Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes network access related errors that can occur when making requests to the Azure App Configuration data plane.
IP address rejected
Error response
HTTP/1.1 403 Forbidden
Content-Type: application/problem+json; charset=utf-8
{
"type": "https://azconfig.io/errors/ip-address-rejected",
"title": "Access to this resource is governed by a network access policy. The client IP address fails to meet the criteria for access. See https://aka.ms/appconfig/network-access-errors for more information.",
"status": 403
}
Reason: The configuration store has public network access disabled and the IP address that the request originates from doesn't meet the criteria for inbound access.
Solution: When a configuration store has public network access disabled, requests must originate from within a virtual network via a private endpoint.
- Verify that the client making the request is within a virtual network and the relevant DNS changes are in place to ensure the endpoint of the configuration store resolves to the IP address of the private endpoint connected to the configuration store.
- Verify that the private endpoint connection associated with the private endpoint has been approved.
Rejected by network security perimeter
Error response
HTTP/1.1 403 Forbidden
Content-Type: application/problem+json; charset=utf-8
{
"type": "https://azconfig.io/errors/nsp-rejected",
"title": "Access to this resource is governed by a Network Security Perimeter. The request fails to meet the criteria for inbound access. See https://aka.ms/appconfig/network-access-errors for more information.",
"status": 403
}
Reason: The App Configuration store's public network access is governed by a network security perimeter and the request doesn't meet the criteria for inbound access.
Solution: When a store's public network access is governed by a network security perimeter, requests must originate from within the network security perimeter or the request must match an inbound access rule defined on the network security perimeter profile associated with the store.
- Verify that the client making the request is within the network security perimeter or that the request matches an inbound access rule defined on the network security perimeter profile associated with the store.