Brett Andrew 29th May 2023
We have been using Azure Front Door for Mition for 4 years now, recently we added a new App Service to our Azure Front Door and missed one small configuration step that caused an immense headache, customers who accessed the site via HTTP: (not HTTPS:) were being directed permanently to the app services URL name (or origin) domain, so a completely different site than what the user expected.
If you are getting users on your site occasionally getting a permanent redirect (301) to the Origin server (i.e. the app service name) rather than remaining on the domain the users arrived in at on the Azure Front Door service. Then this might be the same cause.
Turn off HTTPS only, you have to manage this through either the front door (to redirect to SSL) or via web.config.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<!--
During deployment to Azure, this file is used a the base and elements are added to make the system run in Azure IIS
To customize the asp.net core module uncomment and edit the following section.
For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
<system.webServer>
<rewrite>
<rules>
<rule name="Permanent HTTP to HTTPS Redirect for Azure Front Door" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_X_FORWARDED_HOST}" pattern="(.*[^/])?$" />
</conditions>
<action type="Redirect" url="https://{HTTP_X_FORWARDED_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>What was happening was the URL was arriving at the App Service and redirecting to the origin address, where this below web.config solution instead lets the traffic arrive for non-ssl traffic, detects that https is missing and redirects them to the correct destination (we have hundreds of different destinations arrive at the same front door) and we use the URL to determine which customer is being accessed.
This solves the issue of new users, but what about the potential hundreds of users who have now been redirected permanently using a 301?
To solve the 301 permanent redirects, we made a site live that ran some javascript to redirect users back to the referral URL. Here is the sample code and message we left for users who arrived here without the a referrer.
<script>
function getReferralUrl() {
return document.referrer;
}
var tmp = getReferralUrl();
if (tmp && tmp !== window.location.href) {
window.location.href = tmp + '?tmp';
}
</script>
Powered by mition