App GW with load balance should use single internal IP for single session
App GW with auto-scaling enabled have Multiple internal IP for communicating hosted web service. The worst part is its communicating same session from client with Multiple IP internally because of load balance it has multiple machine for APP GW.
We are using application with which
NSG/IP restriction cannot be used because application is designed in such way it doesn’t allow same session from multiple IPs for security purposes and if we white list backend IP doesn’t makes sense because they always will be same from backend pools.
Let’s suppose during some session of user some attacker hooks into same session that could be malicious session with different IP but for server it will come with some different IP from App-Gw backend Pools so we will not be able to understand if it’s a valid one or not.
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
Chris Butler commented
We came across the same issue when using the users IP address to check login token validity for API access to our application.
If you're coding in .NET there are other methods you can user to get the users IP that will ensure you get the actual IP, rather than the LAN side IP of the Application Gateway which will change as it scales instances up and down.