You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/app-service/app-service-ip-restrictions.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,7 @@ ms.workload: web
13
13
ms.tgt_pltfrm: na
14
14
ms.devlang: multiple
15
15
ms.topic: article
16
-
ms.date: 05/28/2019
16
+
ms.date: 06/06/2019
17
17
ms.author: ccompy
18
18
ms.custom: seodec18
19
19
@@ -46,15 +46,15 @@ The list will show all of the current restrictions that are on your app. If you
46
46
47
47
You can click on **[+] Add** to add a new access restriction rule. Once you add a rule, it will become effective immediately. Rules are enforced in priority order starting from the lowest number and going up. There is an implicit deny all that is in effect once you add even a single rule.
48
48
49
-
###Adding IP address rules
49
+
## Adding IP address rules
50
50
51
51
52
52
53
53
When creating a rule, you must select allow/deny and also the type of rule. You are also required to provide the priority value and what you are restricting access to. You can optionally add a name, and description to the rule.
54
54
55
55
To set an IP address based rule, select a type of IPv4 or IPv6. IP Address notation must be specified in CIDR notation for both IPv4 and IPv6 addresses. To specify an exact address, you can use something like 1.2.3.4/32 where the first four octets represent your IP address and /32 is the mask. The IPv4 CIDR notation for all addresses is 0.0.0.0/0. To learn more about CIDR notation, you can read [Classless Inter-Domain Routing](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
56
56
57
-
###Service endpoints
57
+
## Service endpoints
58
58
59
59
60
60
@@ -64,7 +64,7 @@ Service endpoints cannot be used to restrict access to apps that run in an App S
64
64
65
65
With service endpoints, you can configure your app with Application Gateways or other WAF devices. You can also configure multi-tier applications with secure backends. For more details on some of the possibilities, read [Networking features and App Service](networking-features.md).
66
66
67
-
###Managing access restriction rules
67
+
## Managing access restriction rules
68
68
69
69
You can click on any row to edit an existing access restriction rule. Edits are effective immediately including changes in priority ordering.
70
70
@@ -78,15 +78,15 @@ To delete a rule, click the **...** on your rule and then click **remove**.
When adding your first IP Restriction rule, the service will add an explicit **deny all** rule with a priority of 2147483647. In practice, the explicit **deny all** rule will be last rule executed and will block access to any IP address that is not explicitly allowed using an **Allow** rule.
84
84
85
85
For the scenario where users want to explicitly block a single IP address or IP address block, but allow everything else access, it is necessary to add an explicit **Allow All** rule.
86
86
87
87
88
88
89
-
###SCM site
89
+
## SCM site
90
90
91
91
In addition to being able to control access to your app, you can also restrict access to the scm site used by your app. The scm site is the web deploy endpoint and also the Kudu console. You can separately assign access restrictions to the scm site from the app or use the same set for both the app and the scm site. When you check the box to have the same restrictions as your app, everything is blanked out. If you uncheck the box, whatever settings you had earlier on the scm site are applied.
0 commit comments