This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 21%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVY%3C/text%3E%3C/svg%3E)
I have an Azure App Service which I limit access by IP using the Networking Access restrictions. The Access restrictions were working without an issue until March 25th 2021. Since then I am no longer able to access the App Service from an Azure Virtual Machine with a static IP Address. The rejected IP Addresses found under Configuration and Management shows a new IPv6 Address that I believe is the Virtual Machine. Adding the IPv6 address does not resolve my 403 error and the virtual machine is still unable to access the Web API.
I've tried adding the AzureCloud Service Tag as well hoping the VM would be include under that umbrella but had no luck.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 80%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKN%3C/text%3E%3C/svg%3E)
Hi @Vinson Yuen ,
How many rules are there in the App Service's Access Restrictions?
Have you checked which Azure Virtual Machine's IP is in priority over the general blocking rule?
Have you tried using the Private Endpoins for Azure Web App?
Regards,
Kllin Nunes
There is only one rule in the Access Restrictions allowing the IP address of the Azure Virtual Machine. All other traffic is blocked.
I have not tried using the Private Endpoints of Azure Web App. I would prefer to get this working under the current setup rather than testing and building a new method that may not work. Azure support was kind enough to give me a support ticket to look into the matter. I'm waiting to hear back from the shortly.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 13%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
To anyone seeking an answer for this, a possible solution:
Add an access rule to the App Service that allows access to the subnet that the VM sits on.
An example access rule:
Name: VM Subnet
Action: Allow
Priority: 300
Description: VM Subnet
Type: Virtual Network
Subscription: [ YOUR SUBSCRIPTION ]
Virtual Network: [VM VIRTUAL NETOWORK]
Subnet: [VM SUBNET]