1

I am trying to add IP restrictions to my app service associated to my QnA Maker to make it available only through an application gateway. Now, the service works through the gateway but the qna maker portal doesn't work anymore. I get the following error message when loading my knowledge base:

QnA Maker runtime error

Runtime unavailable. Please check that the App Service resource in your QnA Maker service is up and running.

According to Can qnamaker.ai load a url not open for the public?, the following IP ranges must be added to the app service whitelist:

  • West US: 13.91.0.0/16
  • East US: 52.191.0.0/18

Unfortunately, adding these IPs doesn't solve the issue and the QnA resource is still unavailable.

After multiple refresh of the page, the KB is sometime displayed. I think there are some others IP ranges that need to be added to work all the time.

Does anybody knows what is the complete list of IPs to add to fix the QnA maker portal ?

Grumpf
  • 21
  • 3

2 Answers2

0

If this host name is Valid and reachable via following IPs everything should work.

52.191.14.164

13.91.243.134

or

Hosting QnA Maker App on Isolated App Service Environment is bit hard, but feasible. You need to integrate ILB with WAF so that the site is accessible externally: https://learn.microsoft.com/en-us/azure/app-service/environment/integrate-with-application-gateway

You also need to manage certs: https://learn.microsoft.com/en-us/azure/app-service/environment/create-ilb-ase#create-an-app-in-an-ilb-ase

  1. Create the App Service with QNA Maker extension enabled(Part of existing template) in ASE
  2. Manual: Add certs +WAF for the App Service in 1 (1hr work atleast)
  3. Make sure the App Service is reachable in the browser(https://) and there are no cert issues
  4. Create cognitive services instances (part of existing template) and pass it the app service host name from 1.

Deploy QnA Maker to their existing App Service Environment you can select “ Deploy to Azure,” modify the template as desired, and deploy to the subscription. For example, this Web App template: https://github.com/Azure/azure-quickstart-templates/tree/master/201-web-app-github-deploy

Ram
  • 2,459
  • 1
  • 7
  • 14
  • I added the two IPs but the issue is the same on Qna Maker portal. When I remove the IP restrictions, everything works fine. I'm using the portal from Europe so maybe the IPs are different... – Grumpf Jun 02 '20 at 07:42
0

I finally created a support ticket in Azure. Here is the complete list given by Microsoft support:

  • 13.68.0.0/16
  • 13.86.0.0/16
  • 13.91.0.0/16
  • 20.185.0.0/16
  • 40.83.0.0/16
  • 40.88.0.0/16
  • 40.121.0.0/16
  • 52.191.0.0/16

Now the QnA Maker portal works fine with this IP whitelist in the app service.

Grumpf
  • 21
  • 3