Azure Front Door

One year ago, Microsoft introduced the general availability (GA) of Azure Front Door, a scalable and secure entry point for web applications and a global HTTP(s) load balancer. https://azure.microsoft.com/en-us/blog/azure-front-door-service-is-now-generally-available/

You can use Front Door with Azure services including Web/Mobile Apps, Cloud Services and Virtual Machines – or combine it with on-premises services for hybrid deployments and smooth cloud migration. With Azure Front Door, you can use the following features:

  • Accelerate application performance
  • HTTP(s) load balancer
  • Increase application availability with smart health probes
  • URL-based routing
  • Multiple-site hosting
  • Session affinity
  • TLS termination
  • Custom domains and certificate management
  • Application layer security
  • URL redirection
  • URL rewrite
  • Protocol support – IPv6 and HTTP/2 traffic

In this article, I will create a Front Door for a highly available global web application called “WebApplicationMaster”.

First, I create two WebApp that run in different Azure regions and both the web application instances run in Active/Active mode.

  1. Sign in to the Azure portal
  2. From the home page, select “Create a resource”.
  3. Select “Web” then “Web App”.

WebAppMaster1 is located in West Europe region and WebAppMaster2 is located in East US region.

WebAppMaster1 WebAppMaster2

Next, I create a Front Door for my application

Create a Front Door

Select the subscription and a resource group

Select the subscription

On the next page, add a frontend host

Add a frontend host

Next, add a backend that contains both WebApp

Add a backend that contains both WebApp

Add the second WebApp and validate the page

Add the second WebApp and validate the page

And finally, you must add a routing rule. A routing rule maps your frontend host to the backend pool. The rule forwards a request for “WebAppMaster.azurefd.net” to “WebAppBackend”.

Add a routing rule

You should have something similar to this screenshot

Domains/ pools/ rules

It is time to test Azure Front Door. First, I can confirm that both WebApp are up and running

Test Azure Front Door

Then, I browse to https://WebAppMaster.azurefd.net. Of course, in the Front Door configuration, you can use your customer domain instead of “azurefd.net”.

Front Door configuration

Next, stop the first WebApp to confirm that Azure Front Door is redirecting your traffic

Stop the first WebApp

Traffic is redirected to the second WebApp

Traffic is redirected

And then, stop the second WebApp to confirm that Azure Front Door is showing the 403 status code.

Stop the second WebApp

Next step is to add Web Application Firewall Policy, so start both WebApp and go back to the home page to search “Web Application Firewall Policy”

Add Web Application Firewall Policy

On this blade, you must select the purpose of the policy which is Global WAF in this case, then add a friendly name to this policy.

Select the purpose of the policy

On this page, we add a “redirect URL” to the official Microsoft documentation and select “Prevention” instead of “Detection”. Later, we will add a customer rule to redirect the traffic to this page.

Global WAF

Associate the WAF policy to your frontend and confirm in the Azure Front Door blade that the WAF policy appears

WAF policy

Here, I edit the WAF policy in order to add a customer rule that will redirect French traffic to the Microsoft documentation website.

Add a friendly name to this rule, add a priority and configure the conditions. In my case, I want to redirect French traffic based on the geo location.

Add custom rule

VSAN from StarWind eliminates any need for physical shared storage just by mirroring internal flash and storage resources between hypervisor servers. Furthermore, the solution can be run on the off-the-shelf hardware. Such design allows VSAN from StarWind to not only achieve high performance and efficient hardware utilization but also reduce operational and capital expenses.
Find out more about ➡ VSAN from StarWind

Wait a few seconds after applying the rule and Azure Front Door will redirect the traffic. Below is the “before/after” screenshot for French traffic

A “before/after” screenshot for traffic

Conclusion

Thanks to Azure Front Door, you can easily manage and secure your web application traffic. Azure Front Door pricing can be found on the following page: https://azure.microsoft.com/en-us/pricing/details/frontdoor/

Views All Time
7
Views Today
16
Appreciate how useful this article was to you?
No Ratings Yet
Loading...
Back to blog
The following two tabs change content below.
Nicolas Prigent
Nicolas Prigent
Nicolas Prigent works as an IT Production Manager, based in Paris, with a primary focus on Microsoft technologies. Nicolas is a three-time Microsoft MVP in Cloud and Datacenter Management with 10 years experience in administering Windows products. He also received the "PowerShell Heroes 2016" Award.