Failed to access Logic app via APIM when restricting APIM IP in logic app

Question

Problem statement:

I have a logic app which I have exposed via APIM[I want this way as this is my design approach] and I want to allow only specific inbound IP address(in my case APIM IP) to access my logic app.

I have restricted the IPs in apim as follows, and which is working as expected.

    <ip-filter action="allow">
        <address-range from="xx.xx.xx.x1" to="xx.xx.xx.x5" /> //currently this is of no use.
        <address>xx.xx.xx.xx</address> //my local machine ip.
    </ip-filter>

Now, I have allowed the specific ip(apim ip) in my logic app and hit the request from my local machine, logic app prompt me an error.

When I added my local machine's Ip in logic app then it works as expected.

So,I think What is the point of restricting the ips in APIM because I need to allow all the IPs in logic app as well?

could anyone please assist/elaborate me what i am doing wrong.

The point is that you can only call your logic app from APIM... This is the expected behavior from your description — Thomas, Aug 24 '19 at 10:16
@Thomas Yes, but I am getting above weird exception. if i white-lists only APIM IP then I am getting the above exception but when I whitelisted my local machine IP(from where i am shooting the request) then the no any exception occurs. So what is causing this behavior? — Bikram, Aug 24 '19 at 10:29
@Thomas Yes!, h2tps://api.apim-base-url/env/functionality/manual/paths/invoke- this is my APIM url. — Bikram, Aug 24 '19 at 17:04

score 0 · Answer 1 · answered Aug 23 '19 at 07:27

0

In the Azure portal, access to your Logic App. Under Settings, select Workflow settings.

Under Access control configuration > Allowed inbound IP addresses, select Specific IP ranges.

Then you will receive a 401 Unauthorized status with postman and if we try from our APIM, we should get a 202 Accepted status.

For more details, you could refer to this article about How to restrict incoming IP ranges for a Logic App to accept only APIM calls.

answered Aug 23 '19 at 07:27

Leon Yue

15,693
1
11
23

I tried with the same article, but i am getting different error as stated above. – Bikram Aug 23 '19 at 13:50

score 0 · Accepted Answer · answered Aug 27 '19 at 17:42

I have analyzed the issue and below is the finding.

Getting Unauthorized is because of not whitelisting the local machine IP from which I was exploring the logic app to see the requested content.

Everything else is working as expected.

hope this will help!

Failed to access Logic app via APIM when restricting APIM IP in logic app

2 Answers2