Securing a connection between an Azure static web app and a Azure Function

Question

I have set up an Azure Static web app and an Azure function backend. I was under the impression from the docs (https://learn.microsoft.com/en-us/azure/static-web-apps/functions-bring-your-own) that if I linked the two and the azure function app didn't have any pre-existing security settings then the Static app would have exclusive access to the function app. This isn't the case and all linking the apps does is provide a URL overwrite so I can access the function with the front-end's URL.

What is the recommended method of only allowing requests to an Azure Function App from an Azure Static Web App? I need to use the bring your own function option as I need the function app to have a set of whitelisted IP addresses that can be given to a 3rd party API.

maxspan · Answer 1 · 2021-09-15T00:23:05.510

0

You can try proxy.json for dns url of your choice in azure function. You can use api management for securing your functions and white listing IPs.

{
    "$schema": "http://json.schemastore.org/proxies",
    "proxies": {
        "proxy1": {
            "matchCondition": {
                "methods": [ "GET" ],
                "route": "/api/{test}"
            },
            "backendUri": "https://<AnotherApp>.azurewebsites.net/api/<FunctionName>"
        }
    }
}

https://learn.microsoft.com/en-us/azure/azure-functions/functions-proxies

edited Sep 15 '21 at 00:23

answered Sep 14 '21 at 11:59

maxspan

13,326
15
75
104

Thanks for the reply! Do you have an example of how a proxy.json should look like? – Nick Kalfas Sep 14 '21 at 12:04
I am using my phone to answer this question. I provided a sample and a link below it. – maxspan Sep 14 '21 at 12:08
Thanks a lot, @maxspan, we ended up resolving it with the help of Azure. – Nick Kalfas Oct 29 '21 at 13:08

Securing a connection between an Azure static web app and a Azure Function

1 Answers1