如何仅授权从我的 Frontdoor 到我的 Web 应用程序专用端点的流量?

How to authorized only traffic from my Frontdoor to my Web App private endpoint?

我们有一个前门,后端有 2 个 Web 应用程序。

我们希望仅授权访问来自前门的 Web 应用程序流量,因此我们考虑使用 Web 应用程序私有端点。

但是,当我们将流量重定向到专用端点时,使用前门时仍然出现“错误 403 - 禁止”。

请帮忙

Azure Front Door documentation 明确声明 back-end 服务(在本例中为 Web 应用程序)必须具有 public end-point 才能访问:

后端和后端池:

Front Door backends refers to the host name or public IP of your application that serves your client requests.

Backend pools can be composed of Storage, Web App, Kubernetes instances, or any other custom hostname that has public connectivity. Azure Front Door requires that the backends are defined either via a public IP or a publicly resolvable DNS hostname. Members of backend pools can be across zones, regions, or even outside of Azure as long as they have public connectivity.

如果Web App服务有私有的end-point,建议在服务前面放一个Application Gateway,暴露一个public end-point给前门。

记住这一点,据我所知,没有解决方案可以限制仅从 Front Door 到 Web 应用程序的流量。