Azure app service with private endpoint - throws 403 on kudu

SecretNest 1

Hi.

First of all, I've read https://learn.microsoft.com/en-us/answers/questions/264747/azure-app-service-with-private-endpoint-throws-403.html, which didn't resolve my problem.

I have a private network to connect a web app to a sqlserver instance. While adding the web app, a dns zone named "privatelink.azurewebsites.net" is created with 2 records (scm and not) pointed to the private ip of the web app. While adding the sqlserver instance to this zone, another dns zone is created using "privatelink.database.windows.net" as its name, with one record pointed to the sqlserver instance. 2 zones are created forcely on the same private network.

After that, I cannot visit the kudu. 403 Fordidden.
I've tried to separate them into 2 subnets. But kudu still cannot accept.

How to resolve this problem? Thanks.

SecretNest 1 Reputation point

2021-03-15T09:59:01.147+00:00

Or, any guide for connecting a web app to sql server instance using private network?
brtrach-MSFT 15,256 Reputation points Microsoft Employee

2021-03-16T04:22:39.687+00:00

@SecretNest We apologize for the 403 error you are receiving when trying to visit kudu with private endpoint setup.

It sounds like you followed the steps in this documentation to have a dedicated DNS record for scm. Can you please verify you followed these steps?

If the DNS appears to be setup properly then the next resource I would suggest referring to is this architectural document, which talks about a web app with private database connectivity.

Lastly, if you followed the architectural design and are still receiving 403 errors, please reply back and let us know so we can assist you further.
SecretNest 1 Reputation point

2021-03-16T04:49:36.92+00:00

Thanks for your reply.

Due to too complicated to implement this private network, we choose to use public ip with firewall setting to get around of this.

Thanks again for your help.