Getting 403 Ip forbidden

Anant 60 Reputation points

I have two app services ( frontend and backend ) in same virtual network. I want to make private of backend app service .

Below are the configurations -

  1. Frontend app - Vnet Integration enabled
  2. Backend application - IP restriction enabled and Vnet integration enabled with same vnet
  3. Added frontend webapp subnet in app service site access rule and added all outbound address of app services as well
  4. In backend web app subnet NSG - allow all traffic inside the vnet

With above configuration .When I hit request from frontend application to backend app service. I m getting 403 IP forbidden error.( backend ip address:443 )

And when I allow all public access in backend , its working fine ....

Can you pls suggest, how can I configure the networking rules to fix this issue so that my backend webapp will work as private.

Thanks !!

User's image

User's image

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,378 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. brtrach-MSFT 15,791 Reputation points Microsoft Employee

    @Anant Based on the information you provided, it seems like you have correctly configured the VNet Integration and IP Restrictions for your backend app service. However, it's possible that the IP address of your frontend app service is not being correctly recognized by the IP Restrictions rule.

    To troubleshoot this issue, you can try the following steps:

    Check the IP address of your frontend app service by going to the "Properties" section of the app service in the Azure portal. Make sure that this IP address is added to the IP Restrictions rule for your backend app service.

    Check the logs for your backend app service to see if there are any errors related to IP Restrictions. You can access the logs by going to the "Log stream" section of the app service in the Azure portal.

    If the above steps do not resolve the issue, you can try disabling the IP Restrictions rule temporarily to see if the backend app service is accessible from the frontend app service. If it is, then you can try re-creating the IP Restrictions rule with the correct IP address for the frontend app service.