Connection privately hosted containerized Java Web Application with frontend deployed in CDN

Szabolcs Dekany 1 Reputation point
2022-09-01T11:23:03.557+00:00

I have simple static web application in my storage account, made available with a front door CDN profile and endpoint.

I also have a dockerized Java web application deployed with App Service that I would like to restrict public access to.

However the frontend static web application that is deployed on the CDN needs access to this App Service backend.

Is it possbile to somehow give access to the frontend to this privately deploy App Service Java app letting the traffic pass through the azure backbone instead of the public internet?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,684 questions
Azure Content Delivery Network
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,865 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. brtrach-MSFT 15,176 Reputation points Microsoft Employee
    2022-09-01T17:12:44.677+00:00

    @Szabolcs Dekany Thank you for your interest in securing your Azure Web App so only your front end can access it.

    There are a few solutions that are available to achieve this. The two easiest to implement, I will highlight below.

    1. Azure Web App IP Restrictions: With this feature you would enter 0.0.0.0 as a deny entry. This would in effect block the entire internet from accessing your Web App. Then you would enter the appropriate IP addresses for your Azure Storage Account and any supporting resources as an allow entry on your web app. This would allow your Storage Account to access your Web App.
    2. Use Service Tags: Service tags require a little more configuration as you have to connect your Web App to a VNet. But once connected, you no longer have to worry about IP addresses changing or management of IP addresses as the tags are by product level. Simply allowing the storage accounts tag to your VNet will ensure you are set for the future.

    There are a number of options available to you, but these are my favorite due to their ease of use. To see a full list of available options on Azure Web App networking, please see here.

    If you have any further questions or concerns regarding these options, please reply here and we will gladly assist you further.

    0 comments No comments