restrict azure appservice / website to a domain

Question

I have a WCF service running on a azure app service. I want to restrict this WCF to a few azure website, external IPs and some other deployments. I am using IPSecurity tag for that in my WCF web.config

My issue is the IP restrictions work, but the azure website domains that i allow access to, dont seem to work.

for exmaple, i have an azure website with a custom domain, abcdef.info. i am trying to give this domain access to wcf, but it doesnt seem to be working. below is my configuration.

<ipSecurity enableReverseDns="true" allowUnlisted="false">
        <add ipAddress="127.0.0.1" allowed="true" /> 
        <add ipAddress="xx.xx.xx.xx" allowed="true" />  (IP of azure website i got after nslookup)  
        <add domainName="azurewebsitedomain.azurewebsites.net" allowed="true" />
        <add domainName="abcdef.info" allowed="true" /> (custom domain tied to my azure website)    
</ipSecurity>

i was assuming that one of the last 3 settings here will whitelist my wcf client running to azure website to access WCF but so far nothing.

Will appreciate any help. Thanks.

Answer 1

Azure Web App infrastructure uses different IP's for inbound and outbound communications. You have whitelisted the inbound IP address. Also, Whitelisting the domain name may not work either.

Azure Web Apps use a set of 4 outbound IP's for Outbound communication. This can be retrieved from portal:

• Select the web app
• Click on Properties
• Copy the OUTBOUND IP ADDRESSES

Whitelist these 4 IP Addresses the way you did earlier and then you could test by issuing a CURL request from the KUDU console (SCM) of the source app.

curl -i https://destinationsitename.azurewebsites.net