Restrict App Services to Front Door using Service tag and not IP
I read documention from MS and other blogs-articles and I am still confused on how we can restrict access to AppServices to FrontDoor only.
According documenentation i found we need to apply IPs ACL (I do not talk about the X-FrontDoor-ID). I follow their guidelines and found more than 100 IP to allow.
My question is why can't just use the ServiceTag as below ? Just one rule isn't enough to secure ?
Your thoughts ? Thx
Based on my understanding, a service tag represents a group of IP address prefixes from a given Azure service. Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag frequently. You should use that service tag AzureFrontDoor.Backend in the Azure App Service access restrictions unless the service tag does not match in the Azure IP Ranges and Service Tags. Read this blog for more details. However, it's a rare scenario.
- WebJob is stopping due to website shutting down
- Getting a 404 for GET /robots933456.txt
- Azure Logic App HTTP Request Authentication Scope
- Azure App Service and Application Insights where is performance test?
- Azure App Service Plan CPU Spikes to 100%
- How to login via Service Principal having Federated Credentials rather than Client Secrets
- How to forward access-control-allow-origin header from a Web App to a Front Door?
- Configuring AppSettings with ASP.Net Core on Azure Web App for Containers: Whither Colons?
- What is needed to allow axios http requests from my front-end container to my back-end container on my azure containerized web app?
- Access Azure App Service with Client ID & Secret
- Azure monitor open telemetry python package raising exception when python app deployed on Azure
- SignalR errors in the console even though the requests successfully completed
- Azure Web App Deployment error via msdeploy - ERROR_INSUFFICIENT_A CCESS_TO_SITE_FOLDER
- Deploying a Python App to Azure App Service with Github Actions
- Production slot not using Production as ASPNETCORE_ENVIRONMENT variable
- How allow github actions to access database on vnet
- Azure N-Tier application architecture not working with App Service Container deployment
- My mern project is not running in azure web app
- Predefined type 'System.Void' is not defined or imported during Visual Studio Online build of ASP.NET 5
- Getting an error when I am trying to use pre-built contract model on AI Document Intelligence Studio. Error code in the body
- Managed Identity for Cosmos DB: "Local Authorization is disabled. Use an AAD token to authorize all requests"
- Authenticate to SQL Server with Azure app service managed identity through group
- Deploy python app to existing azure app service with azure cli
- Unable to deploy a python application from az cli
- How can I add tracing / logging messages for a Blazor Server Side App on Azure? (Preferred with App Service Logs)
- AADSTS50012: Invalid client secret is provided when moving from a Test App to Production
- Redirect Microsoft Identity Platform Access Denied in ASP.NET Core
- data base queries in application is running on the local environment, but not on microsoft azure?
- Is there a way to limit access to an Azure App Service?
- How to Log Exceptions to Azure application logs