How to deny port 1433 access to SQL Server VM while allowing SQL query from Integrated Web App

Question

I have integrated Azure WebApp to SQL Server VM so that these can communicate via Vnet instead of public internet.

I have denied all TCP port 80 for incomings for security reason. I see that http posts reach successfully from WebApp to VM.

However when I deny all TCP port 1433 for comings, SQL queries stop reaching from Web App to SQL Server VM. I was expecting that integrated VNet would handle this. SQL Server VM have SQL connectivity settings as private(within virtual network) If I keep 1433 open I can access from my desktop Excel to SQL Server DB, which is security risk in this case.

How to solve?

score 1 · Accepted Answer · answered Sep 14 '17 at 18:36

1

Just close 1433 on the network security group to the traffic originating from the internet. That will block external traffic to 1433, but will leave internal intact.

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg

answered Sep 14 '17 at 18:36

4c74356b41

69,186
6
100
141

How to define source as internet? Priority: 1010, Name :SQLServer, Port 1433, Protocol: TCP, Source: Any, Destination: Any, Action: Deny, – Kenny_I Sep 14 '17 at 18:54
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-dmz-nsg-asm – 4c74356b41 Sep 14 '17 at 18:56
literally what you said, source - internet – 4c74356b41 Sep 14 '17 at 18:56

How to deny port 1433 access to SQL Server VM while allowing SQL query from Integrated Web App

1 Answers1