azurerequest-headersazure-front-door

Azure Frontdoor is Overwriting XFF header


I am trying to set up an Azure Front Door before requests reach my api.

The flow I have imagined mydomain.com -> AFD -> fdsub.mydomain.com

If i call fdsub.mydomain.com directly, the XFF looks fine. However, when i go through AFD custom domain, the XFF header is overwritten (i see 2 MS data center ips) and the XFF header that was before the AFD is moved to X-Original-Forwarded-For.

In addition to this, when going through the front door, the x-azure-clientip seems to be set correctly as opposed to the XFF header.

According to the Microsoft documentation, AFD should only append to my XFF and not tinker by removing the original XFF header.

Any help would be deeply appreciated.


Solution

  • I managed to figure out the issue.

    The problem was before the AFD. My Nginx controller and ingress did not have the correct configuration set. Meaning my headers were not being forwarded at all from mydomain.com to AFD.

    I have added: use-forwarded-headers: 'true' to my nginx controller configmap and that seems to have resolved the problem.

    Thanks to this previous post, i managed to get back on track.

    Sorce IP with Azure Front Door and Ingress-nginx