question

rawwar avatar image
1 Vote"
rawwar asked SaiKishor-MSFT commented

403 error even after allowing IP in network restriction

A bit of information regarding my setup.

I have a web app, which I have been using for the past couple of years. I use the application gateway's frontend Ip configuration to access my web app. For this, I added the frontend IP address to the network restriction rules of my web app. It has been working fine. since today morning, I keep getting an error on the application gateway saying that the backend is unhealthy with the following error message

"Received invalid status code: 403 in the backend server’s HTTP response. As per the health probe configuration, 200-399 is the acceptable status code. Either modify probe configuration or resolve backend issues"

After some research, I found that I can use the "Diagnose and solve problems"(Which client IPs got rejected due to IP restriction?) option in the web app to find out which requests from which IP addresses have been blocked.

In the logs i see that ipv6 addresses like "fde2:8daa:2000:f05a:6a20:100:a88:f306"(not the exact one). But, i have put ipv4 address of frontend of app gateway.

This started happening today morning. Please help me out

azure-webappsazure-application-gateway
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi mates, I am facing the same issue with no luck at the moment.

In my case I am using a private endpoint linked to the App Service, so only traffic from internal network is allowed.

Checking restricted IPs I see a lot of blocked traffic from an IPv6 address, I suppose that this come from App Gateway health probes.

Finally, if I test a health probe separately I get a 200 response status, but backend health pane keeps displaying a 403 code.

All suggestions are absolutely welcome.

0 Votes 0 ·
SaiKishor-MSFT avatar image SaiKishor-MSFT FernandoGutirrezAguilera-2014 ·

@FernandoGutirrezAguilera-2014 What do you have configured for the backend? Is it a FQDN? If so, please try adding the IPv4 address of the backend and see if that helps as Application Gateway does not support Ipv6 addresses if the FQDN resolves to IPv6.

0 Votes 0 ·

1 Answer

SerhiyHryhorchuk-6548 avatar image
0 Votes"
SerhiyHryhorchuk-6548 answered SaiKishor-MSFT commented

Hello,
Did you resolve this issue?
I have the same error for no reason.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SerhiyHryhorchuk-6548 What do you have configured for the backend? Is it a FQDN? If so, please try adding the IPv4 address of the backend and see if that helps as Application Gateway does not support Ipv6 addresses if the FQDN resolves to IPv6.

0 Votes 0 ·