Merge pull request #253546 from duongau/afdfresh2

Front Door - Freshness Batch 1 (October 2023)

Author: v-regandowner

articles/frontdoor/front-door-ddos.md

@@ -6,49 +6,49 @@ author: duongau
 ms.service: frontdoor
 ms.topic: conceptual
 ms.workload: infrastructure-services
-ms.date: 10/31/2022
+ms.date: 10/05/2023
 ms.author: duau
 ---
 
 # DDoS protection on Front Door
 
-Azure Front Door has several features and characteristics that can help to prevent distributed denial of service (DDoS) attacks. These features can prevent attackers from reaching your application and affecting your application's availability and performance.
+By using Azure Front Door, you can protect your application from distributed denial of service (DDoS) attacks. Azure Front Door offers several features and characteristics that can block attackers from reaching your application and affecting its availability and performance.
 
 ## Infrastructure DDoS protection
 
-Front Door is protected by the default Azure infrastructure DDoS protection. The full scale and capacity of Front Door's globally deployed network provides defense against common network layer attacks through always-on traffic monitoring and real-time mitigation. This infrastructure DDoS protection has a proven track record in protecting Microsoft's enterprise and consumer services from large-scale attacks.
+Azure Front Door benefits from the default Azure infrastructure DDoS protection. This protection monitors and mitigates network layer attacks in real time by using the global scale and capacity of Front Door’s network. This protection has a proven track record in safeguarding Microsoft’s enterprise and consumer services from large-scale attacks.
 
 ## Protocol blocking
 
-Front Door only accepts traffic on the HTTP and HTTPS protocols, and will only process valid requests with a known `Host` header. This behavior helps to mitigate some common DDoS attack types including volumetric attacks that are spread across a range of protocols and ports, DNS amplification attacks, and TCP poisoning attacks.
+Azure Front Door supports only the HTTP and HTTPS protocols, and requires a valid `Host`` header for each request. This behavior helps to prevent some common DDoS attack types such as volumetric attacks that use various protocols and ports, DNS amplification attacks, and TCP poisoning attacks.
 
 ## Capacity absorption
 
-Front Door is a large scaled, globally distributed service. We have many customers, including Microsoft's own large-scale cloud products that receive hundreds of thousands of requests each second. Front Door is located at the edge of Azure's network, absorbing and geographically isolating large volume attacks. This can prevent malicious traffic from going any further than the edge of the Azure network.
+Azure Front Door is a large-scale, globally distributed service. It serves many customers, including Microsoft’s own cloud products that handle hundreds of thousands of requests per second. Front Door is situated at the edge of Azure’s network, where it can intercept and geographically isolate large volume attacks. Therefore, Front Door can prevent malicious traffic from reaching beyond the edge of the Azure network.
 
 ## Caching
 
-[Front Door's caching capabilities](./front-door-caching.md) can be used to protect backends from large traffic volumes generated by an attack. Cached resources will be returned from the Front Door edge nodes so they don't get forwarded to your backend. Even short cache expiry times (seconds or minutes) on dynamic responses can greatly reduce load on backend services. For more information about caching concepts and patterns, see [Caching considerations](/azure/architecture/best-practices/caching) and [Cache-aside pattern](/azure/architecture/patterns/cache-aside).
+You can use [Front Door’s caching capabilities](./front-door-caching.md) to protect your backends from large traffic volumes generated by an attack. Front Door edge nodes return cached resources and avoid forwarding them to your backend. Even short cache expiry times (seconds or minutes) on dynamic responses can significantly reduce the load on your backend services. For more information about caching concepts and patterns, see [Caching considerations](/azure/architecture/best-practices/caching) and [Cache-aside pattern](/azure/architecture/patterns/cache-aside).
 
 ## Web Application Firewall (WAF)
 
-[Front Door's Web Application Firewall (WAF)](../web-application-firewall/afds/afds-overview.md) can be used to mitigate many different types of attacks:
+You can use [Front Door's Web Application Firewall (WAF)](../web-application-firewall/afds/afds-overview.md) to mitigate many different types of attacks:
 
-* Using the managed rule set provides protection against many common attacks. For more information, see [Managed rules](../web-application-firewall/afds/waf-front-door-drs.md).
-* Traffic from outside a defined geographic region, or within a defined region, can be blocked or redirected to a static webpage. For more information, see [Geo-filtering](../web-application-firewall/afds/waf-front-door-geo-filtering.md).
-* IP addresses and ranges that you identify as malicious can be blocked. For more information, see [IP restrictions](../web-application-firewall/afds/waf-front-door-configure-ip-restriction.md).
-* Rate limiting can be applied to prevent IP addresses from calling your service too frequently. For more information, see [Rate limiting](../web-application-firewall/afds/waf-front-door-rate-limit.md).
-* You can create [custom WAF rules](../web-application-firewall/afds/waf-front-door-custom-rules.md) to automatically block and rate limit HTTP or HTTPS attacks that have known signatures.
-* Using the bot protection managed rule set provides protection against known bad bots. For more information, see [Configuring bot protection](../web-application-firewall/afds/waf-front-door-policy-configure-bot-protection.md).
+* The managed rule set protects your application from many common attacks.  For more information, see [Managed rules](../web-application-firewall/afds/waf-front-door-drs.md).
+* You can block or redirect traffic from outside or inside a specific geographic region to a static webpage. For more information, see [Geo-filtering](../web-application-firewall/afds/waf-front-door-geo-filtering.md).
+* You can block IP addresses and ranges that you identify as malicious. For more information, see [IP restrictions](../web-application-firewall/afds/waf-front-door-configure-ip-restriction.md).
+* You can apply rate limiting to prevent IP addresses from calling your service too frequently. For more information, see [Rate limiting](../web-application-firewall/afds/waf-front-door-rate-limit.md).
+* You can create [custom WAF rules](../web-application-firewall/afds/waf-front-door-custom-rules.md)  to automatically block and rate limit HTTP or HTTPS attacks that have known signatures.
+* The bot protection managed rule set protects your application from known bad bots. For more information, see [Configuring bot protection](../web-application-firewall/afds/waf-front-door-policy-configure-bot-protection.md).
 
 Refer to [Application DDoS protection](../web-application-firewall/shared/application-ddos-protection.md) for guidance on how to use Azure WAF to protect against DDoS attacks.
 
-## Protect VNet origins
+## Protect virtual network origins
 
-Enable [Azure DDoS Protection](../ddos-protection/ddos-protection-overview.md) on the origin VNet to protect your public IPs against DDoS attacks. DDoS Protection customers receive extra benefits including cost protection, SLA guarantee, and access to experts from the DDoS Rapid Response Team for immediate help during an attack.
+To protect your public IPs from DDoS attacks, enable [Azure DDoS Protection](../ddos-protection/ddos-protection-overview.md) on the origin virtual network. DDoS Protection customers receive extra benefits such as cost protection, SLA guarantee, and access to experts from the DDoS Rapid Response Team for immediate assistance during an attack.
 
 ## Next steps
 
-- Learn how to configure a [WAF policy for Azure Front Door](front-door-waf.md). 
+- Learn how to set up a [WAF policy for Azure Front Door](front-door-waf.md). 
 - Learn how to [create an Azure Front Door profile](quickstart-create-front-door.md).
 - Learn [how Azure Front Door works](front-door-routing-architecture.md).

articles/frontdoor/front-door-security-headers.md

@@ -6,7 +6,7 @@ author: duongau
 ms.service: frontdoor
 ms.topic: tutorial
 ms.workload: infrastructure-services
-ms.date: 10/28/2022
+ms.date: 10/05/2023
 ms.author: duau
 ms.custom: template-tutorial, engagement-fy23
 # Customer intent: As an IT admin, I want to learn about Front Door and how to configure a security header via Rules Engine. 
@@ -44,7 +44,7 @@ In this tutorial, you learn how to:
    > [!NOTE]
    > Header values are limited to 640 characters.
 
-5. Once you've added all of the rules you'd like to your configuration, don't forget to go to your preferred route and associate your Rules engine configuration to the Route Rule. This step is required to enable the rule to work.
+5. After you have completed adding the rules to your configuration, make sure to associate your Rules engine configuration with the Route Rule of your chosen route. This step is required to enable the rule to work.
 
     :::image type="content" source="./media/front-door-security-headers/front-door-associate-routing-rule.png" alt-text="Screenshot showing how to associate a routing rule.":::
 

articles/frontdoor/origin-security.md

@@ -1,13 +1,13 @@
 ---
 title: Secure traffic to origins
 titleSuffix: Azure Front Door
-description: This article explains how to restrict traffic to your origins to ensure it's been processed by Azure Front Door.
+description: This article explains how to ensure that your origins receive traffic only from Azure Front Door.
 services: front-door
 author: johndowns
 ms.service: frontdoor
 ms.topic: conceptual
 ms.workload: infrastructure-services
-ms.date: 10/25/2022
+ms.date: 10/02/2023
 ms.author: jodowns
 zone_pivot_groups: front-door-tiers
 ---