锁定 AppServices 仅对 Azure Front Door 的访问

Lock down the access of AppServices to only Azure Front Door

我想限制对我的 AppServices 的访问,并且只应接受来自 Azure Front Door 的流量。 MS 文档 here explains that we should update IP restrictions and also manage 'X-Azure-FDID'. I want to focus only on IP restrictions on this question. Then i found some useful articles like wintellect and henrihietala which propose incredible powershell command to do that. It seems to work but I just noticed that IP list contains more than 100 records ! It's huge don't you think ? See my screenshot 真的需要这么多 IP 来允许吗?检索 Front Door 使用的 IPv4 和 IPv6 IP 地址的过滤列表的代码是

$addresses = ((Get-AzNetworkServiceTag -Location $location).Values | Where-Object ( { $_.Name -eq 'AzureFrontDoor.Backend' })).properties.AddressPrefixes

因为我知道我的 Front door 资源,是否有机会减少所有这些 IP??

此致, 特里

在 Web App 的限制中,仅添加一条允许 IPv4 CIDR“147.243.0.0/16”的规则,如图所示。

然后,您的 Web 应用程序将只允许来自 Azure Front Door 的流量。 Access Azure FD