Add "Allow access to Azure services" in Azure App Service IP restrictions
Re this thread
I'd used PowerShell to manually add IP restrictions a couple of weeks ago. Right away my App Insights availability tests started failing so I narrowed the test location down to Dublin IE and allowed those IP/Subnets.
Add an option similar to SQL Server "Allow access to Azure services" That white lists Azure App insights availability tests for selected regions.
There was some confusion about this feature due to the documentation for it and UX originally released had a bug.
The IP Restrictions feature works as an ALLOW list, rather than a DENY list as originally stated.
The ask here is still valid, there are other services in azure (like SQL) that have UI to explicitly allow other azure services to reach the database. While this is convenient for development scenarios, it’s not a good idea for securing the resource.
We’ll keep an eye on this request and see if it gathers more up-votes.
Pluciennik, Todd (San Diego) commented
Access restriction categories are only IP and VNET based. Are there any plans for 'tagged' access restrictions based on Azure services?
For example, attempting to deploy via Azure DevOps gives the following error:
Error: Error Code: ERROR_COULD_NOT_CONNECT_TO_REMOTESVC
More Information: Could not connect to the remote computer ("HIDDEN") using the specified process ("Web Management Service") because the server did not respond. Make sure that the process ("Web Management Service") is started on the remote computer. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_COULD_NOT_CONNECT_TO_REMOTESVC.
Error: The remote server returned an error: (403) Forbidden.
Error count: 1.
Shahid Iqbal commented
Same issue really with Azure DevOps agents not being able to view the site during a deployment so UI tests fail.
Would be great to either give the same option as azure sql does or allow importing of ip restrictions in a more workable manner. File upload (ideally in same format as we can get for IP ranges for Azure)
Xinyi Ou commented
This is currently causing an issue for us when importing Azure Function into Azure API Management. We have added the IP address of the APIM to the allow list, but the import functionality breaks unless we temporary disable the IP Restrictions on the App Service. It would be great to know what IPs we need to add to allow for this, or to have the Allow Azure Services (if the traffic is coming from the UI for APIM).