1

Our website is hosted on the Azure Linux web app, the site pulls data from third-party vendors. So we need to whitelist our website IP address to their server but after adding the IP for whitelisting still getting 401 unauthorized errors.

We checked the vendor and the IP has been configured properly but why we are getting 401 errors while pulling data via API call.

The IP address we found from Azure Portal --> web app --> select properties and the virtual IP address.

Any help or recommendation will be helpful.

D S
  • 258
  • 9
  • 25
  • Can you check under your web app's menu in the portal ? There's an option for Diagnostic Logs which will be near the bottom of the menu and has a green icon. Set the Application logs Filesystem to Verbose and save the settings. After that the logs will show up under D:/home/logfiles in Kudu Console. – Harshitha Veeramalla Dec 30 '21 at 10:18
  • We don't get any data -- actually, the site is working only calling API for 3rd party vendors at that time getting 401 error - not sure why only Linux web app getting this issue. – D S Dec 30 '21 at 10:40
  • Please refer [401 Unauthorized Error](https://www.geeksforgeeks.org/how-to-fix-a-401-unauthorized-error/) and [SO](https://stackoverflow.com/questions/38262085/azure-ad-api-request-401-unauthorized#:~:text=Azure%20throws%20a%20clear%20error%20if%20you%20attempt,-%20the%20error%20is%20just%20401,%20nothing%20else.) thread for details. – Harshitha Veeramalla Dec 30 '21 at 10:57

2 Answers2

1

If I understand you correctly, you are trying to whitelist the web app against the firewall for the third-party vendors app?

If so, then the virtual IP address that you have added is the ingress IP address for the web app. You need to add the outbound IP addresses from the Properties blade for the web app to the vendor's firewall.

You should note that there can be up to 11 of these IP addresses. Also, if you scale the web app up or down to a different service plan, or perform any change that will result in a new scale plan, the IP addresses will change. This does not apply to scaling out to multiple instances.

Marky
  • 269
  • 2
  • 8
  • I see 11 ips in the outbound box in the azure web app, which one I should give the vendor and also the custom domain has been setup in godaddy along with A record for the IP I find in web app --> properties --> virtual IP, the same IP has been given to the vendor but not working. – D S Dec 30 '21 at 12:12
  • You need to give them all of the IP addresses. You cannot determine which one will be used. Setting up a custom domain for the web app is for accessing the web site, and has no impact on how the web app interacts with other sites. Azure web apps use different IP addresses for traffic into and out of the web app. – Marky Dec 30 '21 at 12:22
  • Documentation explaining inbound and outbound IP addresses is at https://learn.microsoft.com/en-us/azure/app-service/overview-inbound-outbound-ips – Marky Dec 30 '21 at 12:24
  • They are saying only 2 ips will be allowed, what to do please tell me – D S Dec 30 '21 at 12:30
  • You will need a static outbound IP address. See the section in the document I linked above. However, that is going to increase the complexity and costs of your web app considerably. – Marky Dec 30 '21 at 13:08
0

Using a static IP address solved the problem.

D S
  • 258
  • 9
  • 25