I have set up Azure APP Service and connect it through Private Link, I have disabled all public connectivity, while making tests using webhook from ACR I'm always getting "Error 403 - Forbidden The web app you have attempted to reach has blocked your access.
"On Access Restriction I have "Allow ALL" on both scm and non scm host ... but still I'm getting the same result - I have not found any blocking rules in Environment or in App Service plan - where should I look ?
Private link is for the hosted application, not the app service resource. This means your hosted app can talk privately to an azure service like APIM or a storage account directly. But when the app service needs to pull an image from the registry privately, you will have to use an ASE or App Service Environment.
Unfortunately, an ASE will cost almost a 1K per month because you are renting out space in their data center to support isolation for your app services.