question

GiancarloBergamin-0686 avatar image
0 Votes"
GiancarloBergamin-0686 asked ajkuma-MSFT commented

Issue with IP access restriction for appservice

Hey!

I currently try to restrict access to one of my appservices over the networking -> access restriction functionality over the portal. However, with the following configuration I am still able to access the webapp although I should not be able to (double checked my IP):

194277-grafik.png



Do you see any issue with my config and if not, how could I debug this?

azure-webapps-ip-addresses
grafik.png (61.6 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@GiancarloBergamin-0686,

Just following-up, to see if you had got a chance to try the suggestions posted by Sam-Cogan and was helpful (resolved or help point you in the right direction). Kindly let us know if you have any further questions on this specific topic, we would be more than happy to assist you.

Additionally,

To fetch more details about the issue, you may try these:

--You may leverage App Service diagnostics from Azure Portal> Navigate to your App Service app in the Azure Portal.
-- In the left navigation, click on Diagnose and solve problems and review "IP Address Configuration" and What client IPs got rejected due to IP restriction?"

Diagnostic Options



To benefit the community find the right answers, please do mark the post which was helpful by clicking on Accept Answer’ & ‘Up-Vote’.



1 Vote 1 ·
image.png (23.6 KiB)
Sam-Cogan avatar image
1 Vote"
Sam-Cogan answered

What you have configured should block access for that specific IP that you have listed, and allow any other IP's. If this is not successfully blocking your request then the only explanation is that your requests are not coming from that IP address.
Do you have any additional connectivity to Azure, such as Express Route or VPN from where you are accessing the site, which may route traffic down a different path? Or is the machine you are using to access actually in Azure? In which case it will not be using the public IP.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ajkuma-MSFT avatar image
0 Votes"
ajkuma-MSFT answered

@GiancarloBergamin-0686,

Just following-up, to see if you had got a chance to try the suggestions posted by Sam-Cogan and was helpful (resolved or help point you in the right direction). Kindly let us know if you have any further questions on this specific topic, we would be more than happy to assist you.

Additionally,

To fetch more details about the issue, you may try these:

--You may leverage App Service diagnostics from Azure Portal> Navigate to your App Service app in the Azure Portal.
-- In the left navigation, click on Diagnose and solve problems and review "IP Address Configuration" and What client IPs got rejected due to IP restriction?"

Diagnostic Options



To benefit the community find the right answers, please do mark the post which was helpful by clicking on Accept Answer’ & ‘Up-Vote’.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GiancarloBergamin-0686 avatar image
0 Votes"
GiancarloBergamin-0686 answered ajkuma-MSFT commented

Thanks for your reply Sam!

We just found the issue: We defined custom domains for our appservices and we did activate a proxy on cloudflare that was between our clients and the appservice. We solved the whole issue by using the WAF on cloudflare instead of the azure appservice access restriction.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GiancarloBergamin-0686, Thanks for the follow-up and sharing the solution that worked for you. It's much appreciated.

0 Votes 0 ·