How to restrict Azure App Service to my organization's VPN only?

Shivam Mungra 0 Reputation points
2023-03-01T04:10:55.9033333+00:00

I have an App Service (Free tier, hosting a Node.js web application). My organization has a VPN service.

I only wanted to access App Service from the devices that are connected to the VPN.

When VPN is enabled, clients can access that web application and when disabled, they cannot.

What I've tried so far:--

Access Restriction feature on App Service:

Allowing only VPN ip range - priority 100

Denying public sources (any public ip address) - priority 2147482647

But its not working.

Thank You.

Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
928 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,859 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Ash G 340 Reputation points
    2023-03-01T06:22:16.2133333+00:00

    Hi,

    I don't think you can achieve your goal on the free plan. I think you require Basic at least. see this link.

    https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint

    good luck, Ash

    0 comments No comments

  2. Ryan Hill 25,486 Reputation points Microsoft Employee
    2023-03-03T03:14:06.8166667+00:00

    Hi @Shivam Mungra

    In order to have your app service accessible by only your corporate network, you need to configure virtual network with a S2S VPN. Please have a look at Tutorial: Create a site-to-site VPN connection in the Azure portal as it provides a walk through on how to create the VNet, add a gateway, and configure the gateway with a VPN connection. Once you've configured your site-to-site VPN, you can then integrate your app service with that VNet and restrict traffic to only within that VNet.