How to white-list IP (app service server ip) -- not by client ip RRS feed

  • Question

  • Hi,

    We would like to know how to whitelist an ip in api management service for requests made through web application. We'd like to white-list the app service server not the actual client IP. Currently API Management Service is getting client IPs (not web app service ip) and it ended up rejecting all calls made through the web app. 

    For a specific product (WebAppProduct), we want to allow ONLY those requests coming from our app service webserver. 

    Our current setup:

    We have a set of endpoints (say 30 endpoints) and our Web Application can call them all but third party API users can only call 2 of these end points. We created two products - WebAppProduct with all end points and ExternalProduct with two end points.

    We can use IP filter for ExternalProduct and it works beautifully but we can't seem to do the same for WebApp.

    User (browser) -->  Web App (Azure app service) --> API Management Service --> API Service (Azure App service)

    Third-party applications (API calls)  --> API Management Service --> API Service (Azure App service)


    Thank you in advance.

    Wednesday, January 22, 2020 2:12 PM

All replies

  • If you are getting the client IP, I assume the client application (browser) is making the requests directly to APIM? If so, then you would want to have a proxy endpoint of-sorts in your Web App which proxies requests to APIM on behalf of the user.

    Another option would be to have OAuth 2.0 setup so that requests coming from a specific audience is validated at APIM. You can refer to this guide in the docs for setting this up.

    Thursday, January 23, 2020 4:57 AM
  • Thanks. We are interested in the proxy option. 

    Could you point us to where we can find the info to configure this in Web App?

    Friday, January 31, 2020 2:40 AM