![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 46%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,447 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 59%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Hi @Dave Schofield Thanks for reaching out.
Could you please let me know if the backend Function App is in the same VNET as APIM? if that is a case the outbound requests from APIM are not being "NATTed" as they never leave the network. If the backend Function App was in a different region (or VNET), an IP restriction rule to allow Public VIP of APIM service would have been enough to avoid the 403. else you must allow the entire subnet range of IPs where APIM is deployed, as the request can originate from any of the IPs in the subnet. Use Access Restrictions feature and allow access to the entire subnet, which is used by APIM.
From the description I see that you are observing 403 errors and cannot see the source IP all you see as 0.0.0.0.
APP insights does not show the actual client IP by default as to not store personal info at APP insights collection. In that case you can disable the IP Masking by enabling the DisableIpMasking property set to true.
The concept of disabling the Masking is described in below documentation :
Link : https://learn.microsoft.com/en-us/azure/azure-monitor/app/ip-collection?tabs=net
Do let me know incase of further queries, I would be happy to assist you.