Restrict App Services to Front Door using Service tag and not IP
I read documention from MS and other blogs-articles and I am still confused on how we can restrict access to AppServices to FrontDoor only.
According documenentation i found we need to apply IPs ACL (I do not talk about the X-FrontDoor-ID). I follow their guidelines and found more than 100 IP to allow.
My question is why can't just use the ServiceTag as below ? Just one rule isn't enough to secure ?
Your thoughts ? Thx
Based on my understanding, a service tag represents a group of IP address prefixes from a given Azure service. Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag frequently. You should use that service tag AzureFrontDoor.Backend in the Azure App Service access restrictions unless the service tag does not match in the Azure IP Ranges and Service Tags. Read this blog for more details. However, it's a rare scenario.
- Override redirect URL in AddMicrosoftAccount() identity OAuth for ASP.NET Core web app
- Azure Web App Cannot Access Azure Container Registry Using Managed Identity
- How to get Node.js app running on Azure App Service?
- Azure App Service on Linux: "Container didn't respond to HTTP pings on port: 8080, failing site start" but my container isn't a web server
- How to deploy .NET Core 3.1 project to webjob?
- Run from external URL with WEBSITE_RUN_FROM_PACKAGE config in appservice is not working
- Azure Web App on Linux: "Error: Container didn't respond to HTTP pings on port: 8080" - when using: "start": "pm2 start server.js"
- How to Resolve Errors When Running Python Jobs in Azure App Service WebJobs
- Deploy to Azure web app from github failing with - Application with identifier '***' was not found in the directory
- How to make CosmosDB work with an Azure Web App
- Why I got an error request every 5 minutes in an Azure App Service
- After Upgrade Azure Function .Net 8 - How to handle Dependecy Injection from Startup.cs?
- How does using a proxy between frontend and backend improve security?
- Redirect service (302) in Azure, best possible approach?
- Running incorrect file on Azure through Github Actions Workflow ASP.NET multifile project
- FastAPI deployed to an azure web app - getting environments variables
- Is it possible to convert the publish method of an App Service from Code to Docker?
- Is automating App Registration on Azure possible through ARM Template on the User's tenant?
- How to properly restrict access to an azur eweb application?
- How to add Identity Providers programmatically?
- Deploying and starting a FastAPI app in Azure Web App
- How do you deploy VNET to an App Service with BICEP?
- deploying nextjs to azure, but container keeps failing
- Deploying files from GitHub to Azure
- Deploying FastAPI in Azure
- Adding / setting Virtual Applications (Path mappings) to a Web App (App Service Azure) - via Powershell Script
- Adding a connection from Azure Web App to GitHub using Deployment center
- azure error 502 - Web server received an invalid response while acting as a gateway or proxy server
- Azure Container Apps Service to use Managed built-in policy definition
- How to build and deploy to Azure App Service an app with Flask as backend and Node.js as front end