I've deployed a web app on the Azure App Service platform. I need to restrict users access to specific endpoints. For example, I need to allow access to /admin url endpoint to specific IP addresses. I've tried the Access Restriction feature but it allows to restrict access only to the entire web app and not to specific URL addresses. Do you have any suggestions on how can I do this through Azure?
Below are the options you can use. Azure App Service access restrictions apply to the entire application and not specific endpoints.
Azure Application Gateway with Web Application Firewall (WAF): Deploy your web app behind Azure Application Gateway. With the WAF tier of Application Gateway, you can create custom rules to allow or deny traffic from specific IP addresses or address ranges to specific paths. This will allow you to restrict access to specific URL endpoints based on IP addresses.
Azure Front Door: Azure Front Door as a content delivery network and application firewall, allows you to set up custom forwarding rules based on the URL route and source IP.
Azure API Management: If your web app is hosting APIs, Azure API Management can be placed in front of it. With policies in API Management, you can restrict access based on a combination of IP and URL path.
Custom Middleware in Your Application: If you're using a framework like ASP.NET Core, you can write custom middleware to check the IP address of incoming requests and the requested path to allow or deny the request.