- If we have set an IP-based access restriction on our web app, and your IP address is allowed, it should usually allow access. However, if you are using a proxy, VPN, or CDN, your traffic can be rooted through an IP that is not clearly allowed.
- While Azure does not basically block IPS depending on spamhaos or other public blacklist, some components such as Azure Front Door, App with WAF may benefit from the threats like sphemous feeds from the safety solutions of third party, or third party safety solutions. This means that even though IP is allowed in access restrictions, another security layer can reject traffic.
- This can also cause access issues if the request is being blocked or resumed due to network-level restrictions (such as your ISP or enterprise firewall regulations). Spamhaus- Listed IPS can be blocked upwards before reaching Azure.
You can also check:
- Confirm that your IP is still in the permitted list and has not changed. If you are not using a stable IP then sometimes IPS can change due to DHCP.
- If we are using the Azure Front Door, Application Gateway, or a WAF (web application firewall), it can be configured to block the bad IP known based on the intelligence information of danger.
- If the IP is on the blacklist, it is a good idea to request to remove. If the listing is not caused by malicious activity, spamhaus provides a quick removal form.
https://learn.microsoft.com/en-us/azure/app-service/overview-access-restrictions#site-access
https://learn.microsoft.com/en-us/azure/web-application-firewall/
if you have any further concerns or queries, please feel free to reach out to us.