5

The error I see when accessing https://www.example.com regardless of whether I have a listener (443) and rule is:

403 - Forbidden

You don't have permission to access / on this server.

If I add a listener on port 443, attach a valid certificate and rule, I get the same error message. If I dig www.example.com, I can see it's resolving to the public IP of the application gateway.

http://www.example.com works as expected with a listener on port 80 and rules directing traffic to backend virtual machines hosting Apache.

I should add that this has been set using the Azure Portal. Should I be using PowerShell? Some forums suggest the portal is flaky.

Improve this question
3

2 Answers 2

Reset to default
4

The issue was resolved and ties in with a redirection problem we were experiencing.

The problem appears to be a combination of the following:

  • We had a listener on port 443 without a hostname.

  • It appears the order of path-based rules is important when there's a listener without a hostname.

As a rule of thumb, path-based rules should be below basic rules. Also, if the app gateway is used for multiple sites, ensure hostnames are defined for listeners.

Improve this answer
1

My Application Gateway is configured with a multisite listener. For me, I had selected Enable SSL Profile on the listener. I am not using path-based rules and WAF is turned off.

Although I had configured an SSL profile, I guess there is an error in the certificate. It is (currently) under preview, but I don't think I fully understand what it's supposed to do - needs more reading.

Instead of using SSL Profile on the listener, I was able to use Use well known CA certificate option under HTTP settings. This resolved the 403 error.

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.