Allow traffic to SQL and Webapp

Question

Allow traffic to SQL and Webapp

Handian Sudianto 5,821

Hello,

I want to block internet access from Azure VMs, but letting the VMs connect Azure SQL Server and Web App. Azure SQL Server will use *.database.windows.net and Web App use *.azurewebsite.net.

Can we whitelist that or any azure resource by FQDN tag, or should make custom URL with tar get URLs *.database.windows.net and *.azurewebsite.net ?

Accepted answer

0 additional answers

Your answer

Answer 1

PISITPONG VISARLCHAROENYING 95

Hi Handian

Incase you are using Azure Firewall as tagged in this forum, you ca create Azure Firewall Application Rule. Please specify Application Rule as following.

Name	Source Type	Source	Protocal	Destination Type	Destination
Rule1	IP Address	<Your Source VM IP>	https	fqdn	*.azurewebsite.net
Rule2	IP Address	<Your Source VM IP>	mysql	fqdn	*.database.windows.net

Incase you are using Network Security group to secure you VM, you can setup NSG outbound rule as below.

Source	Source Port Range	Destination	Destination Service Tag	Service	Action
Any	*	Service Tag	Sql	MSQL	Allow
Any	*	Service Tag	AppService	HTTPS	Allow
Any	*	Any	Any	Any	Deny

Thanks Pisitpong

Handian Sudianto 5,821 Reputation points

2024-08-15T08:08:17.8766667+00:00

Hi @PISITPONG VISARLCHAROENYING

When allowing traffic to azure sql server using azure firewall, i can see the protocol only can contain http, https and mysql.

Need clarification mysql there is not MSSQL right, since mysql have different port number with MSSQL?
PISITPONG VISARLCHAROENYING 95 Reputation points

2024-08-15T08:13:08.91+00:00

Hi @Handian Sudianto

Sorry, my bad. It should be MSSQL instead of MYSQL.

Thanks

Pisitpong

Share via

Allow traffic to SQL and Webapp

0 additional answers

Your answer