Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Azure Front Door Overview

  • July 2, 2020
  • 7 min read
IT Production Manager. Nicolas is primarily focused on Microsoft technologies, he is a Microsoft MVP in Cloud and Datacenter Management.
IT Production Manager. Nicolas is primarily focused on Microsoft technologies, he is a Microsoft MVP in Cloud and Datacenter Management.

Azure Front Door

One year ago, Microsoft introduced the general availability (GA) of Azure Front Door, a scalable and secure entry point for web applications and a global HTTP(s) load balancer. https://azure.microsoft.com/en-us/blog/azure-front-door-service-is-now-generally-available/

You can use Front Door with Azure services including Web/Mobile Apps, Cloud Services and Virtual Machines – or combine it with on-premises services for hybrid deployments and smooth cloud migration. With Azure Front Door, you can use the following features:

  • Accelerate application performance
  • HTTP(s) load balancer
  • Increase application availability with smart health probes
  • URL-based routing
  • Multiple-site hosting
  • Session affinity
  • TLS termination
  • Custom domains and certificate management
  • Application layer security
  • URL redirection
  • URL rewrite
  • Protocol support – IPv6 and HTTP/2 traffic

In this article, I will create a Front Door for a highly available global web application called “WebApplicationMaster”.

First, I create two WebApp that run in different Azure regions and both the web application instances run in Active/Active mode.

  1. Sign in to the Azure portal
  2. From the home page, select “Create a resource”.
  3. Select “Web” then “Web App”.

WebAppMaster1 is located in West Europe region and WebAppMaster2 is located in East US region.

WebAppMaster1 WebAppMaster2

Next, I create a Front Door for my application

Create a Front Door

Select the subscription and a resource group

Select the subscription

On the next page, add a frontend host

Add a frontend host

Next, add a backend that contains both WebApp

Add a backend that contains both WebApp

Add the second WebApp and validate the page

Add the second WebApp and validate the page

And finally, you must add a routing rule. A routing rule maps your frontend host to the backend pool. The rule forwards a request for “WebAppMaster.azurefd.net” to “WebAppBackend”.

Add a routing rule

You should have something similar to this screenshot

Domains/ pools/ rules

It is time to test Azure Front Door. First, I can confirm that both WebApp are up and running

Test Azure Front Door

Then, I browse to https://WebAppMaster.azurefd.net. Of course, in the Front Door configuration, you can use your customer domain instead of “azurefd.net”.

Front Door configuration

Next, stop the first WebApp to confirm that Azure Front Door is redirecting your traffic

Stop the first WebApp

Traffic is redirected to the second WebApp

Traffic is redirected

And then, stop the second WebApp to confirm that Azure Front Door is showing the 403 status code.

Stop the second WebApp

Next step is to add Web Application Firewall Policy, so start both WebApp and go back to the home page to search “Web Application Firewall Policy”

Add Web Application Firewall Policy

On this blade, you must select the purpose of the policy which is Global WAF in this case, then add a friendly name to this policy.

Select the purpose of the policy

On this page, we add a “redirect URL” to the official Microsoft documentation and select “Prevention” instead of “Detection”. Later, we will add a customer rule to redirect the traffic to this page.

Global WAF

Associate the WAF policy to your frontend and confirm in the Azure Front Door blade that the WAF policy appears

WAF policy

Here, I edit the WAF policy in order to add a customer rule that will redirect French traffic to the Microsoft documentation website.

Add a friendly name to this rule, add a priority and configure the conditions. In my case, I want to redirect French traffic based on the geo location.

Add custom rule

Wait a few seconds after applying the rule and Azure Front Door will redirect the traffic. Below is the “before/after” screenshot for French traffic

A “before/after” screenshot for traffic

Conclusion

Thanks to Azure Front Door, you can easily manage and secure your web application traffic. Azure Front Door pricing can be found on the following page: https://azure.microsoft.com/en-us/pricing/details/frontdoor/

Found Nicolas’s article helpful? Looking for a reliable, high-performance, and cost-effective shared storage solution for your production cluster?
Dmytro Malynka
Dmytro Malynka StarWind Virtual SAN Product Manager
We’ve got you covered! StarWind Virtual SAN (VSAN) is specifically designed to provide highly-available shared storage for Hyper-V, vSphere, and KVM clusters. With StarWind VSAN, simplicity is key: utilize the local disks of your hypervisor hosts and create shared HA storage for your VMs. Interested in learning more? Book a short StarWind VSAN demo now and see it in action!