Azure Front Door — Level-5 Load Balancer + WAF + Content Caching

Azure front door provides comprehensive tools for managing the load balancing between the different back-end services, along with integrated web application firewall policies, session affinity, and most importantly the content delivery acceleration. In simple terms, the Azure front door provides everything a web site to be secured, faster, and efficient.

Front end (multi domain\sites)

Azure front door can manage multiple domains (multiple websites) in a single instance, which is comparatively cost-efficient. It comes from one default domain <instance name>.azurefd.net and additional custom domains can be added & configured as a CNAME to the default domain.

TLS \ SSL Offloading

TLS / SSL Configuration

Azure front door provides the ability to configure the HTTPS protocol. It currently supports TLS 1.0 and 1.2 and uses the custom SSL certificates. But the SSL certificates must be set up in the Key Vault and Azure Front Door application must have access to the key vault. Note that the Azure Front Door Service has to be registered in the AAD.

Web application Firewall

Web application firewall policies support both prevention and detection modes. It provides the ability to redirect the blocked request to a different URL or set custom code & messages. It comes with standard WAF rules and also support custom rules.

Session Affinity

The front door provides a cookie-based affinity for web traffic. It routes the traffic to the same backend services based on the cookie set up by the front door.

Backend Pools

Front door support multiple back end services including the custom host, app services, API management, Public IP endpoints, Storage, etc. Both HTTP and HTTPS ports are configurable along with priority & weights as needed.

Health Probes

Configure the health probe for the load balancer to check the availability of the back-end resources. It supports only HTTP and HTTPS probe at predefined intervals. The back end availability can be determined by the number of successfully responses and also the time taken in milli-seconds

Routing Rules

It is the most important capability in the Front door, which helps build custom rules to configure the traffics based on the patterns. It provides the ability to select destination back end services or protocols based on the URL patterns. For example, the HTTP to HTTPS redirects can be configured using rules.

Rule Engine

It’s a new capability that is included in the front door services, which provide the ability to configure multiple rules and actions. The rule condition can be based on the device type, query-string, request body, file extension, headers, etc. The rule actions can set the request header, response header, and completely override the routing options.

Caching & Dynamic Compression

Dynamically compress the static files such as CSS, JS, etc. Also, cache the web pages and static contents \ images based on the URL pattern and query strings. The cache durations are configurable by days, hours, minutes and seconds