You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/app-service/networking/private-endpoint.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Connect privately to a Web App using Azure Private Endpoint
4
4
author: ericgre
5
5
ms.assetid: 2dceac28-1ba6-4904-a15d-9e91d5ee162c
6
6
ms.topic: article
7
-
ms.date: 02/17/2022
7
+
ms.date: 03/04/2022
8
8
ms.author: ericg
9
9
ms.service: app-service
10
10
ms.workload: web
@@ -46,12 +46,12 @@ You can also deploy the Private Endpoint in a different region than the Web App.
46
46
47
47
From a security perspective:
48
48
49
-
-When you enable Private Endpoints to your Web App, you disable all public access.
49
+
-By default, when you enable Private Endpoints to your Web App, you disable all public access.
50
50
- You can enable multiple Private Endpoints in others VNets and Subnets, including VNets in other regions.
51
51
- The IP address of the Private Endpoint NIC must be dynamic, but will remain the same until you delete the Private Endpoint.
52
52
- The NIC of the Private Endpoint can't have an NSG associated.
53
53
- The Subnet that hosts the Private Endpoint can have an NSG associated, but you must disable the network policies enforcement for the Private Endpoint: see [Disable network policies for private endpoints][disablesecuritype]. As a result, you can't filter by any NSG the access to your Private Endpoint.
54
-
-When you enable Private Endpoint to your Web App, the [access restrictions][accessrestrictions] configuration of the Web App isn't evaluated.
54
+
-By default, when you enable Private Endpoint to your Web App, the [access restrictions][accessrestrictions] configuration of the Web App isn't evaluated.
55
55
- You can eliminate the data exfiltration risk from the VNet by removing all NSG rules where destination is tag Internet or Azure services. When you deploy a Private Endpoint for a Web App, you can only reach this specific Web App through the Private Endpoint. If you have another Web App, you must deploy another dedicated Private Endpoint for this other Web App.
56
56
57
57
In the Web HTTP logs of your Web App, you'll find the client source IP. This feature is implemented using the TCP Proxy protocol, forwarding the client IP property up to the Web App. For more information, see [Getting connection Information using TCP Proxy v2][tcpproxy].
0 commit comments