Front Door
Overview
{
"frontdoor": {
"name": "fd-strobile-{env}",
"endpoints": [
{
"name": "cdne-st-strobile-{env}",
"routes": [
{
"name": "st-route-strobile-{env}",
"patterns": ["/*", "/strobile/*", "/strobile/albero/"],
"@rule_set_names": ["rsstrobile{env}"],
"@origin_group_name": "og-strobile-{env}",
"caching": {
"compression": {
"kind": "Explicit",
"types_to_compress": ["text/js"]
},
"query_string_caching_behavior": "IgnoreQueryString"
},
"enabled": true,
"forwarding_protocol": "HttpsOnly",
"https_redirect": true,
"link_to_default_domain": true,
"origin_path": "/",
"@custom_domains": [
"name-of-custom-domain"
]
}
]
}
],
"origin_groups": [
{
"name": "og-strobile-{env}",
"origins": [
{
"name": "st-origin-group",
"@web_app_name": "web-app-{env}",
"type": "WebApp",
"prority": 1,
"weight": 1000
}
],
"health_probe": {
"path": "/",
"interval": 30,
"protocol": "Http",
"request_type": "Head"
},
"load_balancing": {
"additional_latency_milliseconds": 50,
"sample_size": 4,
"successful_samples_required": 3
}
}
],
"rule_sets": [
{
"name": "rsstrobile{env}",
"rules": [
{
"name": "rs-strobile-{env}-rule-CORS",
"actions": [
{
"type": "RouteConfigurationOverride",
"cache": {
"HonorOrigin": {
"compression": true,
"query_parameters": [
"strobile",
"albero"
],
"query_string_behavior": "IgnoreQueryString"
}
},
"origin_group": {
"origin_group_name": "og-strobile-{env}",
"protocol": "HttpOnly"
}
}
],
"conditions": [
{
"type": "RequestHeader",
"operator": "Equal",
"selector": "x-company-code",
"match_values": ["strobile"],
"transforms": ["Uppercase"]
}
],
"order": 0
}
]
}
],
"custom_domains": [
{
"type": "External",
"name": "name-of-custom-domain"
}
],
"sku": "Standard",
"external": false,
"resource_group_name": "my-rg-name",
"tags": { "example": "S0" }
}
}
Front Door Reference
| Key | Type | Description |
|---|
name (required) | string | The name of the Front Door (see how to name) |
endpoints (required) | Endpoints | Logical group where you can associate one or more routes |
origin_groups (required) | Origin Groups | Set of origins that receives similar traffic for their application |
rule_sets (required) | Rule Sets | Customized rules engine that groups a combination of rules into a single set |
sku (required) | string | The SKU of the Front Door (defaults to Standard) |
location | string | Resource Location (defaults to the resource group location) |
external | bool | A reference to an Front Door (defaults to false) |
resource_group_name | string | The name of the resource group where the resource is located, only with external resources (defaults to the resource group of the deployment) |
tags | object | Additional tags for the resource (defaults to no additional tags) |
Endpoints
| Key | Type | Description |
|---|
name (required) | string | The name of the endpoint |
routes (required) | Routes | URL mapping or origin groups |
Routes
| Key | Type | Description |
|---|
name (required) | string | The name of the route |
patterns (required) | array | The route patterns of the rule |
@rule_set_names (required) | array | The list of existing rulesets to apply to the route |
@origin_group_name (required) | string | The name of the origin group to use |
caching | Caching | The caching configuration (defaults to no caching) |
enabled | bool | Whether the route is enabled or not (defaults to true) |
forwarding_protocol | string | The protocol to use when forwarding traffic to backend (defaults to HttpsOnly) |
https_redirect | bool | Specify whether HTTPS is enforced for the incoming request with HTTP request |
link_to_default_domain | bool | Whether this route will be linked to the default endpoint domain (defaults to true) |
origin_path | string | This path is used to rewrite the URL that Azure Front Door will use when constructing the request forwarded to the origin |
Caching
| Key | Type | Description |
|---|
compression | Compression | Compression for the route, defaults to disabled |
query_string_caching_behavior (required) | QueryBehavior | Control how files are cached for a web request that contains a query string |
Compression
| Key | Type | Description |
|---|
kind (required) | string | The kind of the compression, All or Explicit |
types_to_compress | array | The list of MIME types to compress if you selected Explicit |
QueryBehavior
| Key | Description |
|---|
IgnoreQueryString | Query strings aren’t considered when the cache key gets generated |
IgnoreSpecifiedQueryStrings | Query strings specified in the parameters get excluded when the cache key gets generated |
IncludeSpecifiedQueryStrings | Query strings specified in the parameters get included when the cache key gets generated |
UseQueryString | Each unique URL has its own cache key |
OriginGroups
For a better understanding about the Origin Groups, see this link
Origins
| Key | Type | Description |
|---|
name (required) | string | The name of the origin |
type (required) | Type | The type of the origin |
priority | int | Assign priorities to your different backends when you want to use a primary service backend for all traffic (defaults to the order of the origin group) |
weight | int | Assign weights to your different backends to distribute traffic across a set of backends, either evenly or according to weight coefficients (defaults to 1000) |
For a better understanding about the priority, see this link
For a better understanding about the weight, see this link
Type
FunctionApp
| Key | Description |
|---|
function_app_name(required) | The name of the function app |
Http
| Key | Description |
|---|
host_name(required) | The hostname of the publicly available service you want to route to |
Ip
| Key | Description |
|---|
ip_address (required) | The public IPv4 address of the service you want to route to |
Storage
| Key | Description |
|---|
storage_account_name (required) | The name of the storage account |
WebApp
| Key | Description |
|---|
web_app_name (required) | The name of the web app |
HealthProbe
| Key | Description |
|---|
path (required) | The path to use for the health probe (default is /) |
interval | The number of seconds between health probes (defaults to 30 seconds) |
protocol | Protocol scheme to use for this probe (defaults to HTTP) |
request_type | The request type to use for the health probe (defaults to HEAD) |
LoadBalancing
| Key | Description |
|---|
additional_latency_milliseconds | The additional latency in milliseconds for probes to fall into the lowest latency bucket (defaults to 50) |
sample_size | The number of samples to consider for load balancing decisions (defaults to 4 ) |
successful_samples_required | The number of samples within the sample period that must succeed (defaults to 3) |
RuleSets
| Key | Description |
|---|
name (required) | The name of the rule set |
rules (required) | Rules |
Rules
| Key | Description |
|---|
name (required) | The name of the rule |
actions (required) | Actions |
conditions (required) | Conditions |
order(required) | The order for the rules, the most important starts with 0 |
Actions
Depending on the enum variant chosen, the following properties are required:
ActionType
CacheExpiration
| Key | Description |
|---|
behaviour (required) | BypassCache, Override or SetIfMissing |
duration (required) | object{} |
CacheKeyQueryString
| Key | Description |
|---|
behaviour (required) | Exclude, ExcludeAll, Include or IncludeAll |
parameters (required) | Query parameters to include or exclude |
| Key | Description |
|---|
action (required) | Append, Delete, or Overwrite |
name (required) | The name of the header to modify |
value (required) | The value of the header to modify |
| Key | Description |
|---|
action (required) | Append, Delete, or Overwrite |
name (required) | The name of the header to modify |
value (required) | The value of the header to modify |
OriginGroupOverride
| Key | Description |
|---|
origin_group_name (required) | The name of the origin group. The origin group must be defined in the same profile |
RouteConfigurationOverride
Cache
HonorOrigin
| Key | Description |
|---|
compression | boolean |
query_parameters (required) | Query parameters to include or exclude |
query_string_behavior (required) | QueryBehavior |
OverrideAlways
| Key | Description |
|---|
compression | boolean |
duration (required) | object{} |
query_parameters (required) | Query parameters to include or exclude |
query_string_behavior (required) | QueryBehavior |
OverrideIfOriginMissing
| Key | Description |
|---|
compression | boolean |
duration (required) | object{} |
query_parameters (required) | Query parameters to include or exclude |
query_string_behavior (required) | QueryBehavior |
RouteOverrideOriginGroup
| Key | Description |
|---|
origin_group_name | The name of the origin group |
protocol | Http, Https or MatchRequest |
UrlRedirect
| Key | Description |
|---|
redirect_type (required) | Found, Moved, PermanentRedirect or TemporaryRedirect |
custom_hostname | Host to redirect. This part is the page link to scroll to inside the page. Leave empty to use the incoming host as the destination host |
custom_path | The full path to redirect. The path cannot be empty and must start with /. Leave empty to use the incoming path as the destination path. |
custom_query_string | The set of query strings to be placed in the redirect URL. This would replace any existing query string; leave it empty to preserve the incoming query string |
destination_protocol | Http, Https or MatchRequest |
fragment | Fragment to add to the redirect URL |
UrlRewrite
| Key | Description |
|---|
destination (required) | Define the relative URL to which the above requests will be rewritten by |
source_pattern | Define a request URI pattern that identifies the type of requests that may be rewritten. Defaults to all strings matched |
unmatched_path | Whether to preserve an unmatched path, defaults to true |
UrlSigning
| Key | Description |
|---|
indicator (required) | Expires, KeyId or Signature |
name (required) | Indicates the purpose of the parameter |
| Key | Description |
|---|
match_values (required) | One or more string values representing the value of the request header to match. If multiple values are specified, they’re evaluated using OR logic |
operator (required) | All operators from the standard operator list are supported. However, the Any match condition matches every request, and the Not Any match condition doesn’t match any request, when used with the request file name match condition |
transforms (required) | Any transform from the standard string transforms list |
type(required) | |
negate_conditions | Whether to negate the condition (defaults to false) |
Conditions
ConditionsType
ClientPort
| Key | Description |
|---|
operator (required) | All operators from the standard operator list are supported. However, the Any match condition matches every request, and the Not Any match condition doesn’t match any request |
match_values (required) | One or more port numbers, expressed as integers. If multiple values are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
Cookies
| Key | Description |
|---|
selector (required) | A string value representing the name of the cookie |
operator (required) | All operators from the standard operator list are supported |
match_values (required) | One or more string or integer values representing the value of the request header to match. If multiple values are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
HostName
| Key | Description |
|---|
operator (required) | All operators from the standard operator list are supported |
match_values (required) | One or more string or integer values representing the value of the request header to match. If multiple values are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
HttpVersion
| Key | Description |
|---|
operator (required) | Equal, use the negate_condition to specifiy the operator Not Equal |
match_values (required) | 2.0, 1.1, 1.0 or 0.9 |
transforms (required) | Any case transform |
