0

I have an web app in EU West Region that calls an API hosted in EU North Region. When I place my Web App in a VNet and call the web app in another region, that I do not control, I get a 403 Ip Forbidden.

For testing, I have setup 2 web apps. http://vnetazuretestnortheurope.azurewebsites.net/swagger/index.html and http://vnetazuretestwesteurope.azurewebsites.net/swagger/index.html

Using swagger you can create a server to server call by passing in a url. If you try with "https://api.bankintegration.dk" a web app I do not control or is part of the VNet, the result is not the same.

EU North (same region) the result is 200. EU West (cross region) the result is 403 Ip Forbidden.

If I remove the integration to the VNet from the EU West Web App, the request works.

Is the problem with Azure, my configuration or the remote API configuration?

Morten Lyhr
  • 101
  • 1

1 Answers1

0

Please first check the documentation relating to vNet integration with App Services and cross region communication: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet

Also note there are 2 versions as stated with known limitations for now:

One version enables integration with VNets in the same region. This form of the feature requires a subnet in a VNet in the same region. This feature is still in preview but is supported for Windows app production workloads with some caveats noted below.

Marco
  • 1,709
  • 3
  • 17
  • 31
Jordy
  • 36
  • 3
  • I get that, but the problem is that it is a specific site that cannot be reached. "https://api.bankintegration.dk" = 403 Ip Forbidden, from West. All other sites including "bankintegration.dk" and "www.bankintegration.dk" works just fine 200 from both West and North. I do not own the "bankintegration.dk" WebApp it is a 3rd party REST API I connect to. I can just see that it has a Azure Public IP and is hosted in North region. – Morten Lyhr Jan 18 '20 at 11:15