| author | halkazwini |
|---|---|
| ms.author | halkazwini |
| ms.service | azure-frontdoor |
| ms.topic | include |
| ms.date | 03/24/2026 |
| ms.custom | include file |
- In addition to the following limits, there are composite limit on the number of routing rules, front-end domains, protocols, and paths.
| Resource | Classic tier limit |
|---|---|
| Azure Front Door resources per subscription | 100 |
| Front-end hosts, which include custom domains per resource | 500 |
| Routing rules per resource | 500 |
| Rules per Rule set | 25 |
| Back-end pools per resource 2 | 50 |
| Back ends per back-end pool | 100 |
| Path patterns to match for a routing rule | 25 |
| URLs in a single cache purge call | 100 |
| Maximum bandwidth 1 | 75 Gbps |
| Maximum requests per second per profile 1 | 100,000 |
| HTTP header size limit (per header) | 64 KB |
| Custom web application firewall rules per policy | 100 |
| Web application firewall policy per subscription | 100 |
| Web application firewall match conditions per custom rule | 10 |
| Web application firewall IP address ranges per custom rule | 600 |
| Web application firewall string match values per match condition | 10 |
| Web application firewall string match value length | 256 |
| Web application firewall POST body parameter name length | 256 |
| Web application firewall HTTP header name length | 256 |
| Web application firewall cookie name length | 256 |
| Web application firewall exclusion limit | 100 |
| Web application firewall HTTP request body inspection limit | 128 KB |
| Web application firewall custom response body length | 32 KB |
1 If the traffic isn't globally distributed and concentrated in one or more regions, or if a higher quota limited is need, create an Azure support request.
2 To request a limit increase, create an Azure Support request. Free subscriptions including Azure Free Account and Azure for Students aren't eligible for limit or quota increases. If you have a free subscription, you can upgrade to a Pay-As-You-Go subscription.
- Maximum of 500 total Standard and Premium profiles per subscription.
- In addition to the following limits, there are composite limit on the number of routes, domains, protocols, and paths.
| Resource | Standard tier limit | Premium tier limit |
|---|---|---|
| Maximum profiles per subscription | 500 | 500 |
| Maximum endpoint per profile | 10 | 25 |
| Maximum custom domain per profile | 100 | 500 |
| Maximum origin groups per profile | 100 | 200 |
| Maximum origins per origin group | 50 | 50 |
| Maximum origins per profile | 100 | 200 |
| Maximum origin timeout | 16 - 240 secs | 16 - 240 secs |
| Maximum routes per profile | 100 | 200 |
| Maximum rule set per profile | 100 | 200 |
| Maximum rules per route | 100 | 100 |
| Maximum rules per rule set | 100 | 100 |
| Maximum bandwidth 1 | 75 Gbps | 75 Gbps |
| Maximum requests per second per profile 1, 2 | 100,000 | 100,000 |
| Maximum concurrent WebSocket connections per profile 3 | 3,000 | 3,000 |
| Path patterns to match for a routing rule | 25 | 50 |
| URLs in a single cache purge call | 100 | 100 |
| Maximum security policy per profile | 100 | 200 |
| Maximum associations per security policy | 110 | 225 |
| Maximum secrets per profile | 100 | 500 |
| Maximum key groups per profile | 100 | 200 |
| HTTP header size limit (per header) | 64 KB | 64 KB |
| Web Application Firewall (WAF) policy per subscription | 100 | 100 |
| WAF custom rules per policy | 100 | 100 |
| WAF match conditions per custom rule | 10 | 10 |
| WAF custom regex rules per policy | 5 | 5 |
| WAF IP address ranges per match conditions | 600 | 600 |
| WAF string match values per match condition | 10 | 10 |
| WAF string match value length | 256 | 256 |
| WAF POST body parameter name length | 256 | 256 |
| WAF HTTP header name length | 256 | 256 |
| WAF cookie name length | 256 | 256 |
| WAF exclusion per policy | 100 | 100 |
| WAF HTTP request body and file upload inspection limit | 128 KB | 128 KB |
| WAF custom response body length | 32 KB | 32 KB |
1 If the traffic isn't globally distributed and concentrated in one or more regions, or if a higher quota limit is needed, create an Azure support request.
2 There's currently a 5,000 requests per second per POP limit for each Front Door profile. Beyond this limit, the POP location will drop connections. If requests are concentrated in one of more regions and exceed this limit, you can request a higher POP limit by submitting an Azure support request.
3 If you need more than 3,000 concurrent WebSocket connections, submit an Azure support request.
- Header timeout - After establishing TCP/TLS connection, Front Door has a 5-second timeout for receiving all headers from the client. The connection is terminated if the client doesn't send headers within 5 seconds. You can't configure this timeout value.
- HTTP keep-alive timeout - Front Door has a 90-second HTTP keep-alive timeout. The connection is terminated if the client doesn't send data for 90 seconds. You can't configure this timeout value.
-
After the HTTP request gets forwarded to the back end, Azure Front Door waits for 60 seconds (Standard and Premium) or 30 seconds (classic) for the first packet from the back end. Then it returns a 503 error to the client, or 504 for a cached request. You can configure this value using the originResponseTimeoutSeconds field in Azure Front Door Standard and Premium API, or the sendRecvTimeoutSeconds field in the Azure Front Door (classic) API.
-
After the back end receives the first packet, if the origin pauses for any reason in the middle of the response body beyond the originResponseTimeoutSeconds or sendRecvTimeoutSeconds, the response is canceled.
-
Front Door takes advantage of HTTP keep-alive to keep connections open for reuse from previous requests. These connections have an idle timeout of 90 seconds. Azure Front Door would disconnect idle connections after reaching the 90-second idle timeout. This timeout value can't be configured.
| With chunked transfer encoding (CTE) | Without HTTP chunking | |
|---|---|---|
| Download | There's no limit on the download size. | There's no limit on the download size. |
| Upload | There's no limit as long as each CTE upload is less than 2 GB. | The size can't be larger than 2 GB. |
- Maximum URL size - 8,192 bytes - Specifies maximum length of the raw URL (scheme + hostname + port + path + query string of the URL)
- Maximum Query String size - 4,096 bytes - Specifies the maximum length of the query string, in bytes.
- Maximum HTTP response header size from health probe URL - 4,096 bytes - Specified the maximum length of all the response headers of health probes.
- Maximum rules engine action header value character: 640 characters.
- Maximum rules engine condition header value character: 256 characters.
- Maximum ETag header size: 128 bytes
- Maximum endpoint name for Standard and Premium: 46 characters.
For more information about limits that apply to Rules Engine configurations, see rules engine terminology.