Limit connections to an Azure app service to one IP address

Question

I would like my Azure app service to only allow connections from a specific IP address.

My goal is that an application I have deployed to Firebase should be the only "thing" that can invoke the Azure app service.

What I have tried so far is:

From the Azure Portal --> Networking --> Access Restrictions

--> Configure Access Restrictions and see the rules currently allow all

Add a new rule and see the new rule along with one extra has been added (as described in the docs)

Try web app which has the IP allowed by the new rule and see the following error:

Thanks in advance.

UPDATE Access restrictions following suggestion from ceejayoz

Answer 1

If you want to limit web app access, you can configure application gateway in the for the front end of your web app. Then you can use Restrict Access feature in web app so that your web app only can receive the traffic from the application gateway. If you want to know more about it, please read the document : https://learn.microsoft.com/en-us/azure/application-gateway/configure-web-app-portal

Answer 2

I suspect you've blocked the Azure load balancers' health check requests.

https://learn.microsoft.com/en-us/azure/virtual-network/what-is-ip-address-168-63-129-16

The public IP address 168.63.129.16 is used in all regions and all national clouds. This special public IP address is owned by Microsoft and will not change. It is allowed by the default network security group rule. We recommend that you allow this IP address in any local firewall policies. The communication between this special IP address and the resources is safe because only the internal Azure platform can source a message from this IP address. If this address is blocked, unexpected behavior can occur in a variety of scenarios.

Azure Load Balancer health probes originates from this IP address. If you block this IP address, your probes will fail.