cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Access to App Services

Taen keren
Steel Contributor

‎Nov 30 2019 10:28 PM - edited ‎Nov 30 2019 10:30 PM

‎Nov 30 2019 10:28 PM - edited ‎Nov 30 2019 10:30 PM

Access to App Services

Hi 

Trying to learn Azure :)
Have deployed a public WP website by App Service 
- In the Security Center - I have just 1 Red unhealthy resource (and like the green ones) - however, I don't quite understand the "recommendation" 

Access to App Services should be restricted

We recommend that you edit the inbound rules for app services with overly permissive network configuration.


I tried the various remediation steps - every time the App Stops and I, of course, want it to be accessible for everyone browsing on the Website?

Can anyone tell me what I need to do in order to get this "green"?  

    

Labels:
951 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Taen keren (Steel Contributor)
hspinto

‎Dec 01 2019 02:23 PM - edited ‎Dec 01 2019 02:35 PM

‎Dec 01 2019 02:23 PM - edited ‎Dec 01 2019 02:35 PM

Solution

Re: Access to App Services

@Taen keren, in most scenarios you want your web app to be accessible from everywhere. In this case, it does not make sense to implement IP access restrictions. However, you might want to implement additional security by putting a Web Application Firewall in front of your Web App and restricting access to it only from the WAF IP.

 

You can/should also protect the Web App's deployment/management endpoint (.scm.azurewebsites.net, a.k.a. Kudu), to make it accessible only from the IP addresses that are trusted sources for deployments.

 

clipboard_image_0.png

In any case, if you think you can't/don't want to improve much more your Web App security, then you can always dismiss the Security Center recommendation.

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Taen keren (Steel Contributor)
hspinto

‎Dec 01 2019 02:23 PM - edited ‎Dec 01 2019 02:35 PM

‎Dec 01 2019 02:23 PM - edited ‎Dec 01 2019 02:35 PM

Solution

Re: Access to App Services

@Taen keren, in most scenarios you want your web app to be accessible from everywhere. In this case, it does not make sense to implement IP access restrictions. However, you might want to implement additional security by putting a Web Application Firewall in front of your Web App and restricting access to it only from the WAF IP.

 

You can/should also protect the Web App's deployment/management endpoint (.scm.azurewebsites.net, a.k.a. Kudu), to make it accessible only from the IP addresses that are trusted sources for deployments.

 

clipboard_image_0.png

In any case, if you think you can't/don't want to improve much more your Web App security, then you can always dismiss the Security Center recommendation.

View solution in original post

1 Like
Reply