Reputation: 351
Logic App IP Address when we call API Management
Below is my scenario:
I am calling API Management from Logic APP.
I want to restrict IP Address so that only Logic App can call the API Management.
I am using the IP Filter as shown below for the IP Address mentioned here
<ip-filter action="allow | forbid">
<address>40.112.243.160</address>
<address>address</address>
</ip-filter>
But I am not able to figure out the IP Address that's coming in to API Management. Its different than the list of IP Address provided in this link. It starts with 10...*.
Am I missing anything here?
Upvotes: 0
Views: 1588
Answers (3)
Reputation: 20107
You could use the ip-filter policy filters (allows/denies) calls from specific IP addresses and/or address ranges in your APIM.
Policy statement
<ip-filter action="allow | forbid">
<address>address</address>
<address-range from="address" to="address" />
</ip-filter>
You could get your logic app ip address from this link. Then you could set APIM like:
<ip-filter action="allow">
<address>address1</address>
<address>address2</address>
<address>address3</address>
</ip-filter>
Update:
But I am not able to figure out the IP Address that's coming in to API Management. Its different than the list of IP Address provided in this link.
When you use logic app to call APIM, you could see the X-Forwarded-For attribute in output which is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.
Here is my test snapshot. My logic app location is eastasia and my IP address is 13.75.94.173 which is inside the East Asia Outbound IP of Logic App.
Upvotes: 0
Reputation: 101
As far as I know, there is a list of outbound IP addresses for Azure Logic App per region. For more details, you can refer to the doc. If you want to avoid other users with the Logic App in the same region to have access to your resource or get a static single IP address, you can further use Azure API Management to act as a reverse proxy for the Logic App. And then use the policy in the APIM as below:
<ip-filter action="allow | forbid">
<address>address</address>
<address-range from="address" to="address" />
</ip-filter>
Upvotes: 2
Reputation: 1550
All logic apps in a region use the same ranges of IP addresses. To support the calls that logic apps directly make with HTTP, HTTP + Swagger, and other HTTP requests, set up your firewall configurations in your APIM so they include these outbound addresses, based on where your logic apps exist:
Here is the list of IP address of Logic App based on the region.
Upvotes: 0
Related Questions
- Get client IP address from Azure Logic app
- How to whitelist Logic App outbound ip's?
- Can you see if IP restrictions are configured for Logic Apps via Powershell?
- Azure API Management IP for whitelisting
- Logic App issue with webhook callbacks comming from some unrecognized IP ranges
- How to use parameters for salesforce API connection while deployment of Logic app?
- IP whitelisting for logic app
- Logic apps Ip Restriction
- Can Azure Logic apps only communicate one way?
- IP address of Azure API App and how to restrict IPs