Overview
After verifying a new self managed certificate custom domain utilising Azure Front Door as a Reverse proxy, a 403 Forbidden error is seen from Cloudflare despite the cname-api-key header being passed in requests.
Applies To
- Self-managed custom domains
- Azure Front Door
Cause
This can be caused by an incorrect host header being sent in requests, if not specified it will normally default to the host name in use by the request, but this needs to be overridden.
Solution
Make sure in the Azure Front Door configuration that the field “origin host header” is set to the value of the “Origin Domain Name” provided in the Auth0 Tenant Dashboard when verifying the new custom domain:
Related Azure documentation here: Configure the origin host header for the origin