This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 84%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
I created a private endpoint to restrict access to our web application, also a private dns zone was created (https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint) and mywebapp.privatelink A record is added to to privatelink.azurewebsites.net dns zone, but I still got 403 forbidden error. Did I miss something? anyone could help check for me? Thx!!!
Hi @Kevin ,
Sounds like you're missing the CNAME that points myapp.azurewebsites.net to myapp.privatelink.azurewebsites.net. Check your DNS records to see if that CNAME is missing. To verify, use nslookup myapp.azurewebsites.net from an Azure VM that's associated with the same VNET your app service is on.
Hello Ryan!
mywebapp.azurewebsites.net CNAME mywebapp.privatelink.azurewebsites.net is defined inside the Azure public DNS, right?
That's correct.
Fixed this issue already. @Ryan Hill Thank you!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 10%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEG%3C/text%3E%3C/svg%3E)
Could somebody help. Seems like i am facing the same issue. Problem is I can call the backend api from the front web ( i am using a private dns zone with a private endpoint) using asp.net and http client, but when I try the same call using javascript i get a 403 and a cors violation. Backend API is enabled for CORS for all origins. Thanks for any help
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 77%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E1%3C/text%3E%3C/svg%3E)
@10148152 when you create a private endpoint, the DNS record is created on your behalf. You can see the records for the zone on the Private DNS zones blade.