Restricting IP Access to Azure Functions

00:01

Now let's look at another security feature in natural functions,

00:05

restricting the access to actual functions using I P addresses.

00:10

That may be helpful if you, for example, want to restrict access only to internal users that are having private I p addresses

00:20

in orderto test this functionality. I turned off the authentication and also I will use VPN to simulate different I p addresses.

00:30

Let's go and do the configuration.

00:34

The first thing I will do so is to check my current. I'd be address.

00:39

You can do that by going toe go go and just riding.

00:44

What is my i B?

00:50

So my current I P address is 69 16 1 45 to 51.

00:57

Let's go and do the configuration for the azure function

01:00

we'll use.

01:03

I want a function that

01:04

keep in mind that the I P white listing is also done on the function up level and not on the NVIDIA individual functions. But that means is that all the functions that are created in this function up will have the same i p restrictions.

01:21

This is very similar to the authentication and authorization configuration that we've done in the previous video,

01:27

so within the function app Go to the networking

01:32

and choose the access restrictions. So we will configure access restrictions for our up

01:40

well, other room

01:42

which say's that

01:45

we will alot on Lee

01:51

our i p address toe have access to these function

01:55

We'll put some priority like 100

02:00

We'll have a description This is my

02:05

former i b others

02:07

It will be iptv four and we will copy this i p address

02:13

and put it in there.

02:16

So once we add this rule a new firewall rule will be created for this function and it will alot Onley access from this I p address

02:27

Let's go and test that using cuddle

02:32

In current, we can type coral miners we in the euro for our function and press enter

02:40

and you will see that we're receiving response

02:45

And this is 200 okay, response from our function.

02:50

Now let's try to change our I p address and

02:53

see whether will be granted taxes

03:00

I have connected through my VPN and now I am trying toe access the function from Manchester UK Let's see what my I P addresses.

03:12

If I refresh the query, you will see that my I P addresses 1 85 to 42 7 24

03:19

Let's switch back to the term me now and see whether we can access the function.

03:28

As you can see, we're getting

03:30

inviolable,

03:32

ed or back from the up.

03:36

This will be the default terror that you will get from the up,

03:40

and it will say that it is four or three I p. Forbidden.

03:46

What that means is that the up still replies, however, your function is not trigger.

03:53

You don't pay any money for such requests because this is functionality that Microsoft provides.

04:02

Now you know how you can use. I'd be whitely stink to restrict the access to your actual functions.

04:09

Once again, this can be very useful if you need to restrict access to your internal

04:14

network only.