Azure Front Door Reverse Proxy 403 Forbidden

Overview

After verifying a new self managed certificate custom domain utilising Azure Front Door as a Reverse proxy, a 403 Forbidden error is seen from Cloudflare despite the cname-api-key header being passed in requests.

Applies To

  • Self-managed custom domains
  • Azure Front Door

Cause

This can be caused by an incorrect host header being sent in requests, if not specified it will normally default to the host name in use by the request, but this needs to be overridden.

Solution

Make sure in the Azure Front Door configuration that the field “origin host header” is set to the value of the “Origin Domain Name” provided in the Auth0 Tenant Dashboard when verifying the new custom domain:


Related Azure documentation here: Configure the origin host header for the origin