2

I have an Azure DevOps pipeline that runs a series of tests(Cypress) against an App Service. This App Service has restricted access, so i get 403(forbidden) on every request, and i have been looking for the IP's to get white listed. After a lot of time looking, i read in a couple of places that they are changed quite often.

What am i missing?

Thank you,

Júlio Almeida
  • 1,539
  • 15
  • 23

1 Answers1

2

If you are looking for IP ranges for Azure resources you will find them here. They are changed on a weekly basis, but this doesn't mean that all of them are changed. It simply means that file is updated once per week.

In this file you must find resource and region of your choice:

    {
      "name": "AppService",
      "id": "AppService",
      "properties": {
        "changeNumber": 10,
        "region": "",
        "regionId": 0,
        "platform": "Azure",
        "systemService": "AzureAppService",
        "addressPrefixes": [
          "13.64.73.110/32",
          "13.65.30.245/32",
          "13.65.37.122/32",
          "13.65.39.165/32",
          "13.65.42.35/32",
          "13.65.42.183/32",
          "13.65.45.30/32",
          "13.65.85.146/32",

So if you want to add some of these IPs to your restrictions you may parse json in powershell and then use this command in for loop

Add-AzWebAppAccessRestrictionRule -ResourceGroupName "ResourceGroup" -WebAppName "AppName"
    -Name "Ip example rule" -Priority 100 -Action Allow -IpAddress 122.133.144.0/24
Krzysztof Madej
  • 32,704
  • 10
  • 78
  • 107
  • Thank you! I suppose there is a way to add this file to a configuration of some sort in the App Service correct? – Júlio Almeida Sep 16 '20 at 12:58
  • I'm not sure what you mean by adding this to configuration. If you tell me more what you mean by restricted acess of you App Service I should be able to help you. – Krzysztof Madej Sep 16 '20 at 13:19
  • Usually what we do is going to App Service > Networking > Access Restrictions > Configure Access Restrictions > Add the IP. If this comes in a file and is changed all the time, maybe you can add it (the file) easily in some place. Was clear enough? – Júlio Almeida Sep 16 '20 at 13:25
  • 1
    Please check my edit. You may add them using Azure CLI command. You may even create a scheduled pipeline to do this once every week. I mean download file, parse it and add rules based on the file. – Krzysztof Madej Sep 16 '20 at 13:31