Share via

Web Application hosted under AKS when accessed in VAPT Tool is not getting loaded.

Mohan Babu S 5 Reputation points
2025-01-24T09:50:41.1566667+00:00

We are currently in the process of conducting a Vulnerability Assessment and Penetration Testing (VAPT) on our web application which is hosted in Azure . 

However, we have encountered an issue where our vendor's VAPT scanning tool is unable to access our application and perform the necessary tests.

Our network security team has already confirmed that inbound and outbound traffic has been allowed for the IP addresses of the testing tool. Despite this, the scanning tool continues to face access issues.

We would like to ask if there are any inbuilt features or security measures within Azure that could potentially block or restrict the usage of VAPT tools on our web application. Specifically, we are concerned about any network-level protections, firewall rules, or other security mechanisms that may be preventing the tool from completing the scan.

Any insights or recommendations you could provide would be greatly appreciated to help us proceed with the VAPT testing

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,257 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bhargavi Naragani 420 Reputation points Microsoft Vendor
    2025-01-30T06:21:02.79+00:00

    Hi @Mohan Babu S,
    Thanks for the question and using MS Q&A platform.
    It seems like you're facing an issue where the VAPT (Vulnerability Assessment and Penetration Testing) tool is unable to access your web application hosted on Azure Kubernetes Service (AKS), despite allowing the necessary inbound and outbound traffic.
    Azure does have several built-in security features that could be impacting the scanning tool's ability to access the application.

    1. Temporarily disable WAF rules or create an exception for the VAPT tool’s IP range.
    2. Check NSG configurations and ensure that the VAPT tool's IPs are explicitly allowed.
    3. If DDoS Protection is enabled, consider whitelisting the VAPT tool’s traffic.
    4. Configure Front Door to allow traffic from the VAPT tool’s IP range.
    5. Check the Ingress rules and logs to see if the tool's traffic is getting blocked and adjust accordingly. 6. Ensure the tool is configured with the correct authentication details or temporarily disable authentication for testing purposes.
    6. Verify that the right IP addresses are added to allow access.

    Reference:
    https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/connectivity/connection-issues-application-hosted-aks-cluster

    If the answer is helpful, please click Accept Answer and kindly upvote it so that other people who faces similar issue may get benefitted from it.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.