CODEWITHSUNDEEP
azureazure-functions
robjam
robjam

Reputation: 989

Azure Functions and restricting IPs

I would really like to use Azure Functions for an upcoming project, but is there a way to create a whitelist of IPs like in ipSecurity in Web.Config?

They are using authLevel function, so there is some protection there. My customer has a security requirement for a whitelist.

Looking at the resource explorer there seems to be a property ipSecurityRestrictions that might work, but I don't see it on my Azure function instance.

Upvotes: 5

Views: 5156

Answers (2)

Lukaesch
Lukaesch

Reputation: 171

Fortunately, IP whitelisting has been introduced and is available for the Azure Functions consumption plan (standard and premium). Step-by-step guide:

  1. First, go to your Azure Portal and select your Azure Function resource
  2. Next, select Networking
  3. Select Configure Access Restrictions enter image description here
  4. Define your list of allow/deny rules as desired to control traffic to your Azure Function

Upvotes: 4

Matt Mason
Matt Mason

Reputation: 2726

Unfortunately, as you don't have control over a web.config this isn't doable that way.

You could do the ip validation within the function itself or add a solution like API Management to block traffic.

If you're willing to run on dedicated (not consumption plan), you can deploy the functions runtime as a site extension with a modified web.config with the ip whitelist you need: https://github.com/Azure/azure-webjobs-sdk-script/wiki/Deploying-the-Functions-runtime-as-a-private-site-extension

Upvotes: 2

Related Questions