@Szabolcs Dekany Thank you for your interest in securing your Azure Web App so only your front end can access it.
There are a few solutions that are available to achieve this. The two easiest to implement, I will highlight below.
- Azure Web App IP Restrictions: With this feature you would enter 0.0.0.0 as a deny entry. This would in effect block the entire internet from accessing your Web App. Then you would enter the appropriate IP addresses for your Azure Storage Account and any supporting resources as an allow entry on your web app. This would allow your Storage Account to access your Web App.
- Use Service Tags: Service tags require a little more configuration as you have to connect your Web App to a VNet. But once connected, you no longer have to worry about IP addresses changing or management of IP addresses as the tags are by product level. Simply allowing the storage accounts tag to your VNet will ensure you are set for the future.
There are a number of options available to you, but these are my favorite due to their ease of use. To see a full list of available options on Azure Web App networking, please see here.
If you have any further questions or concerns regarding these options, please reply here and we will gladly assist you further.