App Services Access Restrictions - DDoS RRS feed

  • Question

  • Greetings,

    Considering setting up an container environment in Azure App Services.

    This will be production workloads so we will need some gateway in front.

    I've tested setting it up with Application Gateway, and using service principal in the App Service "Access Restrictions", only allowing traffic from the Application Gateway

    So now when entering the xxx.azurewebsites.net site not through gateway, I get an 403.

    Is it the App Service itself who receives this request and returns the 403? In that case, is the App Service vulnerable for DDoS attacks and similar from the xxx.azurewebsites.net URL, even if it is placed behind an Application Gateway?

    Is there any way to disable the public endpoint of an App Service entirely?

    Tuesday, October 6, 2020 3:34 PM