Equation

Appearance

IP Whitelisting for Azure APIM Gateway

This section briefly describes how to white your application to only allow access from the APIM gateway.

  • For acceptance environments, whitelist IP: 40.74.41.190.

  • For production environments, whitelist IP: 50.85.193.224.

Azure Container App

Using Terraform

hcl
 resource "azurerm_container_app" "example" {
   ... existing settings
 
   ingress {
      ... existing settings
 
     # Add the following section
     ip_security_restriction {
       name             = "allow-apim-acceptance"
       ip_address_range = "40.74.41.190/32"
       action           = "Allow"
       description      = "Allow Azure APIM Acceptance traffic"
     }
   }
 }

Using the Azure Portal

  1. Go to your Container App

  2. Go to Settings > Ingress

  3. Under IP Restrictions, choose on the Allow traffic from IP addresses configured below, deny all other traffic link.

  4. Click the Add button at the top of the table

  5. Enter the correct IP address in the IPv4 address range box, depending on your environment.

Azure Function App

Using Terraform

Use the following snippet to apply an inbound IP restriction to 40.74.41.190 only. Replace this IP address with the IP address of the production environment for production usage.

hcl


 resource "azurerm_function_app" "example" {
   ... existing settings
 
   # Add the following section
   site_config {
     ip_restriction {
       name       = "allow-apim-acceptance"
       ip_address = "40.74.41.190"
       action     = "Allow"
       priority   = 100
     }
   }
 }

Using the Azure Portal

  1. Go to your App Service

  2. Go to Settings > Networking

  3. Under Public network access, click on the Enabled with no access restrictions link.

  4. For Public network access, choose Enable from select Virtual Networks and IP addresses

  5. For Unmatches rule setting, choose Deny

  6. Click the Add button at the top of the table

  7. Give the rule a Name and Priority, and whitelist the correct IP address as listed previously, depending on your environment.

Azure App Services

Using Terraform

Use the following snippet to apply an inbound IP restriction to 40.74.41.190 only. Replace this IP address with the IP address of the production environment for production usage.

hcl
 resource "azurerm_linux_web_app" "example" {
   ... existing settings
 
   # Add the following section to default to "Deny" unmatched rules
   ip_restriction_default_action     = "Deny"
   
   # Add the following section to whitelist inbound connections
   site_config {
     ip_restriction {
       name       = "allow-apim-acceptance"
       ip_address = "40.74.41.190"
       action     = "Allow"
       priority   = 100
     }
   }
 }

Using the Azure Portal

  1. Go to your App Service

  2. Go to Settings > Networking

  3. Under Public network access, click on the Enabled with no access restrictions link.

  4. For Public network access, choose Enable from select Virtual Networks and IP addresses

  5. For Unmatches rule setting, choose Deny

  6. Click the Add button at the top of the table

  7. Give the rule a Name and Priority, and whitelist the correct IP address as listed previously, depending on your environment.