Getting 403 Origin Not Allowed when logging in behind Azure Application Gateway

  • What Grafana version and what operating system are you using?

I was using Grafana 8.0.6 and it was running fine but with 9.4.17 or latest I am getting 403 errors

  • What are you trying to achieve?

I want to have Grafana running behind an application gateway on a path of an existing domain.

  • How are you trying to achieve it?

I am using Terraform to provision a Linux Web App (Grafana) and an Application Gateway to terminate SSL, though for testing purposes I am only using HTTP at the moment.

  • What happened?

When I run an older version of Grafana everything works as expected with this configuration:

  app_settings = {
    DOCKER_ENABLE_CI              = "true"
    GF_SECURITY_X_XSS_PROTECTION  = "false"
    GF_SERVER_DOMAIN              = "domain.net"
    GF_LIVE_ALLOWED_ORIGINS       = "*"
    GF_SERVER_ROOT_URL            = "%(protocol)s://%(domain)s:%(http_port)s/grafana/"
    GF_SERVER_SERVE_FROM_SUB_PATH = "true"
    GF_SECURITY_ADMIN_USER        = "admin"
    GF_SECURITY_ADMIN_PASSWORD    = var.gf_password
  }

I have set the container hostname as the backend setting in the Azure Gateway.

      name                                = "prod-grafana-backend-http-settings"
      pick_host_name_from_backend_address = false
      host_name                           = azurerm_linux_web_app.grafana-web-app.default_hostname
      cookie_based_affinity               = "Enabled"
      path                                = "/grafana/"
      port                                = 80
      protocol                            = "Http"
      request_timeout                     = 30
      probe_name                          = "${var.appgw_probe[terraform.workspace]}-gf"
  • What did you expect to happen?

I would expect Grafana to work without 403 errors.

  • Can you copy/paste the configuration(s) that you are having problems with?

Pasted above

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

  • Did you follow any online instructions? If so, what is the URL?

I’ve looked around on the forum but everything seems to discuss nginx or Apache configuration.