Hello Oleg ,
Issue --> what is a correct way to monitor sites protected by the AFD?
Solution --> there is no native Azure solution to monitor web apps protected by AFD if caching is enabled and configured with no restrictions or exclusion but we can have below work around solutions
- Enabled diagnostic logging on AFD and create alert based on the custom query but it is not in context with Tests
AzureDiagnostics | where TimeGenerated > ago(5m) | where Category == "FrontDoorAccessLog" //| where httpStatusCode_s == 403 | where httpStatusCode_s != "200" | where requestUri_s matches regex "https://portal.company.com*" | summarize Count=count() by httpStatusCode_s | where Count > 2
- Custom Monitoring Endpoint: Implement a custom monitoring endpoint within your web application that provides a simple health check response. This endpoint should return a status code indicating the health of your application (e.g., 200 for healthy, 5xx for errors). Then, configure your availability test to target this custom monitoring endpoint instead of the main application URL. This approach allows you to bypass caching and obtain real-time health status directly from your application
- Adjust Cache-Control Headers: Configure appropriate Cache-Control headers for your web application responses to control caching behavior at the Azure Front Door level. By setting shorter cache durations or disabling caching for sensitive endpoints, you can ensure that Azure Front Door serves fresh content and accurately reflects the availability of your application. Please check and try and let us know, kindly accept if it helps
Kindly accept answer , if it helps , Thanks!