question

danielbecroft avatar image
danielbecroft asked ·

IP restrictions and allowing access between two Azure Web Apps

We're deploying multiple Azure Web Apps, and we need to allow access between two of them (auth and api), while still restricting the external access by IP address.

We've defined the allows IPs against each app (auth and api), but how can we identify that any Azure WebApp (or other Azure infrastructure) can access this app?

Our apps are Linux Docker containers, so the vNet Integration option is only in Preview, and not supported for production use.

I can successfully get a VM to securely access a Web App by using the Access Restrictions by Virtual Network.

Is there a way to achieve this? Is there something like 0.0.0.0/32 or similar to act as a shortcut?

azure-webappsazure-webapps-security
1 comment
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Have you tried keeping all your web apps and vms in the same resource group, when you do that all the resources withing that group will fall within the same network, and will be able to see each other like they're on the same network.

0 Votes 0 · ·

1 Answer

JeremyBrooks-4731 avatar image
JeremyBrooks-4731 answered ·

At this time it is not supported for production but as you stated it will be possible when it becomes GA. In the interim you can use something like app gateway in the middle which exists in a VNET to lock down access. See the example below:

https://docs.microsoft.com/en-us/azure/app-service/networking-features#service-endpoints

1 comment Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Okay, thanks @JeremyBrooks-4731. We'll keep an eye on it, but we'll avoid the appgateway for now.

1 Vote 1 · ·