Azure Function Test/Run returns 'You must have direct network access in order to run your function'

Michal 16 Reputation points
2020-10-08T11:53:34.89+00:00

When I try to run my Azure Function through Code + Test -> Test/Run functionality in the Azure Portal, I'm getting the following error message:

"You must have direct network access in order to run your function. Your app may be restricted with Private Endpoints, Access Restrictions or Service Endpoints."

The function app has got a Vnet Integration enabled with 'Microsoft.Storage' service endpoint enabled on the subnet so it deploys ok from the storage account.

It also has a few rules on the Access Restrictions list. Within these rules, I've got my external IP whitelisted. As far as I remember, I needed this rule to be able to test the function through the Azure Portal (Test/Run). Now, I'm getting this error.

I had a look into the "Diagnose and solve problems" section and can see the requests for Test/Run are coming not from my public IP but 52.143.137.144 . As soon as I whitelist this IP address I'm able to run the test. This IP address falls into a range 52.143.128.0/18 published here (francec).

Has anything changed recently that could be causing the above issue?

How can I run a test from the Azure Portal with Access Restriction enabled?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,002 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,029 questions
{count} votes

1 answer

Sort by: Most helpful
  1. sadomovalex 3,621 Reputation points
    2020-10-15T15:00:06.643+00:00

    it means that Test/Run button sends test request from server side (Azure) - at least it would explain why request comes not from your IP address but from Azure (if it would send request from client side - request would come from your IP address). So your workaround with adding Azure IP to white list looks correct

    0 comments No comments