How do I lock down the access to my backend to only specified instance(s) of Azure Front Door? #36141
Comments
|
@SvetlanaDevOps This article tells how to use IP restrictions to restrict traffic to only be from the Azure Front Door service, but you can also configure your web site to only accept requests from specific X-Forwarded-Host header values, meaning that only requests meant for your web site will be processed by your servers. It is not a good practice to only allow requests from a specific IP or IPs (outside of the Front Door IP range) when using front door, because the forwarded traffic can come from multiple different edge locations. |
|
@SvetlanaDevOps , If you have any further questions, feel free to tag me or Travis. For now I will go ahead and close this issue. |
@TravisCragg-MSFT or @msrini-MSFT Could you verify that this "can" be the only method? Your paragraph was more specific than what's documented and seems more clear. I'm looking for verification that either IP restrictions can be used OR middleware with X-Azure-FDID are needed. Both are not. What is the best practice recommendation? I think this would be a welcome addition to the documentation. I've also been updating SO question as I dig in deeper to completely understand and test the scenarios. |
|
@SvetlanaDevOps Please consider re-opening this Issue to update the documentation to be accurate or should I file another issue for this request? |
|
@awentzel, it's best to open a new issue. Sorry for the confusion. |
Answer here describes how to allow access for Azure Front Door Services in general. But how can I restrict access only to my particular Front Door instance? Or to some several instances, in general.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: