Implementing access restrictions in various app services is much like implementing firewalls that enable one to filter and block inbound traffic as required.
When certain incoming website traffic is detected by these app services, the origin point is first evaluated. This means that if the traffic has seemingly originated from a private ‘endpoint’, it is guided directly to the website without any interference.
On the other hand, if the traffic is identified as originating from a default ‘endpoint’, it is evaluated at the site access level where you are given the option to either enable or disable access.
For any app, there is inevitably the option to configure a set of access and restriction rules for each of the sites to appropriately filter traffic and only drive relevant traffic to their websites.
By setting up such access restrictions, one can create a priority-based list that controls network access, a list that can contain IP addresses as well as Azure subnets.
This blog lists the steps that need to be followed to implement such an Access Restriction.
IPAddressList: It contains all IPs
IPRestriction.ps1: This file contains scripts to access restriction.
This script contains four parameters for specific environments to restrict IPs.
Parameter should be:
ResourceGroupName = mc-0095E840-D328-4E10-9121-64BB1E252008
WebAppName = mc-0095e840-d328-4e10-9121-236510-cd
Priority =101
Action = Allow/Deny
To successfully execute this, we will also require Microsoft Azure access (Need to log in to complete this script execution)
After the script is executed successfully, you can check on Azure Portal.
Access required for Azure portal
URL - https://portal.azure.com
User Name and Password
after login go to the home page
Click on App Services Icon
Select subscriptions for a specific environment
Select server CM or CD
On the search box, search Networking and click on it
Go to the Access Restriction tab
Now we can see all requested rules created after the executed script
All environments
App services – subscription
Staging - Sitecore Cloud - AMETEK, INC. - 43bd7935
URL - https://ametek-cms.staging.ametekweb.com
Resource Group Name = mc-0095E840-D328-4E10-9121-64BB1E252008
Web App Name = mc-0095e840-d328-4e10-9121-236510-cd (CD Environment)
Web App Name = mc-0095e840-d328-4e10-9121-236510-cm (CM Environment)
QA - Sitecore Cloud - AMETEK, INC. - 0c13241b
URL - https://*.qa.ametekweb.com
Resource Group Name = mc-994e127c-54f5-4290-b8c6-67d16454da20 (CD Environment)
Web App Name = mc-994e127c-54f5-4290-b8c6-426607-single (CD Environment)
Production - Sitecore Cloud - AMETEK, INC. - 44410283
URL - https://*.preview.ametekweb.comss
Resource Group Name = mc-5c00a210-02ac-41fd-aad5-08f9a9c3a0f8
Web App Name = mc-5c00a210-02ac-41fd-aad5-572890-cd (CD Environment)
Web App Name = mc-5c00a210-02ac-41fd-aad5-572890-cm (CM Environment)
Conclusion
Ensuring that the right traffic is efficiently directed to the website is primal for any organization’s growth. To understand the relevance of access restrictions in a variety of scenarios and to implement this feature in the context of your business, reach out to us and get all the help you need from our experts.