Skip to content

Commit d333ce5

Browse files
committed
freshness review - 8/12
1 parent 880ed75 commit d333ce5

File tree

1 file changed

+8
-9
lines changed

1 file changed

+8
-9
lines changed

articles/frontdoor/troubleshoot-issues.md

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ services: frontdoor
55
author: duongau
66
ms.service: azure-frontdoor
77
ms.topic: how-to
8-
ms.date: 04/04/2023
8+
ms.date: 08/12/2024
99
ms.author: duau
1010
---
1111

@@ -36,7 +36,7 @@ The cause of this issue can be one of three things:
3636
### Troubleshooting steps
3737

3838
* Send the request to your origin directly without going through Azure Front Door. See how long your origin normally takes to respond.
39-
* Send the request through Azure Front Door and see if you're getting any 503 responses. If not, the problem may not be a timeout issue. Create a support request to troubleshoot the issue further.
39+
* Send the request through Azure Front Door and see if you're getting any 503 responses. If not, the problem might not be a timeout issue. Create a support request to troubleshoot the issue further.
4040
* If requests going through Azure Front Door result in a 503 error response code then configure the **Origin response timeout** for Azure Front Door. You can increase the default timeout to up to 4 minutes (240 seconds). To configure the setting, go to overview page of the Front Door profile. Select **Origin response timeout** and enter a value between *16* and *240* seconds.
4141
> [!NOTE]
4242
> The ability to configure Origin response timeout is only available in Azure Front Door Standard/Premium.
@@ -62,7 +62,7 @@ The cause of this issue can be one of three things:
6262
The cause of this problem can be one of three things:
6363

6464
* The backend pool is an IP address.
65-
* The backend server returns a certificate that doesn't match the FQDN of the Azure Front Door backend pool.
65+
* The backend server returns a certificate that doesn't match the fully qualified domain name (FQDN) of the Azure Front Door backend pool.
6666
* The backend pool is an Azure Web Apps server.
6767

6868
### Troubleshooting steps
@@ -90,7 +90,7 @@ The cause of this problem can be one of three things:
9090

9191
* The backend pool is an Azure Web Apps server:
9292

93-
- Check if the Azure web app is configured with IP-based SSL instead of being SNI based. If the web app is configured as IP based, it should be changed to SNI.
93+
- Check if the Azure web app is configured with IP-based SSL instead of being SNI (server name indication) based. If the web app is configured as IP based, it should be changed to SNI.
9494
- If the backend is unhealthy because of a certificate failure, a 503 error message is returned. You can verify the health of the backends on ports 80 and 443. If only 443 is unhealthy, it's likely an issue with SSL. Because the backend is configured to use the FQDN, we know it's sending SNI.
9595

9696
Use OPENSSL to verify the certificate that's being returned. To do this check, connect to the backend by using `-servername`. It should return the SNI, which needs to match with the FQDN of the backend pool:
@@ -102,7 +102,7 @@ The cause of this problem can be one of three things:
102102
### Symptom
103103

104104
* You created an Azure Front Door instance. A request to the domain or frontend host returns an HTTP 400 status code.
105-
* You created a DNS mapping for a custom domain to the frontend host that you configured. Sending a request to the custom domain host name returns an HTTP 400 status code. It doesn't appear to route to the backend that you configured.
105+
* You created a DNS (domain name server) mapping for a custom domain to the frontend host that you configured. Sending a request to the custom domain host name returns an HTTP 400 status code. It doesn't appear to route to the backend that you configured.
106106

107107
### Cause
108108

@@ -150,7 +150,7 @@ This behavior is separate from the web application firewall (WAF) functionality
150150
### Troubleshooting steps
151151

152152
- Verify that your requests are in compliance with the requirements set out in the necessary RFCs.
153-
- Take note of any HTML message body that's returned in response to your request. A message body often explains exactly *how* your request is noncompliant.
153+
- Take note of any HTML message body that gets returned in response to your request. A message body often explains exactly *how* your request is noncompliant.
154154

155155
## My origin is configured as an IP address.
156156

@@ -160,10 +160,9 @@ The origin is configured as an IP address. The origin is healthy, but rejecting
160160

161161
### Cause
162162

163-
Azure Front Door users the origin host name as the SNI header during SSL handshake. Since the origin is configured as an IP address, the failure can be caused by one of the following reasons:
163+
Azure Front Door users the origin host name as the SNI header during SSL handshake. Since the origin is configured as an IP address, the failure can be one of the following reasons:
164164

165-
* Certificate name check is enabled in the Front Door origin configuration. It's recommended to leave this setting enabled. Certificate name check requires the origin host name to match the certificate name or one of the entries in the subject alternative names extension.
166-
* If certificate name check is disabled, then the cause is likely due to the origin certificate logic rejecting any requests that don't have a valid host header in the request that matches the certificate.
165+
* If the certificate name check is disabled, it's possible that the cause of the issue lies in the origin certificate logic. This logic might be rejecting any requests that don't have a valid host header matching the certificate.
167166

168167
### Troubleshooting steps
169168

0 commit comments

Comments
 (0)