Issue with IP access restriction for appservice

Giancarlo Bergamin 21 Reputation points
2022-04-19T12:54:06.41+00:00

Hey!

I currently try to restrict access to one of my appservices over the networking -> access restriction functionality over the portal. However, with the following configuration I am still able to access the webapp although I should not be able to (double checked my IP):

194277-grafik.png

Do you see any issue with my config and if not, how could I debug this?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,209 questions
{count} votes

Accepted answer
  1. Sam Cogan 10,332 Reputation points MVP
    2022-04-19T17:33:39.767+00:00

    What you have configured should block access for that specific IP that you have listed, and allow any other IP's. If this is not successfully blocking your request then the only explanation is that your requests are not coming from that IP address.
    Do you have any additional connectivity to Azure, such as Express Route or VPN from where you are accessing the site, which may route traffic down a different path? Or is the machine you are using to access actually in Azure? In which case it will not be using the public IP.

    1 person found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. ajkuma 23,826 Reputation points Microsoft Employee
    2022-04-22T08:27:50.48+00:00

    @Giancarlo Bergamin ,

    Just following-up, to see if you had got a chance to try the suggestions posted by Sam-Cogan and was helpful (resolved or help point you in the right direction). Kindly let us know if you have any further questions on this specific topic, we would be more than happy to assist you.

    Additionally,

    To fetch more details about the issue, you may try these:

    --You may leverage App Service diagnostics from Azure Portal> Navigate to your App Service app in the Azure Portal.
    -- In the left navigation, click on Diagnose and solve problems and review "IP Address Configuration" and What client IPs got rejected due to IP restriction?"

    Diagnostic Options

    ---
    To benefit the community find the right answers, please do mark the post which was helpful by clicking on Accept Answer’ & ‘Up-Vote’.

    0 comments No comments

  2. Giancarlo Bergamin 21 Reputation points
    2022-04-22T10:53:26.57+00:00

    Thanks for your reply Sam!

    We just found the issue: We defined custom domains for our appservices and we did activate a proxy on cloudflare that was between our clients and the appservice. We solved the whole issue by using the WAF on cloudflare instead of the azure appservice access restriction.