You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/frontdoor/front-door-faq.yml
+20-1Lines changed: 20 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -127,6 +127,10 @@ sections:
127
127
Can AFD provide protection from ‘HTTP/2 Rapid Reset’ DDoS attacks?
128
128
answer: |
129
129
Yes. For more information, see [Microsoft response to DDoS attacks against HTTP/2](front-door-ddos.md).
130
+
- question: |
131
+
Can I force traffic from one country to use a specific Azure Front Door POP in another country?
132
+
answer: |
133
+
No. Azure Front Door can't force client traffic to a specific POP. Requests are routed to the nearest available edge location for performance and reliability. If you need to restrict access by geography, use Azure Web Application Firewall (WAF) custom rules with `GeoMatch` conditions. This approach allows or blocks requests based on client country, but it doesn't reroute those clients to a different POP in another country. For example, if you block Country A, requests from clients in Country A are blocked regardless of which POP would have served them. For more information, see [Geo-filtering in Azure WAF for Azure Front Door](../web-application-firewall/afds/waf-front-door-geo-filtering.md).
130
134
- question: |
131
135
Does Azure Front Door preserve `x-forwarded-for` headers?
132
136
answer: |
@@ -138,6 +142,21 @@ sections:
138
142
answer: |
139
143
To use Azure Front Door Standard, or (classic) tier, you need a public IP or a DNS name that can be resolved publicly. This requirement of a public IP or a DNS name that can be resolved publicly allows Azure Front Door to route traffic to your backend resources. You can use Azure resources like Application Gateways or Azure Load Balancers to route traffic to resources in a virtual network. If you use Front Door Premium tier, you can use Private Link to connect to origins behind an internal load balancer with a private endpoint. For more information, see [Secure origins with Private Link](private-link.md).
140
144
145
+
- question: |
146
+
Can I use Private Link to connect Azure Front Door to Azure Key Vault?
147
+
answer: |
148
+
No. For security, Azure Front Door supports only managed identity-based authentication when accessing certificates in Key Vault. For more information, see [Use managed identities in Azure Front Door](managed-identity.md).
149
+
150
+
- question: |
151
+
Does Azure Front Door support managed identity with Azure Event Hub?
152
+
answer: |
153
+
No. Azure Front Door doesn't currently support managed identity integration with Azure Event Hub.
154
+
155
+
- question: |
156
+
Does Azure Front Door support custom error pages?
157
+
answer: |
158
+
No. Azure Front Door doesn't currently support custom error pages.
159
+
141
160
- name: Deploying Front Door with other services
142
161
questions:
143
162
- question: |
@@ -244,7 +263,7 @@ sections:
244
263
- question: |
245
264
Azure Front Door Privatelink integration is not supported in the region where my origin is located. What do I do?
246
265
answer: |
247
-
Azure Front Door Private Link feature is region agnostic and will work even if you choose a region that is different from the region where your origin is located. In such cases, to ensure lower latency, you should always pick an Azure region closest to your origin when choosing to enable Azure Front Door Private Link endpoint. We are in the process of enabling support for more regions. Once a new region is supported, you can follow these [instructions](blue-green-deployment.md) to gradually shift traffic to the new region.
266
+
The Azure Front Door Private Link feature is region agnostic but for the best latency, you should always pick an Azure region closest to your origin when choosing to enable Azure Front Door Private Link endpoint. If your origin's region isn't supported in the list of regions Front Door Private Link supports, pick the next nearest region. Traffic flows from the client to the Azure Front Door Private Link endpoint in the supported region, then traverses the Microsoft backbone network to your origin, maintaining private connectivity. Be aware that this configuration introduces additional latency due to the extra network hop between regions. You can use [Azure network round-trip latency statistics](../networking/azure-network-latency.md) to determine the additional latency due to choosing the next nearest region. Once a new region is supported, you can follow these [instructions](blue-green-deployment.md) to gradually shift traffic to the new region.
Copy file name to clipboardExpand all lines: articles/frontdoor/private-link.md
+6-1Lines changed: 6 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -72,7 +72,12 @@ Azure Front Door private link is available in the following regions:
72
72
| US Sec East ||||
73
73
| US Sec West ||||
74
74
75
-
The Azure Front Door Private Link feature is region agnostic but for the best latency, you should always pick an Azure region closest to your origin when choosing to enable Azure Front Door Private Link endpoint. If your origin's region isn't supported in the list of regions Front Door Private Link supports, pick the next nearest region. You can use [Azure network round-trip latency statistics](../networking/azure-network-latency.md) to determine the next nearest region in terms of latency. We are in the process of enabling support for more regions. Once a new region is supported, you can follow these [instructions](blue-green-deployment.md) to gradually shift traffic to the new region.
75
+
> [!NOTE]
76
+
> Azure Front Door Private Link is only available in regions with Availability Zone support. This is to ensure zonal resiliency for region based feature like Private link.
77
+
78
+
The Azure Front Door Private Link feature is region agnostic but for the best latency, you should always pick an Azure region closest to your origin when choosing to enable Azure Front Door Private Link endpoint. If your origin's region isn't supported in the list of regions Front Door Private Link supports, pick the next nearest region. Traffic flows from the client to the Azure Front Door Private Link endpoint in the supported region, then traverses the Microsoft backbone network to your origin, maintaining private connectivity. Be aware that this configuration introduces additional latency due to the extra network hop between regions.
79
+
80
+
You can use [Azure network round-trip latency statistics](../networking/azure-network-latency.md) to determine the additional latency due to choosing the next nearest region. Once a new region is supported, you can follow these [instructions](blue-green-deployment.md) to gradually shift traffic to the new region.
76
81
77
82
## Association of a private endpoint with an Azure Front Door profile
0 commit comments