Configure Azure App Service without public URL

Question

I am trying to deploy an Azure App Service from Visual Studio 15.2. Specifically I am trying to deploy this following service: https://github.com/Microsoft/Azure-SQL-DB-auditing-OMS-integration to ingest audit logs from SQL Data Warehouse to OMS. However, due to security concerns, we would like to do so without creating a public endpoint, a url. We have tried configuring it in a VNet but it does not allow you to do so unless the VNet has a public gateway.

Answer 1

Configure Azure App Service without public URL

As far as I know, we couldn't configure Azure App Service without public URL. If you created a web app, it will auto provide public endpoint for user to access.

Here are two work around.

I found the github application just use the web app's webjobs.

One way:

If you don't need any web site, just use the backgourd process to run the webjobs, you could choose azure function which uses WebJobs SDK itself but doesn't require an App Service to be configured for it.

Second way:

Normally we run WebJobs in a Azure App Service web app, and that Azure App Service web app can be accessed/browsed via URL. If you want to prevent users from browsing to that Azure App Service web app, you can add a rewrite rule to site’s web.config to block web access.

The web.config is like this:

<?xml version="1.0" encoding="utf-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  https://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Block unauthorized traffic to staging sites" stopProcessing="true">
          <match url=".*" />
          <conditions>
            <!-- Enter your staging site host name here as the pattern-->
            <add input="{HTTP_HOST}" pattern=".*" />
            <!-- Enter your white listed IP addresses -->
            <add input="{REMOTE_ADDR}" pattern="123\.123\.123\.1" negate="true"/>
            <!-- Add the white listed IP addresses with a new condition as seen below -->
            <!-- <add input="{REMOTE_ADDR}" pattern="123\.123\.123\.2" negate="true"/> -->

          </conditions>
          <action type="CustomResponse" statusCode="403" statusReason="Forbidden"
        statusDescription="Site is not accessible" />

        </rule>

      </rules>
    </rewrite>
  </system.webServer>

</configuration>

More details about how to add the web.config to your web app, you could follow this steps:

1.Open kudu tool in web portal.

2.Open cmd console and locate the \site\wwwroot folder.

3.Create web.config and copy the settings in it.

4.When we accessed the web site, you could find this: