![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 1%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKV%3C/text%3E%3C/svg%3E)
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
696 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Hi Khang Vo Duy
Greetings!
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
We recommend that you preserve the original HTTP host name when you use a reverse proxy in front of a web application. Having a different host name at the reverse proxy than the one that's provided to the back-end application server can lead to cookies or redirect URLs that don't work properly. For example, session state can get lost, authentication can fail, or back-end URLs can inadvertently be exposed to end users. You can avoid these problems by preserving the host name of the initial request so that the application server sees the same domain as the web browser.
This guidance applies especially to applications that are hosted in platform as a service (PaaS) offering like Azure App Service and Azure Spring Apps. This article provides specific implementation guidance for Azure Application Gateway, Azure Front Door, and Azure API Management, which are commonly used reverse proxy services.
NOTE: Web APIs are generally less sensitive to the problems caused by host name mismatches. They don't usually depend on cookies, unless you use cookies to secure communications between a single-page app and its back-end API, for example, in a pattern known as Backends for Frontends. Web APIs often don't return absolute URLs back to themselves, except in certain API styles, like Open Data Protocol (OData) and HATEOAS. If your API implementation depends on cookies or generates absolute URLs, the guidance provided in this article does apply.
If you require end-to-end TLS/SSL (the connection between the reverse proxy and the back-end service uses HTTPS), the back-end service also needs a matching TLS certificate for the original host name. This requirement adds operational complexity when you deploy and renew certificates, but many PaaS services offer free TLS certificates that are fully managed.
Refer: https://learn.microsoft.com/en-us/azure/architecture/best-practices/host-name-preservation#context
(OR)
- First you need to configure web app is the origin of the front door. Next, we need to add all custom domains in the front door.
- After we need to remove existing A records in DNS zone. you need to map CNAME record to front door in the DNS zone.
Refer: https://learn.microsoft.com/en-us/azure/frontdoor/how-to-configure-origin
If above is unclear and/or you are unsure about something add a comment below.
Please click Accept Answer and upvote if the above was helpful.
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.
Thanks.
Ganesh