@Simone Thank you for your patience while I was investigating this issue. I reproduced this setup and was seeing similar behavior i.e., I can still reach the origin website. So in order to fix that, you need to lock down your backend so that only CDN IPs can access it and nothing else. Please follow instructions as given in document to do the same.
Basically, you will be doing the following steps:
- Go to App Service --> Settings (on the left pane)--> Networking--> Access Restrictions - Configure Access Restrictions
- Add a rule to allow traffic from the 126.96.36.199/16 range (Azure CDN from Microsoft's IPv4 backend IP space: 188.8.131.52/16) with a lower priority example 100
- Block all other traffic i.e., traffic from 0.0.0.0/0 with a higher priority i.e., 200
This will block all traffic from accessing the origin directly and only allow CDN to reach it. Hope this fixes your issue. Please let me know if you have any further questions/concerns and we will be glad to assist you further. Thank you!
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
Want a reminder to come back and check responses? Here is how to subscribe to a notification.