Can Azure Container Apps be configured with IP restrictions on external traffic only?
I have a requirement to restrict external access to an Azure Container App on a consumption plan by IP address. However, configuring this ingress also restricts traffic coming from itself and within the managed environment.
Is it possible to configure IP restrictions whilst still allowing all internal traffic, including from itself?
Yes, it is possible to configure IP restrictions for an Azure Container App on a consumption plan in the Azure portal while still allowing all internal traffic, including from itself.
I have created container Apps with consumption plan like below:
In container apps -> under setting, Ingress -> select limited to container apps environment.
Under IP Restrictions, select "Allow traffic from IPs configured below, deny all other traffic" and enter the IP addresses or CIDR ranges that you want to allow access to your Azure Container App and save:
Now your Azure Container App will only be accessible from the IP addresses or CIDR ranges that you specified.
Reference:
Set up IP ingress restrictions in Azure Container Apps | Microsoft Learn