negate_condition | boolean |
IsDevice
| Key | Description |
|---|
operator (required) | Equal, use the negate_condition to specifiy the operator Not Equal |
match_values (required) | Mobile or Desktop |
transforms (required) | Any case transform |
negate_condition | boolean |
PostArgs
| Key | Description |
|---|
operator (required) | All operators from the standard operator list are supported |
selector (required) | A string value representing the name of the POST argument |
match_values (required) | One or more string or integer values representing the value of the POST argument to match. If multiple values are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
QueryString
| Key | Description |
|---|
operator (required) | All operators from the standard operator list are supported. However, the Any match condition matches every request, and the Not Any match condition doesn’t match any request |
match_values (required) | One or more string or integer values representing the value of the query string to match. Don’t include the ? at the start of the query string. If multiple values are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
RemoteAddress
| Key | Description |
|---|
operator (required) | GeoMatch and IPMatch. Use the negateCondition property to specify Geo Not Match or IP Not Match |
match_values (required) | For the IP Match or IP Not Match operators: specify one or more IP address ranges. If multiple IP address ranges are specified, they’re evaluated using OR logic. For the Geo Match or Geo Not Match operators: specify one or more locations using their country code |
transforms (required) | Any case transform |
negate_condition | boolean |
RequestBody
| Key | Description |
|---|
operator (required) | All operators from the standard operator list are supported. However, the Any match condition matches every request, and the Not Any match condition doesn’t match any request |
match_values (required) | One or more string or integer values representing the value of the request body text to match. If multiple values are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
| Key | Description |
|---|
operator (required) | All operators from the standard operator list are supported |
selector (required) | Name of the header to be matched |
match_values (required) | One or more string or integer values representing the value of the request header to match. If multiple values are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
RequestMethod
| Key | Description |
|---|
operator (required) | Equal, use the negate_condition to specifiy the operator Not Equal |
match_values (required) | GET, POST, PUT, DELETE, HEAD, OPTIONS or TRACE. If multiple values are specified, they`re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
RequestScheme
| Key | Description |
|---|
operator (required) | Equal, use the negate_condition to specifiy the operator Not Equal |
match_values (required) | HTTP or HTTPS |
transforms (required) | Any case transform |
negate_condition | boolean |
RequestUri
| Key | Description |
|---|
operator (required) | All operators from the standard operator list are supported. However, the Any match condition matches every request, and the Not Any match condition doesn’t match any request |
match_values (required) | One or more string or integer values representing the value of the request URL to match. If multiple values are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
ServerPort
| Key | Description |
|---|
operator (required) | All operators from the standard operator list are supported. However, the Any match condition matches every request, and the Not Any match condition doesn’t match any request |
match_values (required) | A port number, must be either 80 or 443. If multiple values are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
SocketAddress
| Key | Description |
|---|
operator (required) | IPMatch, use the negate_condition to specifiy the operator Not IP Match |
match_values (required) | Specify one or more IP address ranges. If multiple IP address ranges are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
SSLProtocol
| Key | Description |
|---|
operator (required) | Equal, use the negate_condition to specifiy the operator Not Equal |
match_values (required) | TLSv1, TLSv1.1 or TLSv1.2 |
transforms (required) | Any case transform |
negate_condition | boolean |
URLFileExtension
| Key | Description |
|---|
operator (required) | All operators from the standard operator list are supported. However, the Any match condition matches every request, and the Not Any match condition doesn’t match any request |
match_values (required) | One or more string or integer values representing the value of the request file extension to match. Don’t include a leading period. If multiple values are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
URLFileName
| Key | Description |
|---|
operator (required) | All operators from the standard operator list are supported. However, the Any match condition matches every request, and the Not Any match condition doesn’t match any request |
match_values (required) | One or more string or integer values representing the value of the request file name to match. If multiple values are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
URLPath
| Key | Description |
|---|
operator (required) | All operators from the standard operator list are supported. However, the Any match condition matches every request, and the Not Any match condition doesn’t match any request. For Wildcard use the negate_condition property to specify Not Wildcards |
match_values (required) | One or more string or integer values representing the value of the request path to match. If you specify a leading slash, it’s ignored. If multiple values are specified, they’re evaluated using OR logic |
transforms (required) | Any case transform |
negate_condition | boolean |
See detailed information about the matching conditions here