1

I have the folllowing set up in Azure:

  1. got a new domain name, and azure created a resouce group called "domain" with the following resouces: a app service domain, and a DNS zone, both with the same name as the domain name;
  2. within this resouce group I created an app service plan and an app service implemented some APIs;
  3. An API management in front of the app service.

This is what I see: a. if I don't configure the custom doname, then I can use access restriction to block all traffic to the API service except the API management; b. once I turn on custom domain, then I'm no longer able to hit the APIs via the API management - I'm getting 403 error.

It appears after turning on the custom domain, the app service is no longer getting the API management's IP address properly, but I'm not sure if that's the case, what's your thoughts?

Thank you.

David Mai
  • 31
  • 1
  • Want to make sure I understand correctly. You have a custom domain on your app service. Your API resource can communicate with the app service when the custom domain is not configured on the app service, correct? If you're using the IP address of the API resource, what happens if you use the DNS name? Is only the app service sitting behind a VNET? – Ryan Hill Apr 28 '20 at 15:05
  • Hi Ryan, thx for the note. This is what I have: – David Mai Apr 29 '20 at 18:56
  • Hi Ryan, thx for the note. This is what I have: I created an app service exposing some APIs; then I created an API management. To secure app service, it only allows the api management's IP. This is OK. Then I tested configuring a custom domain in the api management, if I disable the access restriction by IP, then i can hit the APIs with the custom domain endpoing; but if I turn on access restriction, I'd get 403 error. I'll try your idea DNS name see if that helps. I have VNET, testing if I should have the app service and the api management in different sub net - is this right? – David Mai Apr 29 '20 at 19:12

0 Answers0