Lock down the access of AppServices to only Azure Front Door
I would like to restrict access to my AppServices and only traffic from Azure Front Door should be accepted.
The MS documentation here explains that we should update IP restrictions and also manage 'X-Azure-FDID'. I want to focus only on IP restrictions on this question. Then i found some useful articles like wintellect and henrihietala which propose incredible powershell command to do that. It seems to work but I just noticed that IP list contains more than 100 records ! It's huge don't you think ? See my screenshot 
Is it really needed to have so much IP to allow ? The code to retrieve a filtered list of the IPv4 and IPv6 IP addresses used by Front Door is
$addresses = ((Get-AzNetworkServiceTag -Location $location).Values | Where-Object ( { $_.Name -eq 'AzureFrontDoor.Backend' })).properties.AddressPrefixes
Because I know my Front door resource, is there any chance to reduce all these IP ??
Regards, Terry
In the Web App's Restriction, just add only one rule allowing the IPv4 CIDR "147.243.0.0/16" as shown in the image.
Then, only the traffic coming from the Azure Front Door will be allowed on your Web App. Access Azure FD
- WebJob is stopping due to website shutting down
- Getting a 404 for GET /robots933456.txt
- Azure Logic App HTTP Request Authentication Scope
- Azure App Service and Application Insights where is performance test?
- Azure App Service Plan CPU Spikes to 100%
- How to login via Service Principal having Federated Credentials rather than Client Secrets
- How to forward access-control-allow-origin header from a Web App to a Front Door?
- Configuring AppSettings with ASP.Net Core on Azure Web App for Containers: Whither Colons?
- What is needed to allow axios http requests from my front-end container to my back-end container on my azure containerized web app?
- Access Azure App Service with Client ID & Secret
- Azure monitor open telemetry python package raising exception when python app deployed on Azure
- SignalR errors in the console even though the requests successfully completed
- Azure Web App Deployment error via msdeploy - ERROR_INSUFFICIENT_A CCESS_TO_SITE_FOLDER
- Deploying a Python App to Azure App Service with Github Actions
- Production slot not using Production as ASPNETCORE_ENVIRONMENT variable
- How allow github actions to access database on vnet
- Azure N-Tier application architecture not working with App Service Container deployment
- My mern project is not running in azure web app
- Predefined type 'System.Void' is not defined or imported during Visual Studio Online build of ASP.NET 5
- Getting an error when I am trying to use pre-built contract model on AI Document Intelligence Studio. Error code in the body
- Managed Identity for Cosmos DB: "Local Authorization is disabled. Use an AAD token to authorize all requests"
- Authenticate to SQL Server with Azure app service managed identity through group
- Deploy python app to existing azure app service with azure cli
- Unable to deploy a python application from az cli
- How can I add tracing / logging messages for a Blazor Server Side App on Azure? (Preferred with App Service Logs)
- AADSTS50012: Invalid client secret is provided when moving from a Test App to Production
- Redirect Microsoft Identity Platform Access Denied in ASP.NET Core
- data base queries in application is running on the local environment, but not on microsoft azure?
- Is there a way to limit access to an Azure App Service?
- How to Log Exceptions to Azure application logs