AFD custom domain redirects to the origin host name (App service)

@Mircea Gherasim ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand that you would like to know why you are redirected to the App service URL when you access the Azure Front Door custom domain in your browser.

This is a known issue with reverse proxy and multitenant PaaS services.

Multitenant PaaS services often require a registered and validated host name in order to route an incoming request to the appropriate tenant's back-end server. This is because there's typically a shared pool of load balancers that accept incoming requests for all tenants. The tenants commonly use the incoming host name to look up the correct back end for the customer tenant.

To make it easy to get started, these platforms typically provide a default domain that's preconfigured to route traffic to your deployed instance. For App Service, this default domain is azurewebsites.net. Each web app that you create gets its own subdomain, for example, contoso.azurewebsites.net.

Having a different host name at the reverse proxy (in our case, Azure Front Door) than the one that's provided to the back-end application server can lead to cookies or redirect URLs that don't work properly. For example, session state can get lost, authentication can fail, or back-end URLs can inadvertently be exposed to end users. This is what is happening in your case.

Refer: https://video2.skills-academy.com/en-us/azure/architecture/best-practices/host-name-preservation

The recommended solution for this issue is to preserve the original HTTP host name when you use a reverse proxy in front of a web application.

Refer: https://video2.skills-academy.com/en-us/azure/architecture/best-practices/host-name-preservation#implementation-guidance-for-common-azure-services

Back-end configuration or the changes required on your web app/App service:

Since you are using an App Service, you can attach a custom domain name to the web app and avoid using the default azurewebsites.net host name towards the back end. You don't need to change your DNS resolution when you attach a custom domain to the web app: you can verify the domain by using a TXT record without affecting your regular CNAME or A records. (These records will still resolve to the IP address of the reverse proxy/Azure Front Door.)

Refer: https://video2.skills-academy.com/en-us/azure/architecture/best-practices/host-name-preservation#back-end-configuration

Reverse proxy configuration or changes required on your Azure Front Door:

If you use Azure Front Door Classic, you can avoid overriding the host name by leaving the back-end host header blank in the back-end pool definition.

If you use Azure Front Door Standard or Premium, you can preserve the host name by leaving the origin host header blank in the origin definition.

Refer: https://video2.skills-academy.com/en-us/azure/architecture/best-practices/host-name-preservation#reverse-proxy-configuration

https://video2.skills-academy.com/en-us/azure/architecture/best-practices/host-name-preservation#azure-front-door

Once you make the above changes, your Azure Front Door custom domain will not redirect to the origin host name (App service) anymore.

Kindly let us know if the above helps or you need further assistance on this issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.