Securing Azure PaaS (api apps) using NSG
Question
Trying to secure an API apps endpoint without Azure Active Directory. I have seen examples of NSG for securing SQL Server endpoints. But with PaaS services (web apps / api apps/ logic apps) since they dont have VNETS I am bit confused as to how NSG will restrict traffic.
On Api app blade I see a "Networking" option and clicking that takes me into setting up VNET integration. When I click VNet setup starts gateway setup and configuration.
Has anyone done something similar where they secure backend api services using NSG and not API Gateway or AAD authentication.
Thanks !!
1 answers
solution1
0 ACCPTED 2017-04-11 10:53:09
If you integrate the app service with a vnet, you can use NSGs to restrict the traffic, but only for the traffic connecting via the private network. vnet integration works with a vpn connection, hence the required deployment of a gateway on the vnet.
In this setup, the api app will still be accessible on the internet and that traffic will not be affected by the NSG, since it does not touch the vnet.
If you want to secure incoming traffic based on network origin you could implement that in application, but I would recommend against relying solely on that for security.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.