication can fail, or back-end URLs can inadvertently be exposed to end users. You can avoid these problems by preserving the host name of the initial request so that the application server sees the same domain as the web browser.

    This guidance applies especially to applications that are hosted in platform as a service (PaaS) offering like Azure App Service and Azure Spring Apps. This article provides specific implementation guidance for Azure Application Gateway, Azure Front Door, and Azure API Management, which are commonly used reverse proxy services.

    NOTE: Web APIs are generally less sensitive to the problems caused by host name mismatches. They don't usually depend on cookies, unless you use cookies to secure communications between a single-page app and its back-end API, for example, in a pattern known as Backends for Frontends. Web APIs often don't return absolute URLs back to themselves, except in certain API styles, like Open Data Protocol (OData) and HATEOAS. If your API implementation depends on cookies or generates absolute URLs, the guidance provided in this article does apply.

    If you require end-to-end TLS/SSL (the connection between the reverse proxy and the back-end service uses HTTPS), the back-end service also needs a matching TLS certificate for the original host name. This requirement adds operational complexity when you deploy and renew certificates, but many PaaS services offer free TLS certificates that are fully managed.

    Refer: https://learn.microsoft.com/en-us/azure/architecture/best-practices/host-name-preservation#context

    (OR)

    1. First you need to configure web app is the origin of the front door. Next, we need to add all custom domains in the front door. 
    2. After we need to remove existing A records in DNS zone. you need to map CNAME record to front door in the DNS zone.

    Refer: https://learn.microsoft.com/en-us/azure/frontdoor/how-to-configure-origin


    If above is unclear and/or you are unsure about something add a comment below.

    Please click Accept Answer and upvote if the above was helpful.

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    Thanks.

    Ganesh


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.