Share via

Allow traffic to SQL and Webapp

Handian Sudianto 7,241 Reputation points
2024-08-15T05:44:54.34+00:00

Hello,

I want to block internet access from Azure VMs, but letting the VMs connect Azure SQL Server and Web App. Azure SQL Server will use *.database.windows.net and Web App use *.azurewebsite.net.

Can we whitelist that or any azure resource by FQDN tag, or should make custom URL with tar get URLs *.database.windows.net and *.azurewebsite.net ?

Azure Firewall
Azure Firewall

An Azure network security service that is used to protect Azure Virtual Network resources.

0 comments

Answer accepted by question author

PISITPONG VISARLCHAROENYING 95 Reputation points
2024-08-15T08:00:07.1033333+00:00

Hi Handian

Incase you are using Azure Firewall as tagged in this forum, you ca create Azure Firewall Application Rule. Please specify Application Rule as following.

Name Source Type Source Protocal Destination Type Destination
Rule1 IP Address <Your Source VM IP> https fqdn *.azurewebsite.net
Rule2 IP Address <Your Source VM IP> mysql fqdn *.database.windows.net

Incase you are using Network Security group to secure you VM, you can setup NSG outbound rule as below.

Source Source Port Range Destination Destination Service Tag Service Action
Any * Service Tag Sql MSQL Allow
Any * Service Tag AppService HTTPS Allow
Any * Any Any Any Deny

Thanks Pisitpong

Was this answer helpful?

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.