[英]Azure application Gateway WAF
I am trying to configure Azure application gateway WAF with a backendpool set to a VM in a different Azure tenant using its public IP address on port 443. All the SSL certificates are configured properly. 我正在尝试使用后端端口设置为Azure应用程序网关WAF,并将后端池设置为使用端口443上的公用IP地址在其他Azure租户中的VM。所有SSL证书均已正确配置。 However, I keep getting following error while browsing the site via WAF.
但是,在通过WAF浏览网站时,我一直遇到以下错误。
502 - Web server received an invalid response while acting as a gateway or proxy server.
I have confirmed that NSG is on the mentioned backend VM is allowing all traffic on port 443. What could be going wrong here? 我已经确认,提到的后端VM上的NSG允许端口443上的所有流量。这可能是什么问题?
Generally, you can check the status of Backend health
in the monitoring of Application Gateway and compare with the DETAILS
referring to these possible reasons on your side. 通常,您可以在监视Application Gateway的过程中检查
Backend health
的状态,并与DETAILS
进行比较,以参考您方面的这些可能原因 。
- NSG, UDR or Custom DNS is blocking access to backend pool members.
NSG,UDR或自定义DNS阻止了对后端池成员的访问。
- Back-end VMs or instances of virtual machine scale set are not responding to the default health probe.
后端虚拟机或虚拟机规模集实例未响应默认的运行状况探测。
- Invalid or improper configuration of custom health probes.
定制运行状况探测器的配置无效或不正确。
- Azure Application Gateway's back-end pool is not configured or empty.
Azure Application Gateway的后端池未配置或为空。
- None of the VMs or instances in virtual machine scale set are healthy.
虚拟机规模集内的所有VM或实例均不正常。
- Request time-out or connectivity issues with user requests.
用户请求请求超时或连接问题。
For each reason, you can get a solution from that link. 出于每种原因,您都可以从该链接获得解决方案。 I think you could make sure you can directly access the backend with public IP from one tenant to another tenant.
我认为您可以确保可以使用公共IP直接从一个租户到另一个租户访问后端。 Then if you have an NSG in the app gateway subnet, you must include exceptions for incoming traffic on ports 65503-65534 for the Application Gateway v1 SKU, and ports 65200-65535 for the v2 SKU.
然后,如果您在应用程序网关子网中有NSG,则必须在Application Gateway v1 SKU的端口65503-65534和v2 SKU的端口65200-65535上包含传入流量的例外。 You could get more details here .
您可以在此处获得更多详细信息。 You could also whitelist the app gateway public IP address in the NSG of backend VM.
您还可以将后端VM的NSG中的应用程序网关公共IP地址列入白名单。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.