Build Front Door routing rules, URL redirect/rewrite, header modification, and caching configs in ARM and Bicep formats.
Last verified: May 2026
No match conditions. Rule applies to all requests.
Standard vs Premium: Front Door Standard supports basic routing and caching rules. Premium adds advanced rules including private link origins, bot protection, and WAF integration. The Rules Engine is available on both tiers.
Rules Engine: Rules are organized in rule sets and processed in order. Each rule can have match conditions (when to apply) and actions (what to do). Rules execute top-down and short-circuit when a route override or redirect action fires.
Caching Best Practices: Cache static assets (images, CSS, JS) with long TTLs (7+ days). Use query string caching wisely “IgnoreQueryString” maximizes cache hit ratio. Set “UseQueryString” only for dynamic content that varies by query parameters.
Output will appear here...The Azure Front Door Rule Builder creates routing rules, URL redirect and rewrite configurations, header modifications, and caching policies for Azure Front Door profiles. It supports the Standard and Premium tiers with rule sets that chain conditions and actions for fine-grained traffic management. The tool generates configurations in ARM template and Bicep format.
Standard provides global load balancing, SSL offloading, URL redirect/rewrite, and caching. Premium adds the Web Application Firewall (WAF) with managed rule sets, bot protection, and Private Link origin support for secure backend connectivity. Premium is required for compliance-sensitive applications.
Rule sets contain ordered rules that evaluate conditions (request path, headers, query strings, etc.) and execute actions (redirect, rewrite, modify headers, override caching). Rules are evaluated in order within a rule set, and multiple rule sets can be associated with a route.
Yes. Azure Front Door supports any publicly accessible HTTP/HTTPS endpoint as an origin, including on-premises servers, other cloud providers, and third-party services. Premium tier additionally supports Private Link origins for Azure-hosted backends.
You're consolidating three legacy domains (example.com, www.example.com, example.net) onto a single Front Door endpoint. You need permanent redirects from the legacy domains to the canonical www.example.com, plus HTTP-to-HTTPS enforcement. You build a rule set with three rules: rule 1 redirects HTTP→HTTPS for any host, rule 2 redirects example.com (apex) to www.example.com, rule 3 redirects example.net to www.example.com. All three are 308 permanent redirects, all stop further evaluation. Deploy the Bicep, point DNS at Front Door, and SEO consolidation happens transparently overnight.
The builder generates Azure Front Door rule sets as Microsoft.Cdn/profiles/ruleSets/rules resources. Each rule is composed of conditions (matchVariable, operator, matchValues) and actions (URL rewrite, redirect, header modification, route configuration override). Output is generated in ARM JSON, Bicep, and Terraform formats with the same condition logic and action ordering for cross-tool parity.
Rule order within a rule set is evaluated top-to-bottom, but rules can have a 'Stop evaluating remaining rules' action. Use this to prevent later rules from undoing what an earlier rule did — for example, a redirect rule should usually be terminal, not allow a rewrite rule to run after it.
Front Door's URL rewrite rules can change the path that hits your backend, but the original Host header is preserved by default. If your backend serves multiple sites by Host, you'll need an explicit 'Modify Request Header' action to rewrite the Host as well as the path.
Add HSTS, X-Content-Type-Options, and X-Frame-Options security headers via Front Door rules instead of in your application code. This applies them consistently across all backends and gives your security team a single place to audit. Just be careful with HSTS max-age — once browsers cache it, you can't undo it for the duration.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.