I have an Azure app service and in some cases I need to send a web request to a non-azure webserver. What do I need to do to make it possible.
Currently the web request fails with no clear error message.
In response to a HttpClient Put request I get a System.Net.WebException exception which says there were errors.
THe same request works from a desktop application.
If your webserver is reachable from the internet you should be able to access it through your App Service. Try to log a ping to your webserver and google (8.8.8.8).
If your App Service is in a VNET you should enable some outbound rules to your webservers IP adress.
The server I am connecting to is an other Azure service. After some more investigating, It appears that I can connect to it if I do not use SSL (i.e. http://) but the connection is immediately closed when using SSL (https://). I assume that the problem must be related to the use of SSL.
Related
I want my web app to be able to send requests to another web app,
I have added the (Outbound) Public IP of the web apps to the mutual access restriction.
In Kudu Console, I use "tcpping" to test that the hostname of his web app is connected (443port).
But I execute my web app with postman and my web app is getting "Forbidden".
Later, when I executed curl in the Kudu Console of my web app, I also received 403 Forbidden.
And the Kudu Console of the other party's web app executes curl and displays 401,
In addition to Access Restriction, do I need to confirm any settings?
As HarshithaVeeramalla-MT said, it was later found that the outbound IP addresses of both parties were not complete, and all IP addresses of Additional Outbound IP Addresses need to be added to the Netowrking/Access Restriction before they can access each other.
Thank you.
I have an App Service hosted in azure and I need to secure that using Azure's Web Application Firewall (WAF). I've created the WAF and also specified the app service's FQDN but when I hit that from the browser I get a timeout response after ~3mins.
I've validated that I can hit the AppService using the http://FQDN. The WAF's BackendHttpSetting is configured for HTTP port 80. The listener is also configured for http 80. Ive tried hitting the WAF endpoint using the IP as well as the {guid}.cloudapp.net
I'm out of ideas now.
Any pointer?
Thanks
Support for Azure Web Application requires additional configuration on backend setting and probe for correctly overriding Host headers from incoming requests. This is documented at link1 and link2 for a working example.
I'm trying to access a third party service from Azure App Services (ideally Functions, but a Web App would do). However this service is hosted on a non-standard port, e.g. https://myservice.com:445
I'm using the System.Net.Http.HttpClient to make a POST request, but consistently get a SocketException:
An error occurred while sending the request. Unable to connect to the remote server An attempt was made to access a socket in a way forbidden by its access permissions 1.2.3.4:445
The code works on my local environment (Functions emulator or Kestrel), but fails on Azure. I tried using a service hosted on a regular https endpoint, e.g. https://myotherservice.com, and the call goes through normally.
I'm assuming there is some sort of outbound firewall rule that's preventing the fist call, but I haven't found any configuration option to disable this. Is it possible? I unfortunately cannot change the endpoint of the service I need to call.
After checking your application, I did indeed find that those outgoing requests were being blocked by the infrastructure.
I was also able to find public documentation covering those ports here:
https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox#restricted-outgoing-ports
I have a requirement where I need to host an FTP server along with a website that is hosted on Azure Web Sites. We host separate instances of this app for our clients - and it needs an separate FTP server per instance
The solution that I'm trying currently is using the FubarDev.FtpServer. My plan was to host that FTP service in a web job.
Launching the FTP server seems ok. The Web Job prints out a line to web job console after the server is started, status is of the web job is running and no exceptions are output.
Now, trying to connect to the FTP fails. I suspect the reason is that the port 21 is not open on the firewall that protects azure websites and no traffic on that port is forwarded. Is there any way around this?
Connecting from the Website it self to the FTP server hosted in the job gives the following errors:
When connecting to 127.0.0.1
An attempt was made to access a socket in a way forbidden by its
access permissions 127.0.0.1:21
When connecting using the websitename.azurewebsite.net on port 21 (from the website itself, that is hosting the FTP inside the webjob)
A connection attempt failed because the connected party did not
properly respond after a period of time, or established connection
failed because connected host has failed to respond xx.xx.xx.xx:21
I would like to stick to the Azure Web Apps as much as possible to avoid having to manage VMs
Any help would be greatly appreciated! I'm also open to the potential alternative approaches to this problem.
Azure Web Apps only support incoming traffic on ports 80 and 443. You will not be able to host ftp servers via web apps (aside from the built-in ftp server). You'd need to place the ftp server either in a VM or web/worker role (cloud service).
I did a console application to manage the azure server using the azure service management rest API. And I followed the instructions from http://msdn.microsoft.com/en-us/library/windowsazure/gg651127.aspx to create certificate, upload to azure under subscription level. import to local My(personal) folder. everything works well. I can get the hosted services. create new host service.
but when I used a web proxy on my machine. the response always be 403 Forbidden. I tried to set the proxy in HttpWebRequest, but still the same error.
Also, I run this console application in a aws EC2 and have the same 403 Forbidden error(maybe EC2 also use proxy?).
Suppose the proxy server should forward the web request to azure management rest API server with the certificate, but I guess it's not. someone told me maybe this certificate only self generated and not valid. so the proxy server refused it. not sure if that is the cause.
Azure Management APIs require signed headers. Some proxies makes changes (add/modify) header tags which would then invalidate the signature and cause the 403.
w.r.t. EC2 - did you install your management certificate on the VM? Without it the request will fail with a 403.
One of the suggestions is to use Fiddler to compare the request before & after the proxy. That will tell you what (if anything) is changing.