Forum Discussion
Deny public access for PostgreSQL.
Hello All,
I have a postgreSQL single server on Azure, and as part of security best practice, I want to deny public access over that server. But the problem is that when I deny public access, I cannot access it the database through "pgadmin" nor can the APIs of the applications so, the applications also do not work. Fortunately, I'm able to solve the problem of me not able to access the server by the configuration of P2S-VPN and private endpoint and I was successful. However, the APIs still cannot access the database. After escalating this matter to technical support I learned that APIs access the server through the Internet NOT through MS Private network, and therefore, when public access is denied, they won't work since all access from the Internet is denied. Currently, I'm waiting for technical support for more than 45 days now for a meeting with MS devops technical support engineer, but they seem to be very busy and we cannot schedule. Finally, I have been spending some time over this matter. and this is significant for me to be done.
I'm wondering, is there a way that I can deny public access yet still enable the applications to access the database??? And if yes, how so???
I really appreciate your help.
Regards,
Hazem
1 Reply
You can restrict public access to your Azure Database for PostgreSQL while still enabling application connectivity, provided those applications are integrated with your Azure Virtual Network (VNet) and configured to use Private Endpoints. Applications or APIs that are hosted outside of Azure, or that lack VNet integration, will lose connectivity once public access is disabled. To address this, you should either migrate the APIs into Azure services such as App Service, Azure Kubernetes Service (AKS), or Virtual Machines with VNet integration, or establish secure connectivity from external environments through VPN or ExpressRoute so they can access the database via the private endpoint.
