Reputation: 79
IP Filter for Azure Functions to only allow traffic from Azure API Management Service
My API has users upload and download files from Azure Storage containers. I have an API that uses two Azure Functions - one for uploading files, and one for generating SAS tokens. I want to secure the API and its Azure Functions by making the Azure Functions only accept traffic from the APIM's IP address. Each time I do this, however, any access to the Azure Functions are blocked. I added the APIM Virtual IP address to the allowed sources for each Azure Function under "Access Restrictions", but each time I try to access either of the functions I am met with a 403 (Ip Forbidden) error. What should I do?
Edit: I've figured out that my HTML frontend is the reason why access is blocked: requests are sent through the HTML frontend, where they use the client's IP address.
Upvotes: 0
Views: 327
Answers (1)
Reputation: 65461
I am assuming that by "HTML frontend", you mean your client application running in a browser.
The Azure Function is seeing the client IP Address rather than the IP Address of the APIM.
The first thing to check is: Do the url's that you are using in the frontend go to APIM? Or do they go directly to the Azure Function.
Upvotes: 0
Related Questions
- CORS blocked when invoking 3rd party API wrapped with Azure API Management
- 403 forbidden error when calling durable function status query via Azure API Management Service
- 403 when calling durable function status query via Azure API Management Service
- Restrict Access for Function App with Azure API Manangement Service
- Outbound IP address Azure API Management
- Azure AppService>Networking>Access Restrictions & handling 308 redirects from API Management
- Azure API Management rename file
- Azure API Management Subscription Expiration