Forum Discussion

Copper Contributor

Oct 20, 2022

API Management Policy - Secure way to detect requests from Application Gateway

Hello. We got API Management which is reachable from internal network, and from external network (internet) via Application Gateway. I want to add an authorization policy in an API which only...

sayedimac

Learn Expert

Oct 25, 2022

sampa611

There is a policy that will check to see if the request is coming from a specific IP/Range which might help.

Azure API Management access restriction policies | Microsoft Learn

Another way to do this is to setup a different Product for access from external/internal and then use the conditional policy to check if a specific product is being used and apply the policies in that case.
Azure API Management advanced policies | Microsoft Learn

Hope this helps,

Johan

#skillingexpert

sampa611
Copper Contributor
Oct 25, 2022
sayedimac

I think IP filtering would not work because all IPs should be able to access but only for a specifiy ip/range a special policy schould be applied. Filtering would not be combineable with the choose?
I think this would be an option (but im thankful for any other suggestions):

https://learn.microsoft.com/en-us/azure/api-management/policies/filter-ip-addresses-when-using-appgw