Azure CDN with Function App Access Restrictions Give 403 Forbidden
I have an Azure Function App setup and there is a CDN (Standard Microsoft) endpoint associated with the Function App. In the Function App --> Networking --> Access Restrictions settings, I have some rules to 'Allow' certain sources access and at the bottom is the 'Deny all' rule.
With the rules in place, the CDN returns a 403 Forbidden message. I can access the page directly from the Function App from one of the allowed source IPs. The only way I have been able to get the CDN to work has been to remove ALL the access restriction rules.
How can I get the CDN to work with the rules in place? Do I need to find the CDN IP to add an 'Allow' rule and where would I even find the CDN source IP?
Not an expert on CDN, but if function app is getting any incoming connection, the IP address needs to be whitelisted. Can you have a look at this - https://learn.microsoft.com/en-us/azure/cdn/cdn-pop-list-api#retrieve-the-current-microsoft-pop-ip-list-for-azure-cdn
This has the POP IP list for Microsoft. If CDN is trying to connect to function app, you can try to whitelist these IPs.
In case the link above every gets moved or broken, here is the critical information.
Configure IP ACLing for your backends to accept traffic from Azure CDN from Microsoft's backend IP address space and Azure's infrastructure services only.
- Azure CDN from Microsoft's IPv4 backend IP space: 147.243.0.0/16
- Azure CDN from Microsoft's IPv6 backend IP space: 2a01:111:2050::/44"
- How to Edit Function-app Code in Azure portal
- "ModuleNotFoundError" with Azure function Apps using Python
- Azure Function v3 unable to bind blob to CloudBlockBlob
- Azure Function ModuleNotFoundError in Python script
- Where to find the App Service Logs for a Http Trigger Function written in Powershell?
- How do I upload file to Azure function while publishing the code from Visual Studio?
- Azure CLI commands not working inside azure function apps (portal)
- Azure SignalR Connection String for Azure Function App ARM template
- Retrieve Source Code Files from Azure Function in Azure Portal
- Is it possible to Pass Azure Function ServiceBusTrigger connection at runtime
- How to hide Azure Function URL?
- What is different azure function app and app service plan?
- Azure function activity in ADF V2 timeouts after 4min 7sec, even though in code i have mentioned "functionTimeout": "00:10:00" which is 10mins?
- Azure API management and App Function backend: Backend with id 'foo' could not be found
- Function App custom dependencies, how to install and reference python packages locally?
- Install Python modules in Azure Functions
- Body not sending through Azure API Management
- Azure function deploy error : 503 Temporarily Unavailable
- Azure Function IBM MQ Setup with pfx Certificate
- Deploying Azure Function (isolated process) to Azure using Azure DevOps is not working
- azure app service authentication/authorization not available
- C# to pause, turn on ssas server, backup cube.... how to?
- Azure Function using Python - Blob trigger not firing
- Can I create non static Azure function class in C#, what are the consequences?
- Get a list of possible outbound ip addresses in terraform
- SQL Azure connection error with User Assigned Managed Identity 'Login failed for user'
- how to read the data from blob storage and access it by using azure function app
- How to extract Secret key from Azure key vault in Azure Function App on Nodejs stack
- How to add a default function key with ARM template for a deployment slot in Azure Functions
- How do you set the java version while creating Azure Function App using Terraform?