How can we improve Azure Networking?

Allow ACL on Application Gateway for IP filtering via X-FORWARDED-FOR header

We have requirements from customers to restrict access via their company subnets. It would be very nice if the App Gateway supported not only the SSL offload but the ability to apply ACLs to allow or deny access via a defined network range using X-FORWARDED-FOR headers.

84 votes
Vote
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
You have left! (?) (thinking…)
Marco Crank shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

8 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Stephen Walsh commented  ·   ·  Flag as inappropriate

    This is something we need. We want to restrict certain web apps to specific IP addresses which we can do as part of the Web App configuration.

    When we introduce the AppGateway for WAF protection in front of the Web Apps, we can enforce an IP restriction on the Web App to ensure traffic is flowing through the AppGateway. However we can't implement an IP restriction on the AppGateway itself.

    As mentioned below, we need to be able to implement this on a per-listener basis.

  • John B commented  ·   ·  Flag as inappropriate

    Any update on this? We also have a client requirement to restrict by IP address on the gateway.

  • Erik Hennerfors commented  ·   ·  Flag as inappropriate

    Is there any updates on this? We have a customer demanding this feature from our application running in Azure.

Feedback and Knowledge Base