'AKS service exposed using ingress through application gateway returns 403, but not always

I have an AKS cluster running a python dash application. This application works fine, I can access it by forwarding the port (kubectl port-forward etc... I want to expose it on a public IP. I tried to do this by deploying the following ingress service.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: [ingress-name]
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
spec:
  rules:
  - http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service: 
            name: [pod name]
            port:
              number: 8000

This also works, at least partially, because I can run kubectl get ing, which shows the ingress controller and its external IP, and when I browse there I can access the app just fine. However, the problem: I've shared this with several people, some of whom cannot access it, they get a 403 error ("Access was denied. You don't have authorization to view this page"). Interestingly, I was able to reproduce this once in Opera, but not in Chrome, Firefox, or Safari. And after a few tries, it also works fine in Opera.

I have found several reports of people claiming that this has to do with extensions, browser cache, cookies, etc, from different domains that may trigger the WAF (web application firewall) (for example: Why does Chrome return 403 error from Azure App Gateway). I think this issue is different because 1) using incognito browser doesn't fix the issue, 2) my WAF is set to "Standard V2" as opposed to "WAF V2", which I've seen issues being reported on.

Also, the people who have been able to access this app tend to access the azure portal very frequently, and the people that get the 403 error don't. Not sure if that is related.

I set up logging for this application gateway, and I can find the 403 errors there, but it doesn't give me any details on what may be the reason for the 403 status.

azurekubernetes-ingressazure-aksazure-application-gateway


Solution 1:[1]

As others able to access the web application without any issue and few are getting this 403 error from different browser few time only. This is not then related issue with AKS and application gateway. Something went wrong with your browser setting or A common cause of these errors is the file or folder permission settings, which control who can read, write, and execute the file or folder.

  • There are two possibilities in this case: either the website owner edited the settings so that you couldn’t access the resources, or they didn’t set the correct permissions.

  • The second common cause is corrupt or incorrect settings in the .htaccess file. This might happen after you’ve made changes to the file.

You can refer this document to change in .htaccess file and you can also try with different method mentioned in the same docoument to fix the issue.

Also you can directly reach out to Azure support team for troubleshooting from backend

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 RahulKumarShaw-MT

Related Questions