Restricting IP Access to Azure Functions
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
Now let's look at another security feature in natural functions,
restricting the access to actual functions using I P addresses.
That may be helpful if you, for example, want to restrict access only to internal users that are having private I p addresses
in orderto test this functionality. I turned off the authentication and also I will use VPN to simulate different I p addresses.
Let's go and do the configuration.
The first thing I will do so is to check my current. I'd be address.
You can do that by going toe go go and just riding.
What is my i B?
So my current I P address is 69 16 1 45 to 51.
Let's go and do the configuration for the azure function
I want a function that
keep in mind that the I P white listing is also done on the function up level and not on the NVIDIA individual functions. But that means is that all the functions that are created in this function up will have the same i p restrictions.
This is very similar to the authentication and authorization configuration that we've done in the previous video,
so within the function app Go to the networking
and choose the access restrictions. So we will configure access restrictions for our up
well, other room
which say's that
we will alot on Lee
our i p address toe have access to these function
We'll put some priority like 100
We'll have a description This is my
former i b others
It will be iptv four and we will copy this i p address
and put it in there.
So once we add this rule a new firewall rule will be created for this function and it will alot Onley access from this I p address
Let's go and test that using cuddle
In current, we can type coral miners we in the euro for our function and press enter
and you will see that we're receiving response
And this is 200 okay, response from our function.
Now let's try to change our I p address and
see whether will be granted taxes
I have connected through my VPN and now I am trying toe access the function from Manchester UK Let's see what my I P addresses.
If I refresh the query, you will see that my I P addresses 1 85 to 42 7 24
Let's switch back to the term me now and see whether we can access the function.
As you can see, we're getting
ed or back from the up.
This will be the default terror that you will get from the up,
and it will say that it is four or three I p. Forbidden.
What that means is that the up still replies, however, your function is not trigger.
You don't pay any money for such requests because this is functionality that Microsoft provides.
Now you know how you can use. I'd be whitely stink to restrict the access to your actual functions.
Once again, this can be very useful if you need to restrict access to your internal
Also keep in mind that the restrictions are on the function up level. That means all the functions in this function up will have the same I P restrictions
Reading Secrets from Key Vault
Module 4 Summary