I recently received the following email from Microsoft, with hard deadlines for banning domain fronting on existing and new Azure CDN services:
"Action required: Azure Front Door/Azure CDN blocking domain fronting
Please take action to stop domain fronting on your application before 8 November 2023 You're receiving this email because you currently use Azure Front Door or Azure CDN Standard from Microsoft (classic).
Since 29 April 2022, we've changed the behavior of Azure Front Door and Azure CDN from Microsoft to align with our commitment to stop allowing domain fronting behavior on our platform. With that change, we offered the option to enable blocking domain fronting for existing or newly created Azure Front Door, Azure Front Door (classic) and Azure CDN Standard from Microsoft (classic) resources, through opening a support request. See details in https://azure.microsoft.com/updates...and-azure-cdn-standard-from-microsoft-classic.
To continue our commitment, we're making changes in two phases to stop allowing domain fronting behavior on our platform.
1. Beginning 8 November 2022, all the newly created Azure Front Door, Azure Front Door (classic) or Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain fronting behavior. Previously existing Front Door, Front Door (classic) and CDN from Microsoft (classic) resources aren't affected by these changes.
2. Beginning 8 November 2023, all existing Azure Front Door, Azure Front Door (classic) and Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain fronting behavior.
Recommended action Between now and 7 November 2023, if you want to block domain fronting for any existing Azure Front Door or Azure CDN Standard from Microsoft (classic) resources created before 8 November 2022, please open a support request. Provide your subscription and Azure Front Door, Azure Front Door (classic), or Azure CDN Standard from Microsoft (classic) resource information in the support request. Once blocking of domain fronting has been enabled, Azure Front Door, Azure Front Door (classic), and Azure CDN Standard from Microsoft (classic) resources will block any HTTP requests that exhibit this behavior.
If your application uses a different TLS SNI extension during the TLS negotiation from the request Host header, you should prioritize changing this behavior on your application by 7 November 2023 to ensure they match. Otherwise, your application or API may be impacted by this change on 8 November 2023.
If you have any questions, please open a support request and provide your subscription details along with your Front Door or Azure CDN from Microsoft resource information.
If you have any questions, please contact us."
Posting it here in case it's of interest to anyone.
Comments URL: https://news.ycombinator.com/item?id=33572390
Points: 15
# Comments: 2
Continue reading...
"Action required: Azure Front Door/Azure CDN blocking domain fronting
Please take action to stop domain fronting on your application before 8 November 2023 You're receiving this email because you currently use Azure Front Door or Azure CDN Standard from Microsoft (classic).
Since 29 April 2022, we've changed the behavior of Azure Front Door and Azure CDN from Microsoft to align with our commitment to stop allowing domain fronting behavior on our platform. With that change, we offered the option to enable blocking domain fronting for existing or newly created Azure Front Door, Azure Front Door (classic) and Azure CDN Standard from Microsoft (classic) resources, through opening a support request. See details in https://azure.microsoft.com/updates...and-azure-cdn-standard-from-microsoft-classic.
To continue our commitment, we're making changes in two phases to stop allowing domain fronting behavior on our platform.
1. Beginning 8 November 2022, all the newly created Azure Front Door, Azure Front Door (classic) or Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain fronting behavior. Previously existing Front Door, Front Door (classic) and CDN from Microsoft (classic) resources aren't affected by these changes.
2. Beginning 8 November 2023, all existing Azure Front Door, Azure Front Door (classic) and Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain fronting behavior.
Recommended action Between now and 7 November 2023, if you want to block domain fronting for any existing Azure Front Door or Azure CDN Standard from Microsoft (classic) resources created before 8 November 2022, please open a support request. Provide your subscription and Azure Front Door, Azure Front Door (classic), or Azure CDN Standard from Microsoft (classic) resource information in the support request. Once blocking of domain fronting has been enabled, Azure Front Door, Azure Front Door (classic), and Azure CDN Standard from Microsoft (classic) resources will block any HTTP requests that exhibit this behavior.
If your application uses a different TLS SNI extension during the TLS negotiation from the request Host header, you should prioritize changing this behavior on your application by 7 November 2023 to ensure they match. Otherwise, your application or API may be impacted by this change on 8 November 2023.
If you have any questions, please open a support request and provide your subscription details along with your Front Door or Azure CDN from Microsoft resource information.
If you have any questions, please contact us."
Posting it here in case it's of interest to anyone.
Comments URL: https://news.ycombinator.com/item?id=33572390
Points: 15
# Comments: 2
Continue reading...
