![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 72%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
1,094 questions
Hello @Mika Pitkänen Yes, it is possible to configure allowed IP addresses without using a Web Application Firewall (WAF). You can achieve this by using Network Security Groups (NSGs) and Application Gateway to control access to your Static Web App (SWA). Here's a high-level approach:
- You can create NSGs and associate them with your virtual network (VNet) or subnets to control inbound and outbound traffic to your SWA. NSGs allow you to define security rules that specify allowed IP addresses or ranges.
# You can configure NSG rules on the subnet where your Application Gateway is deployed
# Example NSG rule:
{
"name": "allow-specific-ips",
"properties": {
"priority": 100,
"direction": "Inbound",
"access": "Allow",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "80,443",
"sourceAddressPrefix": "YOUR_IP_RANGE",
"destinationAddressPrefix": "*"
}
}
2. If you have control over the Application Gateway, you can directly configure IP restrictions within its settings. This allows you to specify a list of allowed IP addresses that can access the SWA through the Application Gateway.
# While not as feature-rich as WAF, App Gateway basic rules can restrict traffic
# Configure in listener or request routing rules
{
"properties": {
"httpListener": {
"id": "..."
},
"requestRoutingRules": [
{
"properties": {
"ruleType": "Basic",
"priority": 100,
"ipFilters": {
"allowedIpRanges": ["IP_RANGE1", "IP_RANGE2"]
}
}
}
]
}
}