When developing a function, it is imperative to thoroughly test the code on multiple occasions. Utilizing the Code+Test feature in the portal provides a straightforward method for testing, where you can simply click the "Run" button.
If your function is configured to be accessible from the public network, testing on your local PC is a viable option. However, in the scenario where the private endpoint is enabled within your function app, attempting to test may result in a 403 error accompanied by an error message.
Error message: You must have direct network access in order to run your function. Your app may be restricted with Private Endpoints, Access Restrictions or Service Endpoints.
As you are aware, a private endpoint imposes restrictions on public access. When executing Code+Test on your local PC, the inbound IP is associated with your local PC. Therefore, requests access from a public network.
While running an HttpTrigger on my local with a private endpoint, I encountered a 403 IpForbidden status code.
Here is the private endpoint document. You can see the details for the private endpoint setting.
To use the Code + Test option in the portal from that VM, you need to add following CORS origins to your function app:
https://functions-next.azure.com
https://functions-staging.azure.com
https://functions.azure.com
https://portal.azure.com
Please refer this documents for more detail.
You can check the Private endpoint and VNet information in the Networking blade.
You can verify the private IP on the VM overview page. This information will be utilized to compare with the function app access log IP.
Access the Azure portal from the VM.
You can check the test result is 200 OK.
When reviewing the function app access log, observed that the client IP corresponds to the private IP of the VM.
When setting up configurations for a private endpoint or implementing access restrictions, it is crucial to conduct the Test+Code process from an explicitly allowed IP address. Therefore, it is necessary to examine various elements such as Virtual Network (VNet) configurations, peering configurations, Virtual Private Network (VPN) settings, and other relevant factors in order to comprehensively assess and address the situation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.