Share via

Web App Limit Access

Handian Sudianto 6,096 Reputation points
2025-05-08T05:39:09.1566667+00:00

Can we use azure firewall to limit access to my web app?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,937 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bhargavi Naragani 5,270 Reputation points Microsoft External Staff Moderator
    2025-05-08T06:12:51.5+00:00

    Hi @Handian Sudianto,

    To limit access to your Azure web app using Azure Firewall. Absolutely, you can achieve that, but it's important to use Azure's access restrictions and related features to fine-tune your app's security.

    1. Azure App Service Access Restrictions You can set up rules to filter incoming requests to your web app. This works a bit like a firewall, where you can create allow and deny lists based on IP addresses or service endpoints.
    2. You can restrict access by adding specific IP addresses that are allowed to reach your app. This helps in scenarios where you only want traffic from certain known IPs. For detailed steps, you can refer to the documentation here.
    3. Service Endpoint Restrictions: If your app needs to be accessed only from certain subnets within a Virtual Network, you can create service endpoint rules that restrict access to those subnets. This is particularly useful for securing internal applications. More details can be found here.
    4. If you're also using Azure Application Gateway, you can configure it to provide an additional layer of security, ensuring that only traffic from the gateway reaches your app.
    5. For an extra layer of security, consider implementing authentication schemes through the App Service authentication settings. This will help restrict access based on user identity.

    If the answer is helpful, please click Accept Answer and kindly upvote it so that other people who faces similar issue may get benefitted from it.

    Let me know if you have any further Queries.

  2. Vinodh247 34,661 Reputation points MVP Volunteer Moderator
    2025-05-08T06:26:48.0266667+00:00

    Hi ,

    Thanks for reaching out to Microsoft Q&A.

    Yes, you can use Azure Firewall to limit access to your Azure Web App, but not directly. Azure Web Apps (part of App Service) are multi-tenant PaaS services and do not reside within your VNet by default. This means Azure Firewall, which protects traffic within or through a VNet, cannot filter access to your Web App out-of-the-box.

    To limit access using Azure Firewall, you need to:

    Integrate your Web App with a VNet using VNet Integration (for outbound traffic) and Private Endpoint (for inbound private access).

    Place your Azure Firewall in the same VNet or a peered VNet.

    Create Firewall rules to allow or deny access to the Web App using private IPs or specific FQDNs.

    Recommended Approach (Secure Inbound Access via Azure Firewall):

    Enable Private Endpoint for your App Service.

    This gives the Web App a private IP within your VNet.

    1. Route all traffic to the Web App through Azure Firewall:

    Use Azure Application Gateway + Firewall, or

    • Use Azure Front Door with WAF.

    Use NSGs and Azure Firewall to restrict access only from approved sources.

    Alternative & Simpler Options:

    Use Access Restrictions in App Service to limit access by IP address ranges, Service Endpoints, or Private Endpoints.

    • Use Azure Front Door with WAF for global protection with geofiltering, bot protection, etc.

    Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.