I have integrated Azure WebApp to SQL Server VM so that these can communicate via Vnet instead of public internet.
I have denied all TCP port 80 for incomings for security reason. I see that http posts reach successfully from WebApp to VM.
However when I deny all TCP port 1433 for comings, SQL queries stop reaching from Web App to SQL Server VM. I was expecting that integrated VNet would handle this. SQL Server VM have SQL connectivity settings as private(within virtual network) If I keep 1433 open I can access from my desktop Excel to SQL Server DB, which is security risk in this case.
How to solve?
Just close 1433 on the network security group to the traffic originating from the internet. That will block external traffic to 1433, but will leave internal intact.
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg