Reputation: 2513
How to deny port 1433 access to SQL Server VM while allowing SQL query from Integrated Web App
I have integrated Azure WebApp to SQL Server VM so that these can communicate via Vnet instead of public internet.
I have denied all TCP port 80 for incomings for security reason. I see that http posts reach successfully from WebApp to VM.
However when I deny all TCP port 1433 for comings, SQL queries stop reaching from Web App to SQL Server VM. I was expecting that integrated VNet would handle this. SQL Server VM have SQL connectivity settings as private(within virtual network) If I keep 1433 open I can access from my desktop Excel to SQL Server DB, which is security risk in this case.
How to solve?
Upvotes: 0
Views: 801
Answers (1)
Reputation: 72191
Just close 1433 on the network security group to the traffic originating from the internet. That will block external traffic to 1433, but will leave internal intact.
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg
Upvotes: 1
Related Questions
- Configure Azure SQL Database Firewall for just my Web App
- Allow Azure Web App to Access Database on the VM Without Exposing that VM to the World
- Limit sql azure access from an azure web app
- Accessing Azure SQL Database from Access (without port 1433)
- Limit access to Azure SQL Server to specific azure web apps
- Restricting access to Azure SQL from Azure VM
- Azure SQL DB-Securing communication on Port 1433
- refused my local machine sql connection for 1433 port
- Filter access to sql Server hosted to Azure from Web App Azure
- Allowing only local network connections to a Windows Azure VM?