![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 72%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESF%3C/text%3E%3C/svg%3E)
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,865 questions
To achieve your scenario, you can use Azure Private Link or Azure Private Endpoint, along with Azure Application Gateway, to create a secure and private connection between your frontend web app and the backend web apps.
Here's a high-level overview of the steps to follow:
- Set up Azure Private Link or Private Endpoint for your backend web apps:
- In each backend web app, create a Private Endpoint in the same virtual network as your frontend web app.
- The Private Endpoint will establish a private IP address for each backend web app within the virtual network.
- Restrict access to your backend web apps:
- In each backend web app, configure the Access Restrictions to allow traffic only from your virtual network.
- You can add the frontend web app's outbound IP addresses to the allowed list as well, to ensure it can access the backend web apps.
- Set up Azure Application Gateway with a Web Application Firewall (WAF) for your frontend web app:
- Create an Azure Application Gateway instance in the same virtual network as your frontend and backend web apps.
- Configure the Application Gateway to use the private IP addresses of your backend web apps as the backend pool.
- Set up the frontend listener and the routing rules to forward traffic to the appropriate backend web app based on the request.
- Enable the WAF to protect your frontend web app against common web vulnerabilities.
- Update your DNS settings:
- Configure your custom domain to point to the public IP address of the Azure Application Gateway.
- Update the DNS settings of your backend web apps to use their private IP addresses.
- Test your setup:
- Verify that your frontend web app can access the backend web apps using their private IP addresses.
- Ensure that the backend web apps are not accessible from the public internet.
By following these steps, you will create a secure and private connection between your frontend web app and your backend web apps, allowing only the frontend web app to access the backend web apps.