Receiving 403 when setting Azure Front Door, anybody knows how to connect privately to an App?

Carlos Caras 0 Reputation points
2024-06-25T15:07:02.52+00:00

Hello community,

I set Azure Front Door. The end point is connected to my app service. When I type AFD route on a browser it goes to the app correctly. Following tutorials, I disable public traffic to my app (allowing only from Front Door), but then when I try to browse AFD URL it gives me a 403 forbidden.

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
621 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. William 620 Reputation points
    2024-06-26T02:41:39.89+00:00

    Hi @Carlos Caras It seems you’re encountering a 403 Forbidden error after setting up Azure Front Door and restricting public traffic to your app service.

    Network Security Restrictions: You mentioned that you disabled public traffic to your app and allowed only traffic from the Front Door. Ensure that your web app’s Network Security Restrictions are correctly configured. If you have IP restrictions, make sure the Front Door’s IP addresses are whitelisted.

    Order of Rules: If you have multiple rules in your Front Door configuration, the order matters. Path-based rules should be below basic rules. Verify the rule order to ensure proper handling of requests. Review Azure Front Door routing rules.

    SSL Profile: If you’re using an SSL profile on the listener, consider using the “Use well-known CA certificate” option under HTTP settings instead. This can resolve the 403 error.

    Web Application Firewall (WAF): Check if WAF is enabled. If so, review the WAF logs to identify any rules blocking requests. You can set WAF to Detection mode initially to diagnose issues.

    Custom Response: Configure a custom response for Azure Web Application Firewall to provide meaningful feedback when requests are blocked. Configure custom WAF responses.

    If this answer solves your issue, please vote for it so other community members know that this is a quality answer.

    0 comments
  2. GitaraniSharma-MSFT 49,001 Reputation points Microsoft Employee
    2024-06-27T13:05:03.8966667+00:00

    Hello @Carlos Caras ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you are receiving 403 when setting Azure Front Door and would like to know how to connect Azure Front Door privately to an App service.

    You can follow the below document for the steps:

    https://techcommunity.microsoft.com/t5/azure-architecture-blog/permit-access-only-from-azure-front-door-to-azure-app-service-as/ba-p/2000173

    https://video2.skills-academy.com/en-us/azure/app-service/app-service-ip-restrictions?tabs=azurecli#restrict-access-to-a-specific-azure-front-door-instance

    https://azure.github.io/AppService/2022/11/24/Advanced-access-restriction-scenarios-in-Azure-App-Service.html#first-advanced-scenario---filter-by-http-header

    Or if you have Azure Front Door Premium SKU, you can secure your web app with Private Link:

    https://video2.skills-academy.com/en-us/azure/frontdoor/private-link

    https://video2.skills-academy.com/en-us/azure/frontdoor/standard-premium/how-to-enable-private-link-web-app

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments