This is an extended question from #59.
So, basically I can't restrict the proxy API access from public, as @miwebst mentioned in the previous issue thread.
But I still want to prevent access from public, by implementing the access restriction feature on API Management or Azure App Service instance like:
However, I need to know the IP addresses to apply this access policy. As I don't know how to get a list of outbound IP addresses for ASWA, I wonder if this is possible or not?
Its not possible right now, we are continuously adding more points of presence so we don't want people taking dependencies on these and then having their apps break when we begin using a new IP address.
Thanks for confirmation!
Its not possible right now, we are continuously adding more points of presence so we don't want people taking dependencies on these and then having their apps break when we begin using a new IP address.
my third party is seeing external ip that is not listed in my web app outbound IP? per checking the ip that they are seeing, its part of the mcirosoft data center public ip. but why they are seeing that IP that its not listed in the portal?
As described above, we do not have any external IP guarantee's right now. Can you describe the use case? I'm assuming they want to add some rules based on ip address?
As described above, we do not have any external IP guarantee's right now. Can you describe the use case? I'm assuming they want to add some rules based on ip address?
Thanks for your reply. are u saying that outbound IP cannot be whitelisted by our third party provider? The issue here. .. is our third party provider is seeing an external IP of our web app that is not listed in Outbound IP in Azure.... but when i check the IP that they are referring to. the IP is part of Microsoft Data Center IP ranges... I also checked the IP in whoismyip site. and it belongs to Microsoft.
so i guess , as long as the IP advertised belongs to Microsoft. you can whitelist it.
I see. Yes these IP addresses will always be owned by Microsoft. We are not currently publishing a set of these as they may expand overtime.
I would also like to get the possible outboundIps of an Azure Static Web app. My use case is so that I can add that to the firewall of my CosmosDB. Now I have to open it up for every network and I'm not very comfortable doing that.
Due to these kind of restrictions (not able to do oauth flows as another example) makes me wonder why will I use the static web app for long instead of separating into a storage account based SPA and Azure functions. I did really like the Azure static web app easiness of managing everything together, but then microsoft should not restrict it so much that is becomes unusable after the initial fast deployment.
@sijucm We are looking into ways to give you more control over the function app. We鈥檒l keep this scenario in mind and see if we can address it in the process.
Most helpful comment
@sijucm We are looking into ways to give you more control over the function app. We鈥檒l keep this scenario in mind and see if we can address it in the process.