403 forbidden on the web app with private endpoint

10148152 0 Reputation points
2023-07-25T14:27:39.88+00:00

I have created two web applications. One of them is public access. To the second one, I added a private endpoint, created a private dns zone, created two rules there. Everything worked well. Once I opened public access to the second web application. After that I closed it again. But the app doesn't work anymore. I am getting 403 forbidden. Custim domain I didn't use. I'm currently using Azure azurewebsites.net dns records.

I have created two web applications. One of them is public access. To the second one, I added a private endpoint, created a private dns zone, created two rules there. Everything worked well. Once I opened public access to the second web application. After that I closed it again. But the app doesn't work anymore. I am getting 403 forbidden. Custim domain I didn't use. I'm currently using Azure azurewebsites.net dns records.

User's image

I tried to check if the first web app sees the second web app. I ran the nslookup and tcpping commands. Everything passes.

User's image

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,408 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. ajkuma 24,971 Reputation points Microsoft Employee
    2023-07-26T20:15:21.5933333+00:00

    10148152, Apologies for the delayed response.

    Based on the issue description, I understand you have validated the connectivity between the two WebApps.

    • You may always leverage App Service diagnostics from Azure Portal> Navigate to your App Service app in the Azure Portal. (screenshot below)
    • In the left navigation, click on Diagnose and solve problems - Review and run – Network troubleshooter and ““Configuration and Management” (IP address configuration)
    • Review Azure App Service access restrictions

    Just to confirm, are you able to access your backend web app directly using its default URL from a browser?

    To isolate the issue further, please validate these:

    1. Check if the private endpoint is still linked to the correct private DNS zone and group.
    2. Check if the private endpoint is still linked to the correct subnet and virtual network.

    Kindly let us know, I'll follow-up with you further.