Skip to content

Commit d24a307

Browse files
duongauduongau
committed
Merge branch 'patch-42' of https://github.com/jessie-jyy/Jessie-azure-docs-pr into frontingfaq
2 parents 482c757 + ace2ffb commit d24a307

File tree

1 file changed

+2
-4
lines changed

1 file changed

+2
-4
lines changed

articles/frontdoor/front-door-faq.yml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -209,10 +209,8 @@ sections:
209209
- question: |
210210
How does Front Door handle ‘domain fronting’ behavior?
211211
answer: |
212-
Beginning November 8, 2022, all newly created Azure Front Door (Standard, Premium and Classic tier) or Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain fronting behavior. Requests where the host header in HTTP/HTTPS requests that doesn't match the original TLS SNI extension used during the TLS negotiation gets blocked.
213-
214-
If you wish to block domain fronting for an existing Azure Front Door or Azure CDN Standard from Microsoft (classic) resources, create a support request and provide your subscription and
215-
resource information. Once domain fronting gets blocked, Azure Front Door and Azure CDN Standard from Microsoft (classic) resources block any HTTP/HTTPS requests that exhibit this behavior.
212+
Beginning November 8, 2022, all newly created Azure Front Door (Standard, Premium and Classic tier) or Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain fronting behavior. Requests where the host header in HTTP/HTTPS requests that doesn't match the original TLS SNI extension used during the TLS negotiation gets blocked. Starting from September 25 2023, Azure Front Door updated the domain fronting blocking restrictions based on feedback from customers while not compromosing security. Instead of blocking a requests when the SNI and host headers do not match, AFD is allowing the mismatch as long as the two are added as domains in the same subscription. Starting from November 8 2023, AFD will enforce domain fronting blocking on all existing domains.
213+
Once domain fronting gets blocked, Azure Front Door and Azure CDN Standard from Microsoft (classic) resources block any HTTP/HTTPS requests that exhibit this behavior.
216214
217215
When Front Door blocks a request due to a mismatch:
218216
- The client receives an HTTP "421 Misdirected Request" error code response.

0 commit comments

Comments
 (0)