question

kdeman-8994 avatar image
1 Vote"
kdeman-8994 asked GitaraniSharmaMSFT-4262 commented

Restrict IPs from accessing azure static web app using FrontDoor

Is it possible to restrict access to a azure static web app leveraging FrontDoor + WAF? We are developing our static web app at the moment and don't want just anyone to access our static web app just yet. So was thinking if FrontDoor + WAF could help to restrict access via IP selection...is this possible?

azure-front-doorazure-static-web-apps
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered GitaraniSharmaMSFT-4262 commented

Hello @kdeman-8994 ,

It is possible to restrict IPs from accessing your Azure static web app using Web Application Firewall for Azure Front Door. An IP address–based access control rule is a custom WAF rule that lets you control access to your web applications. It does this by specifying a list of IP addresses or IP address ranges in Classless Inter-Domain Routing (CIDR) format.

By default, your web application is accessible from the Internet. If you want to limit access to clients from a list of known IP addresses or IP address ranges, you may create an IP matching rule that contains the list of IP addresses as matching values and sets operator to "Not" (negate is true) and the action to Block. After an IP restriction rule is applied, requests that originate from addresses outside this allowed list receive a 403 Forbidden response.

Please refer : https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you - I was aware of this article and tried to implement it. However, I get "stuck" in the pre-requisite step outlined here - for static web app, do I choose "custom" backend host? If so, with a typical static web app, what are the host name and header? I've tried several times without success...


0 Votes 0 ·

Hello @kdeman-8994 ,

Are you referring to Azure Storage static website or Azure static web app service?

Thanks,
Gita


0 Votes 0 ·

I am referring to Azure Static Web App, not Storage. Storage I would be able to do as there is plenty documentation about that. Azure Static Web App not so!

Any help would be greatly appreciated - i.e. especially the Front Door configuration is something I am after.

Scrum On!

Karel

0 Votes 0 ·

Hello @kdeman-8994 ,

I believe the backend will be custom but let me check with the PG team and get back to you with a concrete update as I found the below feedback:

https://feedback.azure.com/forums/217313-networking/suggestions/40956019-add-support-for-azure-static-web-apps-in-azure-fro

Regards,
Gita

0 Votes 0 ·

Hello @kdeman-8994 ,

Apologies for the delay in response.

I finally received a confirmation from the PG team that you can set the backend host type to custom. And the host header should be the same as host name.

Regards,
Gita

0 Votes 0 ·