Restrict Portal Access by IP Address
In some cases, Management Portal and Developer Portal should not be published into the Internet so that anonymous abusive users cannot attack the Portal, such as DDoS.
If we can set a rule with IP address filtering like a firewall service, it would be very helpful to protect our API Management service.

5 comments
-
Marek Grabarz commented
You can easily configure IP restrictions placing APIM in VNET in Internal mode. Then you can route traffic through NSG controlled VIP, applicances, Intranet or WAF.
https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-internal-vnet -
Dan Byrne commented
Agreed - this is a high priority requirement.
-
Dan Byrne commented
@Tony B - you can do IP filtering on the API itself using Policies
-
Pratik Saraogi commented
Any updates on this?
-
Tony B commented
Not just Management and Developer Portal but also the API itself.