Hello,
I have an application gateway with WAFV2 enabled.
I have an azure app service set as a backend pool.
I want to allow access to that app service only from the application gateway, so I can enforce WAF policies.
I wonder if there is any differences between :
- Setting only the static VIP of the application gateway to the IP restriction settings in my app service : https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#set-an-ip-address-based-rule
- Setting the application gateway subnet to the IP restriction settings so I can grant access to my app service through service endpoints : https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#set-a-service-endpoint-based-rule
In terms of :
- Security ?
- Networking ? (path used by requests sent to application gateway)
- Pricing ?
Thanks a lot for your answers.
Alexandre