Forum Discussion
JasonYeung
Nov 16, 2023Brass Contributor
Domain fronting in Azure Front Door question
I recently received an email from Microsoft that mentions domain fronting will stop before Jan. 8, 2024. I checked what uses Front Door in our Azure tenant and it's a couple of our websites (App Service). I was wondering how do I determine whether our websites use domain fronting? Would this be within Azure or the application itself?
- I am not sure I can fully explain it to you. However, most likely, if you don't know what it is, but you feel you understand your current Front Door setup, you are not using it. I have seen these emails as well and technically they provide you the option to test this out, for instance on an acceptance domain. You would have to create a support ticket for it:
https://azure.microsoft.com/en-us/updates/blocking-domain-fronting-behavior-on-azure-front-door-azure-front-door-classic-and-azure-cdn-standard-from-microsoft-classic/
Some more technical details about domain fronting can be found, for instance, on wikipedia:
https://en.wikipedia.org/wiki/Domain_fronting
But in reality, if you have a setup like:
www.mydomain.com (Frondoor) -> myapp.azurewebsites.net (App Service)
(having custom domains, like app1.mydomain.com setup on the app service makes no difference for this scenario)
you should have nothing to worry about.
Only if you are doing some scenario, and I don't really understand what scenario that would, besides avoiding censorship, where you use www.mydomain.com in the url, but force something else (like the wikipedia example of 'Host: www.youtube.com') in the host header, you are more than likely fine.
- _AndreGCopper ContributorI am not sure I can fully explain it to you. However, most likely, if you don't know what it is, but you feel you understand your current Front Door setup, you are not using it. I have seen these emails as well and technically they provide you the option to test this out, for instance on an acceptance domain. You would have to create a support ticket for it:
https://azure.microsoft.com/en-us/updates/blocking-domain-fronting-behavior-on-azure-front-door-azure-front-door-classic-and-azure-cdn-standard-from-microsoft-classic/
Some more technical details about domain fronting can be found, for instance, on wikipedia:
https://en.wikipedia.org/wiki/Domain_fronting
But in reality, if you have a setup like:
www.mydomain.com (Frondoor) -> myapp.azurewebsites.net (App Service)
(having custom domains, like app1.mydomain.com setup on the app service makes no difference for this scenario)
you should have nothing to worry about.
Only if you are doing some scenario, and I don't really understand what scenario that would, besides avoiding censorship, where you use www.mydomain.com in the url, but force something else (like the wikipedia example of 'Host: www.youtube.com') in the host header, you are more than likely fine.