Azure AppService>Networking>Access Restrictions & handling 308 redirects from API Management
Just wanted to see if there were any Azure App Service or APIM experts that could help me get past something that is puzzling me when it comes to restricting access to my app service endpoint to the IP address of my Azure API Management service. I can successfully set the APIM's ip address in an "allow" rule, in the Access Restrictions section of the networking tab, in the app service I am targeting. What happens though, is that the APIM redirects my browser to hit the app service endpoint with its own IP address, which of course I just set to be restricted only to allow access from the APIM IP address.
A 308 Moved Permanently http code is delivered to my browser and my browser is sent to the app service page. I am met with a 403 restricted error, because it is indeed my IP address that is accessing the app service. I am expecting to be redirected to my desired app service, and to be allowed access because it was passed from the "allowed" IP address of my APIM. Do I need to adjust this somehow with an APIM policy, or some kind of networking policy inside the targeted app service?
When I attempt to hit the app from the APIM endpoint, my redirect causes web app to restrict MY IP address
Any thoughts at all would be very helpful
APIM never replies with redirect on its own, so I assume that your backend does that. By default APIM will just pass backend http response to client, no matter the status code. But you can use policies to decide what to do with response in general. For redirect specifically, there is an option follow-redirects on forward-request policy that does what you need.