question

Simone-9341 avatar image
0 Votes"
Simone-9341 asked ·

Which is the correct way to configure Azure CDN for public web sites with particular attention to SEO

Hi everyone,
something is not clear using Azure CDN.
I explain step by step what I have done since my website has been created. Call my website www.mypublicwebsite.com. So:

  1. I created a web app on Azure. The website has the following url: https://mypublicwebsite.azurewebsites.net;

  2. I created a custom domain www.mypublicwebsite.com

  3. I redirected all the request from https://mypublicwebsite.azurewebsites.net to www.mypublicwebsite.com. So I solved the problem of duplicated contents for crawlers.

Everything is fine. Then, I decided to create CDN, according the documentation. Here the confusion starts.

  1. I created the CDN profile

  2. I created the endpoint. The endpoint has a new url https://mypublicwebsite.azureedge.net

  3. I deleted the custom domain from web app;

  4. I created the custom domain in cdn profile.

So the current state is this:

74626-hx47m.png

This situation is really problematic for SEO. It cannot be the correct configuration. My contents are triplicated.
I partially solved the situation:

  1. I redirected all the request from https://mypublicwebsite.azureedge.net to www.mypublicwebsite.com. So I solved the problem of duplicated content for crawlers.

But crawler (and perhaps users?) can still navigate the origin web site. I have been looking for different solutions:

  • Make a redirect from https://mypublicwebsite.azurewebsites.net to www.mypublicwebsite.com. But this create a infinite redirects loop between the CDN and the origin.

  • Try to hide the origin, but how?

I am honestly starting thinking this is not the correct way to manage cdn. And what if I would also add Front Door? I would have another url again: https://mypublicwebsite.azurefd.net... I think I have not understood something.

Any help please?

Thank you


azure-webappsazure-cdn
hx47m.png (187.1 KiB)
· 2
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Simone-9341 Apologize for the delay in response. We are actively looking into this issue and will update you soon. Thank you!

0 Votes 0 ·

Ok, let me know if you need more information.

Thank you

0 Votes 0 ·
SaiKishor-MSFT avatar image
0 Votes"
SaiKishor-MSFT answered ·

@Simone-9341 Thank you for your patience while I was investigating this issue. I reproduced this setup and was seeing similar behavior i.e., I can still reach the origin website. So in order to fix that, you need to lock down your backend so that only CDN IPs can access it and nothing else. Please follow instructions as given in document to do the same.

Basically, you will be doing the following steps:

  1. Go to App Service --> Settings (on the left pane)--> Networking--> Access Restrictions - Configure Access Restrictions

  2. Add a rule to allow traffic from the 147.243.0.0/16 range (Azure CDN from Microsoft's IPv4 backend IP space: 147.243.0.0/16) with a lower priority example 100

  3. Block all other traffic i.e., traffic from 0.0.0.0/0 with a higher priority i.e., 200

This will block all traffic from accessing the origin directly and only allow CDN to reach it. Hope this fixes your issue. Please let me know if you have any further questions/concerns and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.







·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Simone-9341 avatar image
0 Votes"
Simone-9341 answered ·

Hi @SaiKishor-MSFT ,
I have just a concern... Are you sure that all the Azure CDN from Microsoft all over the world is included in that IP range?

Thank you

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Simone-9341 You can use the Service Tag: AzureFrontDoor.Backend for a more updated list of CDN backend IPs instead of this IP range (This service tag includes the given IP range as well). IP Ranges and Service tags for Microsoft services can be found here.

For Verizon POP IPs, you can use the REST API to retrieve the set of IPs- see Edge Nodes - List.

Hope this helps. Please let us know if you have any further questions. Thank you!

0 Votes 0 ·