This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 65%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
I have an App Service (Free tier, hosting a Node.js web application). My organization has a VPN service.
I only wanted to access App Service from the devices that are connected to the VPN.
When VPN is enabled, clients can access that web application and when disabled, they cannot.
What I've tried so far:--
Access Restriction feature on App Service:
Allowing only VPN ip range - priority 100
Denying public sources (any public ip address) - priority 2147482647
But its not working.
Thank You.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Hi,
I don't think you can achieve your goal on the free plan. I think you require Basic at least. see this link.
https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint
good luck, Ash
In order to have your app service accessible by only your corporate network, you need to configure virtual network with a S2S VPN. Please have a look at Tutorial: Create a site-to-site VPN connection in the Azure portal as it provides a walk through on how to create the VNet, add a gateway, and configure the gateway with a VPN connection. Once you've configured your site-to-site VPN, you can then integrate your app service with that VNet and restrict traffic to only within that VNet.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 54%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGL%3C/text%3E%3C/svg%3E)
Hello Ryan!
I'm facing a similar situation where my app service is restricted and allowed only for some IP's and now I want to associate this restriction to my VPN. In summary, my question is: is it possible to have a "hybrid" restriction where I can allow/block connections by IP's out of the VPN and allow users connected to the VPN to access my web app?
Thanks!
@Gustavo Lorenzatto Cauduro you can configure a Network Security Group (NSG) to allow traffic from specific IP ranges. You would apply the allowed CIDR IP range to inbound security rule and deny all other traffic.