There’s no silver bullet solution with cyber security, a layered defense is the only viable defense ~ James Scott
Azure App Service supports creating firewall rules on an IP address level and for VNet/Subnets service endpoint. All App Service workloads(Web app, API, Mobile backends) support this feature.
Network-based firewall rules can be created for subnets with service endpoints. Service endpoints can be enabled for each subnet in a VNet for an Azure Service(e.g. azure storage, app service).
We can create these rules using Powershell, Azure CLI, REST API, or portal. Just to keep this story readable, I have demonstrated here using the Azure portal only.
I have created a Windows App Service —DemoAppService333(apologies for such a name, rest all were taken :) )
To view the access rules, let's go to Settings → Networking.
Click “Configure Access Restrictions” under the “Access Restrictions”. All the existing rules are displayed here. An “Allow All” rule is created by default once an App Service is created.
