You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -35,17 +35,17 @@ To add an access restriction rule to your app, do the following steps:
35
35
36
36
1. Select the app that you want to add access restrictions to.
37
37
38
-
1. On the left pane, select **Networking**.
38
+
1. On the left menu, select **Networking**.
39
39
40
-
1. On the **Networking**pane, under **Access Restrictions**, select **Configure Access Restrictions**.
40
+
1. On the **Networking**page, under **Inbound traffic configuration**, select the **Public network access** setting.
41
41
42
-
:::image type="content" source="media/app-service-ip-restrictions/access-restrictions.png" alt-text="Screenshot of the App Service networking options pane in the Azure portal.":::
42
+
:::image type="content" source="media/app-service-ip-restrictions/access-restrictions.png" alt-text="Screenshot of the App Service networking options page in the Azure portal.":::
43
43
44
44
1. On the **Access Restrictions** page, review the list of access restriction rules that are defined for your app.
45
45
46
46
:::image type="content" source="media/app-service-ip-restrictions/access-restrictions-browse.png" alt-text="Screenshot of the Access Restrictions page in the Azure portal, showing the list of access restriction rules defined for the selected app.":::
47
47
48
-
The list displays all the current restrictions that are applied to the app. If you have a virtual network restriction on your app, the table shows whether the service endpoints are enabled for Microsoft.Web. If no restrictions are defined on your app, the app is accessible from anywhere.
48
+
The list displays all the current restrictions that are applied to the app. If you have a virtual network restriction on your app, the table shows whether the service endpoints are enabled for Microsoft.Web. If no restrictions are defined on your app and your unmatched rule isn't set to Deny, the app is accessible from anywhere.
49
49
50
50
### Permissions
51
51
@@ -66,9 +66,9 @@ If you're adding a service endpoint-based rule and the virtual network is in a d
66
66
67
67
### Add an access restriction rule
68
68
69
-
To add an access restriction rule to your app, on the **Access Restrictions**pane, select **Add rule**. After you add a rule, it becomes effective immediately.
69
+
To add an access restriction rule to your app, on the **Access Restrictions**page, select **Add**. The rule is only effective after saving.
70
70
71
-
Rules are enforced in priority order, starting from the lowest number in the **Priority** column. An implicit *deny all* is in effect after you add even a single rule.
71
+
Rules are enforced in priority order, starting from the lowest number in the **Priority** column. If you don't configure unmatched rule, an implicit *deny all* is in effect after you add even a single rule.
72
72
73
73
On the **Add Access Restriction** pane, when you create a rule, do the following:
74
74
@@ -79,7 +79,9 @@ On the **Add Access Restriction** pane, when you create a rule, do the following
79
79
1. Optionally, enter a name and description of the rule.
80
80
1. In the **Priority** box, enter a priority value.
81
81
1. In the **Type** drop-down list, select the type of rule. The different types of rules are described in the following sections.
82
-
1. Select **Save** after typing in the rule specific input to save the changes.
82
+
1. Select **Add rule** after typing in the rule specific input to add the rule to the list.
83
+
84
+
Finally select **Save** back in the **Access Restrictions** page.
83
85
84
86
> [!NOTE]
85
87
> - There is a limit of 512 access restriction rules. If you require more than 512 access restriction rules, we suggest that you consider installing a standalone security product, such as Azure Front Door, Azure App Gateway, or an alternative WAF.
@@ -111,7 +113,7 @@ You can't use service endpoints to restrict access to apps that run in an App Se
111
113
With service endpoints, you can configure your app with application gateways or other web application firewall (WAF) devices. You can also configure multi-tier applications with secure back ends. For more information, see [Networking features and App Service](networking-features.md) and [Application Gateway integration with service endpoints](networking/app-gateway-with-service-endpoints.md).
112
114
113
115
> [!NOTE]
114
-
> - Service endpoints aren't currently supported for web apps that use IP-based TLS/SSL bindings with a virtual IP (VIP).
116
+
> - Service endpoints aren't supported for web apps that use IP-based TLS/SSL bindings with a virtual IP (VIP).
115
117
>
116
118
#### Set a service tag-based rule
117
119
@@ -132,7 +134,7 @@ All available service tags are supported in access restriction rules. Each servi
132
134
:::image type="content" source="media/app-service-ip-restrictions/access-restrictions-ip-edit.png?v2" alt-text="Screenshot of the 'Edit Access Restriction' pane in the Azure portal, showing the fields for an existing access restriction rule.":::
133
135
134
136
> [!NOTE]
135
-
> When you edit a rule, you can't switch between rule types.
137
+
> When you edit a rule, you can't switch between rule types.
0 commit comments