Understanding and Implementing Access Restriction

Implementing access restrictions in various app services is much like implementing firewalls that enable one to filter and block inbound traffic as required. 

When certain incoming website traffic is detected by these app services, the origin point is first evaluated. This means that if the traffic has seemingly originated from a private ‘endpoint’, it is guided directly to the website without any interference. 

On the other hand, if the traffic is identified as originating from a default ‘endpoint’, it is evaluated at the site access level where you are given the option to either enable or disable access.

For any app, there is inevitably the option to configure a set of access and restriction rules for each of the sites to appropriately filter traffic and only drive relevant traffic to their websites.

By setting up such access restrictions, one can create a priority-based list that controls network access, a list that can contain IP addresses as well as Azure subnets. 

This blog lists the steps that need to be followed to implement such an Access Restriction. 

IPAddressList: It contains all IPs

IPRestriction.ps1: This file contains scripts to access restriction.

 

 

This script contains four parameters for specific environments to restrict IPs.

Parameter should be:

ResourceGroupName = mc-0095E840-D328-4E10-9121-64BB1E252008

WebAppName = mc-0095e840-d328-4e10-9121-236510-cd

Priority =101

Action = Allow/Deny

To successfully execute this, we will also require Microsoft Azure access (Need to log in to complete this script execution)

After the script is executed successfully, you can check on Azure Portal.

 Access required for Azure portal
 URL - https://portal.azure.com
 User Name and Password
 after login go to the home page
 
Click on App Services Icon 

 

Select subscriptions for a specific environment 

 

Select server CM or CD  

On the search box, search Networking and click on it 

 

Go to the Access Restriction tab 

Now we can see all requested rules created after the executed script 

All environments

App services – subscription 

Staging - Sitecore Cloud - AMETEK, INC. - 43bd7935

URL - https://ametek-cms.staging.ametekweb.com

Resource Group Name = mc-0095E840-D328-4E10-9121-64BB1E252008 

Web App Name = mc-0095e840-d328-4e10-9121-236510-cd (CD Environment)

Web App Name = mc-0095e840-d328-4e10-9121-236510-cm (CM Environment)

QA - Sitecore Cloud - AMETEK, INC. - 0c13241b

URL - https://*.qa.ametekweb.com

Resource Group Name = mc-994e127c-54f5-4290-b8c6-67d16454da20 (CD Environment)

Web App Name = mc-994e127c-54f5-4290-b8c6-426607-single (CD Environment)

Production - Sitecore Cloud - AMETEK, INC. - 44410283

URL - https://*.preview.ametekweb.comss

Resource Group Name = mc-5c00a210-02ac-41fd-aad5-08f9a9c3a0f8

Web App Name = mc-5c00a210-02ac-41fd-aad5-572890-cd (CD Environment)

Web App Name = mc-5c00a210-02ac-41fd-aad5-572890-cm (CM Environment)

Conclusion 

Ensuring that the right traffic is efficiently directed to the website is primal for any organization’s growth. To understand the relevance of access restrictions in a variety of scenarios and to implement this feature in the context of your business, reach out to us and get all the help you need from our experts.