Share via

Azure Front Door Health Probe Marking Backend as Healthy Despite 4XX Response

Shivaji Chate 0 Reputation points
2025-02-27T11:43:04.8166667+00:00

I’m facing an issue with Azure Front Door (AFD) health probes where a backend is returning a 403 response, but AFD still considers it healthy. This is causing unexpected routing behavior, as traffic continues to be sent to an unhealthy backend instead of failing over to the next priority endpoint.

Issue Details:

  • If I stop an Azure App Service or something goes wrong with the application, the backend sometimes responds with a 403 status code instead of a connection failure.
  • AFD health probes do not treat 403 as a failure, so it keeps routing traffic to this backend.
  • Expected behavior: AFD should recognize 403 as an unhealthy response and fail over to the next available backend.

Questions:

  1. How can I configure AFD to treat a 403 response as unhealthy?
  2. Is there a way to customize the status codes that AFD considers for backend health?
  3. **What are the best practices to ensure proper failover when an application is not responding correctly?**I’m facing an issue with Azure Front Door (AFD) health probes where a backend is returning a 403 response, but AFD still considers it healthy. This is causing unexpected routing behavior, as traffic continues to be sent to an unhealthy backend instead of failing over to the next priority endpoint. Issue Details:
    • If I stop an Azure App Service or something goes wrong with the application, the backend sometimes responds with a 403 status code instead of a connection failure.
    • AFD health probes do not treat 403 as a failure, so it keeps routing traffic to this backend.
    • Expected behavior: AFD should recognize 403 as an unhealthy response and fail over to the next available backend.
    Questions:
    1. How can I configure AFD to treat a 403 response as unhealthy?
    2. Is there a way to customize the status codes that AFD considers for backend health?
    3. What are the best practices to ensure proper failover when an application is not responding correctly?
Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
776 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rohith Vinnakota 3,000 Reputation points Microsoft External Staff
    2025-02-28T00:28:06.2833333+00:00

    Hi @Shivaji Chate,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I did a lab at the end and tested this scenario. I created two App Services and added them behind Front Door. Then, I stopped one of the App Services. I am also facing the same issue—traffic did not go to the healthy origin; instead, it redirected to the unhealthy origin.

    I resolved this issue by setting the latency sensitivity property to 0

    User's image

    The latency sensitivity property is by default set to 0, which means that the request will always be forwarded to the fastest backend.

    User's image

    Is there a way to customize the status codes that AFD considers for backend health?

    No, It's not possible
    User's image

    Refer this document: https://learn.microsoft.com/en-us/azure/frontdoor/health-probes#health-probe-responses

    I hope this has been helpful!

    Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered.

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
    User's image

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.