3

I am trying to expose my Front End and Function Web Apps using App Gateway. Both of those apps belong to one app service plan. They are also private endpoint enabled and VNET integrated.

I have databricks in another tenant which needs to feed data to my Function App So for that reason i need to expose my Function App. As for the Front End App, it needs to be accessed by all the employees belonging to a particular business unit.

So my question is , when i am configuring listeners, and the backend pool, should i be using the *.privatelink.azurewebsites.net FQDN or the normal *.azurewebsites.net FQDN as the backend pool ? When you are using Private Endpoint, you already have a CNAME which maps *.privatelink.azurewebsites.net to *.azurewebsites.net and you also have an 'A' record for your private endpoint.

So while configuring App Gateway with Private Endpoint enabled web apps, what is it that you should be using as your backend

Pallab
  • 1,915
  • 2
  • 19
  • 46

1 Answers1

3

You have to use the normal *.azurewebsites.net FQDN instead of the private link one. This normal FQDN automatically resolves to the private link FQDN. The normal FQDN will throw an error when called from a public network when a private endpoint is attached to it because it cannot resolve the private address so your service isn't exposed anymore for the outside world (unless they have public access through your application gateway of course)

r3verse
  • 1,000
  • 8
  • 19
  • Well i have created an A record which is like the subdomain of my Front End App Service and mapped to the public IP of the App Gateway. I have also created a TXT record and used that to create a custom domain binding in the Front End Web App. The custom domain name matches with the Hostname in the Listener in App Gateway. Still i am not able to browse the Front End somehow – Pallab Apr 05 '22 at 23:21
  • I'd suggest using a cname record but it would solve your problem. Have you verified the health inside your app gateway for the back end pool? See https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-backend-health-troubleshooting. Also verify you've setup the routing rule correctly from the listener to the backend pool. – r3verse Apr 07 '22 at 02:22
  • I have configured my App Gateway now and i can see myself being redirected to the Login Page of the Web App, but after authenticating myself i get "Error 403 - Forbidden". If i hit F12, it says "Referrer Policy : strict-origin-when-cross-origin" – Pallab Apr 07 '22 at 15:22
  • Check the CORS policy on the web app – r3verse Apr 07 '22 at 19:29