0

I am trying to lock down an Azure website we have running to our intranet. I have browsed to App Services > Webappname > Networking > Access Restrictions but when I enter the two "allow" rules for our production and user internal IP subnets, it breaks displays the error message "Error 403 - This web app is stopped."

enter image description here

My desired end-state is to have the app work from our internal network, but not from the WWW.

My access rules are as follows:

  1. Allow 10.0.0.0/8
  2. Allow 172.16.0.0/16
  3. Deny Any
serverAdmin123
  • 230
  • 3
  • 18
Ash-G099
  • 3
  • 3
  • 1
    If you don't have a VPN between your on-prem network and azure then you will need to use your public IP. If you do make sure there is no NAT happening at the VPN endpoint that would be "changing" your IPs – Drifter104 May 22 '19 at 11:11

1 Answers1

1

The error "Error 403 - This web app is stopped" indicates that you have not met the requirements of IP restrictions, this is the message it displays when you are not on an allowed IP.

The IP ranges you have supplied are not going to work. These IPs are all internal to your network, and are not what is presented to your Azure Web app, and so you fail the check. Your users will be hitting the web app with the External IP's you are provided with by your internet service provider (or Express Route if you use that, with public peering). You need to find out what these external IPs are and allow these.

You can find your current external IP by typing "what's my IP" into Google.

Sam Cogan
  • 38,736
  • 6
  • 78
  • 114
  • Ok thanks, I have a VPN to our Azure tenancy so I thought it would come over as our internal range, but the way you described it made it click in my brain. – Ash-G099 May 22 '19 at 11:59
  • Yeah a VPN will only do that for resource on your vNet. PaaS resources won't og over the VPN – Sam Cogan May 22 '19 at 12:07