I'm trying to restrict access to my app service so that it can only be reached through my application gateway. I thought it would be straightforward, but I'm running into some issues. Here's the setup:
- I've created an access restriction rule for my app service that allows traffic only from the VNet and subnet of my application gateway, denying all other requests.
- When I added the rule and tried to access my app service URL directly, I received a 403, which is expected.
- In my application gateway, I've implemented a path-based routing rule that directs all traffic with /abc to my app service.
- When I access myappgatewayurl.com/abc, I see my app service home page, which is what I wanted. However, when my teammate, who is located in a different country, tries to access the same URL, he gets a 403 error.
I'm confused about why this is happening. Any advice or insights would be greatly appreciated!
2 Answers
You might need a private endpoint for your app service to be accessible. Make sure your web app is inside a subnet with proper VNet integration. Set up everything so that both inbound and outbound traffic go through the VNet, and double-check your routing.
Just to add, make sure you're both accessing the app service in the same way. Check your network setup to see if one of you could be accessing it privately and the other publicly. Use the F12 developer tools to compare the request details like IP addresses.
If you set up your app service without any access restrictions and link it to the app gateway, does your teammate still get a 403? That could give you some insight on where the issue lies.
If there are no access restrictions, everything should work without any issues.
Yeah, that's definitely the way to go about it.