question

SecretNest avatar image
0 Votes"
SecretNest asked ·

Azure app service with private endpoint - throws 403 on kudu

Hi.

First of all, I've read https://docs.microsoft.com/en-us/answers/questions/264747/azure-app-service-with-private-endpoint-throws-403.html, which didn't resolve my problem.

I have a private network to connect a web app to a sqlserver instance. While adding the web app, a dns zone named "privatelink.azurewebsites.net" is created with 2 records (scm and not) pointed to the private ip of the web app. While adding the sqlserver instance to this zone, another dns zone is created using "privatelink.database.windows.net" as its name, with one record pointed to the sqlserver instance. 2 zones are created forcely on the same private network.

After that, I cannot visit the kudu. 403 Fordidden.
I've tried to separate them into 2 subnets. But kudu still cannot accept.

How to resolve this problem? Thanks.

azure-webappsazure-virtual-networkazure-private-link
· 3
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Or, any guide for connecting a web app to sql server instance using private network?

0 Votes 0 ·

@SecretNest We apologize for the 403 error you are receiving when trying to visit kudu with private endpoint setup.

It sounds like you followed the steps in this documentation to have a dedicated DNS record for scm. Can you please verify you followed these steps?

If the DNS appears to be setup properly then the next resource I would suggest referring to is this architectural document, which talks about a web app with private database connectivity.

Lastly, if you followed the architectural design and are still receiving 403 errors, please reply back and let us know so we can assist you further.

0 Votes 0 ·
SecretNest avatar image SecretNest brtrachMSFT-0711 ·

Thanks for your reply.

Due to too complicated to implement this private network, we choose to use public ip with firewall setting to get around of this.

Thanks again for your help.

0 Votes 0 ·

0 Answers