You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/frontdoor/troubleshoot-issues.md
+8-9Lines changed: 8 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ services: frontdoor
5
5
author: duongau
6
6
ms.service: azure-frontdoor
7
7
ms.topic: how-to
8
-
ms.date: 04/04/2023
8
+
ms.date: 08/12/2024
9
9
ms.author: duau
10
10
---
11
11
@@ -36,7 +36,7 @@ The cause of this issue can be one of three things:
36
36
### Troubleshooting steps
37
37
38
38
* Send the request to your origin directly without going through Azure Front Door. See how long your origin normally takes to respond.
39
-
* Send the request through Azure Front Door and see if you're getting any 503 responses. If not, the problem may not be a timeout issue. Create a support request to troubleshoot the issue further.
39
+
* Send the request through Azure Front Door and see if you're getting any 503 responses. If not, the problem might not be a timeout issue. Create a support request to troubleshoot the issue further.
40
40
* If requests going through Azure Front Door result in a 503 error response code then configure the **Origin response timeout** for Azure Front Door. You can increase the default timeout to up to 4 minutes (240 seconds). To configure the setting, go to overview page of the Front Door profile. Select **Origin response timeout** and enter a value between *16* and *240* seconds.
41
41
> [!NOTE]
42
42
> The ability to configure Origin response timeout is only available in Azure Front Door Standard/Premium.
@@ -62,7 +62,7 @@ The cause of this issue can be one of three things:
62
62
The cause of this problem can be one of three things:
63
63
64
64
* The backend pool is an IP address.
65
-
* The backend server returns a certificate that doesn't match the FQDN of the Azure Front Door backend pool.
65
+
* The backend server returns a certificate that doesn't match the fully qualified domain name (FQDN) of the Azure Front Door backend pool.
66
66
* The backend pool is an Azure Web Apps server.
67
67
68
68
### Troubleshooting steps
@@ -90,7 +90,7 @@ The cause of this problem can be one of three things:
90
90
91
91
* The backend pool is an Azure Web Apps server:
92
92
93
-
- Check if the Azure web app is configured with IP-based SSL instead of being SNI based. If the web app is configured as IP based, it should be changed to SNI.
93
+
- Check if the Azure web app is configured with IP-based SSL instead of being SNI (server name indication) based. If the web app is configured as IP based, it should be changed to SNI.
94
94
- If the backend is unhealthy because of a certificate failure, a 503 error message is returned. You can verify the health of the backends on ports 80 and 443. If only 443 is unhealthy, it's likely an issue with SSL. Because the backend is configured to use the FQDN, we know it's sending SNI.
95
95
96
96
Use OPENSSL to verify the certificate that's being returned. To do this check, connect to the backend by using `-servername`. It should return the SNI, which needs to match with the FQDN of the backend pool:
@@ -102,7 +102,7 @@ The cause of this problem can be one of three things:
102
102
### Symptom
103
103
104
104
* You created an Azure Front Door instance. A request to the domain or frontend host returns an HTTP 400 status code.
105
-
* You created a DNS mapping for a custom domain to the frontend host that you configured. Sending a request to the custom domain host name returns an HTTP 400 status code. It doesn't appear to route to the backend that you configured.
105
+
* You created a DNS (domain name server) mapping for a custom domain to the frontend host that you configured. Sending a request to the custom domain host name returns an HTTP 400 status code. It doesn't appear to route to the backend that you configured.
106
106
107
107
### Cause
108
108
@@ -150,7 +150,7 @@ This behavior is separate from the web application firewall (WAF) functionality
150
150
### Troubleshooting steps
151
151
152
152
- Verify that your requests are in compliance with the requirements set out in the necessary RFCs.
153
-
- Take note of any HTML message body that's returned in response to your request. A message body often explains exactly *how* your request is noncompliant.
153
+
- Take note of any HTML message body that gets returned in response to your request. A message body often explains exactly *how* your request is noncompliant.
154
154
155
155
## My origin is configured as an IP address.
156
156
@@ -160,10 +160,9 @@ The origin is configured as an IP address. The origin is healthy, but rejecting
160
160
161
161
### Cause
162
162
163
-
Azure Front Door users the origin host name as the SNI header during SSL handshake. Since the origin is configured as an IP address, the failure can be caused by one of the following reasons:
163
+
Azure Front Door users the origin host name as the SNI header during SSL handshake. Since the origin is configured as an IP address, the failure can be one of the following reasons:
164
164
165
-
* Certificate name check is enabled in the Front Door origin configuration. It's recommended to leave this setting enabled. Certificate name check requires the origin host name to match the certificate name or one of the entries in the subject alternative names extension.
166
-
* If certificate name check is disabled, then the cause is likely due to the origin certificate logic rejecting any requests that don't have a valid host header in the request that matches the certificate.
165
+
* If the certificate name check is disabled, it's possible that the cause of the issue lies in the origin certificate logic. This logic might be rejecting any requests that don't have a valid host header matching the certificate.
0 commit comments