适用于Azure Web App和Azure SQL Server的VNet集成 [英] VNet Integration For Azure Web App and Azure SQL Server
问题描述
我在同一订阅中拥有一个Azure Web App和一个Azure SQL Server.它们都连接到相同的VNet子网,如下面的快照所示. SQL Server配置为不允许Azure资源和服务访问服务器,因为它只应允许从连接的子网或一组IP规则进行访问.
I have an Azure Web App and an Azure SQL Server, both in the same subscription. Both of them are connected to the same VNet Subnet as shown in the below snapshots. The SQL Server is configured not to Allow Azure Resources and Services to access the server, as it should only permit access from either the connected subnet or a set of IP rules.
不幸的是,SQL Server主动拒绝来自Web应用程序的任何连接,指出不允许Web应用程序IP访问服务器.
Unfortunately, the SQL Server is actively refusing any connection from the web app stating that the web app IP is not allowed to access the server.
有趣的是,我在另一个订阅上具有完全相同的配置.
The interesting thing is that I have the exact same configuration working on another subscription.
我可能会缺少什么?
快照:
1-在这里,您可以看到连接到"webapps"子网的Web应用程序
2-在这里,您可以看到连接到同一子网的SQL Server
3-这就是我得到的错误
推荐答案
Azure中的虚拟网络与它在本地的工作方式完全不同.
我在生产环境中也遇到了类似的问题,并且需要深入研究,有效的解决方案(满足安全标准并创建与数据库的安全连接)是为虚拟网络中的SQL访问创建私有端点.然后,所有对SQL的调用都是在内部执行的(它没有在互联网上进行),并且数据库拒绝了所有公共调用.
I had similar problems in production environment and digging deep, the working solution (meeting security standards and create a secure connection to the database) was to create a private endpoint for SQL access in the virtual network. Then all the calls to the SQL were performed internally (it did not go on the internet), and the databases were denying all public calls.
就您的情况而言,您已禁用了允许Azure应用访问",因此当您的应用尝试访问SQL时,服务器会检查ip以查找是否被列入白名单.如此快速的解决方案将是以下之一:
In your case now, you deactivated the Allow Azure apps to access so when your app is trying to access the SQL the server checks the ip to find out if it is white listed or not. So fast solutions would be one of the following:
- 启用Azure Web应用访问SQL
- 找到您的Web应用程序的所有出站IP,并将其注册到您的SQL防火墙/安全设置中.
如果您谈论有关安全法规的适当生产环境,我建议您采用更繁琐的专用端点路径.
If you talk about a proper production environment with security regulations I would suggest you go down the more tedious path of private endpoints.
这篇关于适用于Azure Web App和Azure SQL Server的VNet集成的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
