How can we improve Microsoft Azure Functions?

Restrict IPs in Azure Functions Proxies

I want IP restriction in Azure Functions Proxies. My customer has a security policy that IPs are whitelisted. Current solutions are to host AppServices plan or API management. This feature is essential for enterprise customers.

17 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Atsushi Yokohama shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    completed  ·  AdminAzure App Service Team (Admin, Microsoft Azure) responded  · 

    This is now possible using the “IP Restrictions” functionality available under “Platform Features” > “Networking” > “IP Restrictions”

    Keep in mind that this list is a whitelist.

    Thanks for the feedback!
    Alex

    12 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Aaron Kim commented  ·   ·  Flag as inappropriate

        This is mandatory for enterprise customers. What'd be the point of securing function with apim without restricting usage of function itself? I also don't see the ip restriction from networking anymore. Please respond.

      • Noel Ady commented  ·   ·  Flag as inappropriate

        I also see IP Restrictions has moved. We rely on this settings for our functions. Its part of the Security policies for our client. If its gone this is a major issues for a large scale azure project. Can someone please provide some details on where this setting has moved to ?

      • Dmitry commented  ·   ·  Flag as inappropriate

        "This is now possible using the “IP Restrictions” functionality available under “Platform Features” > “Networking” > “IP Restrictions”"
        It seems that this feature is not available anymore.
        It was there like in March 2018, but now only CDN can be configured.

      • Craigology commented  ·   ·  Flag as inappropriate

        Agree with the previous commenter, this feature seems to have been abruptly removed, even on the Beta runtime. Can the Azure App Service Team please provide any explanation as to why?

      • Bartłomiej Zalewski commented  ·   ·  Flag as inappropriate

        Is this solution still working for Azure Functions ? When I go to “Platform Features” > “Networking” > “IP Restrictions” I see only 3 options:
        - VNET integration
        - Hybrid connections
        - Azure CDN

        Is it 'IP Restrictions' moved someware ?

        I see 'IP Restrictions' for regular Web App but not Ffor Azure Functions

      • Michael Papasevastos commented  ·   ·  Flag as inappropriate

        Adding - I think it would be extremely helpful to have a checkbox that specifies "allow traffic only from Azure data centers". The exact scenario that I'm using is setting up an Azure activity log alert to invoke an Azure function running on a consumption plan.

      • Jason Steele commented  ·   ·  Flag as inappropriate

        This is currently under review Does the review include restricted IP range for outbound calls from a Function? (Or at least via a proxy?)

      Feedback and Knowledge Base