azurehttp-errorazure-application-gateway

Why do I see 403 forbidden in Azure application gateway?


The error I see when accessing https://www.example.com regardless of whether I have a listener (443) and rule is:

403 - Forbidden

You don't have permission to access / on this server.

If I add a listener on port 443, attach a valid certificate and rule, I get the same error message. If I dig www.example.com, I can see it's resolving to the public IP of the application gateway.

http://www.example.com works as expected with a listener on port 80 and rules directing traffic to backend virtual machines hosting Apache.

I should add that this has been set using the Azure Portal. Should I be using PowerShell? Some forums suggest the portal is flaky.


Solution

  • The issue was resolved and ties in with a redirection problem we were experiencing.

    The problem appears to be a combination of the following:

    As a rule of thumb, path-based rules should be below basic rules. Also, if the app gateway is used for multiple sites, ensure hostnames are defined for listeners.