Error 403 - Forbidden
The web app you have attempted to reach has blocked your access.
Open rexebin opened 1 year ago
Hi @rexebin,
2.37.0 is not the latest Azure CLI(2.49.0).
Please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.
Thank you for opening this issue, we will look into it.
Thank you for opening this issue, we will look into it.
Thank you!
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @adrianhall, @KedarJoshi.
The web app you have attempted to reach has blocked your access.
Author: | rexebin |
---|---|
Assignees: | shreyas-gopalakrishna, amamounelsayed, kaibocai, kamperiadis |
Labels: | `bug`, `Service Attention`, `Functions`, `API Management`, `customer-reported`, `Auto-Assign`, `Auto-Resolve` |
Milestone: | - |
Adding Service team to look into this.
Update: Apim import issue is resolved.
Running az apim api import
only requires the APIM to have access to the app service.
@rexebin confirming we can close this issue?
No, the web app deployment issue is still outstanding.
Thanks!
On Wed, 21 Jun 2023 at 20:30, Shreya Batra @.***> wrote:
@rexebin https://github.com/rexebin confirming we can close this issue?
— Reply to this email directly, view it on GitHub https://github.com/Azure/azure-cli/issues/26714#issuecomment-1601556280, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACTDVB2DW2LRN4TZKTUPLJ3XMNDWLANCNFSM6AAAAAAZNJV7UQ . You are receiving this because you were mentioned.Message ID: @.***>
Describe the bug
/openapi/v3.json
endpoint, but it should not, because public access is disabledWhen we use Github hosted Runners with OIDC authentication, same contributor role to resources:
openapi/v3.json
returns 403 IP forbiddenWe understand why the Github Hosted Runners with OIDC authentication get rejected. But we are puzzled why the self hosted runners with MSI work because the runner's vnet has no relationship.
Related command
Deploy to function staging slot:
Import to APIM:
Errors
With self-hosted runner, no errors.
With Github Runner, OIDC authentication, we got errors:
Error for importing APIM:
Failed to import from specified resource https://myservicename.azurewebsites.net/my-service/openapi/v3.json: Response status code does not indicate success: 403 (Ip Forbidden).
Error for deploying to staging slot:
Error 403 - Forbidden
The web app you have attempted to reach has blocked your access.
Issue script & Debug output
same the errors
Expected behavior
Self hosted runner should not have access to public access disabled app service
Or, github runners with OIDC should behave the same way as self hosted runner.
Environment Summary
azure-cli 2.37.0 ubuntu linux 22.04.2
Additional context
No response