0

Below is my scenario:

I am calling API Management from Logic APP.

I want to restrict IP Address so that only Logic App can call the API Management.

I am using the IP Filter as shown below for the IP Address mentioned here 

<ip-filter action="allow | forbid">  
<address>40.112.243.160</address>  
<address>address</address>  
</ip-filter>

But I am not able to figure out the IP Address that's coming in to API Management. Its different than the list of IP Address provided in this link. It starts with 10...*.

Am I missing anything here?

Improve this question
1
  • You could check X-Forwarded-For attribute in your logic app output to get the IP address. I have update my reply, you could refer to it. Commented Nov 28, 2018 at 6:17

3 Answers 3

Reset to default
2

As far as I know, there is a list of outbound IP addresses for Azure Logic App per region. For more details, you can refer to the doc. If you want to avoid other users with the Logic App in the same region to have access to your resource or get a static single IP address, you can further use Azure API Management to act as a reverse proxy for the Logic App. And then use the policy in the APIM as below:

<ip-filter action="allow | forbid">  
<address>address</address>  
<address-range from="address" to="address" />  
</ip-filter>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is what I had done. But the IP Address I am seeing from Logic APP to APIM is different. It starts with 10... which I don't see any where in the documentation. That's where I am confused if the IP Address I am depending from Logic App is right?
0

All logic apps in a region use the same ranges of IP addresses. To support the calls that logic apps directly make with HTTP, HTTP + Swagger, and other HTTP requests, set up your firewall configurations in your APIM so they include these outbound addresses, based on where your logic apps exist:

Here is the list of IP address of Logic App based on the region.

Improve this answer

1 Comment

Please add the list of IP Addresses to your post in case the link goes dead
0

You could use the ip-filter policy filters (allows/denies) calls from specific IP addresses and/or address ranges in your APIM.

Policy statement

<ip-filter action="allow | forbid">  
    <address>address</address>  
    <address-range from="address" to="address" />  
</ip-filter>

You could get your logic app ip address from this link. Then you could set APIM like:

<ip-filter action="allow">  
    <address>address1</address>  
    <address>address2</address> 
    <address>address3</address> 
</ip-filter>

Update:

But I am not able to figure out the IP Address that's coming in to API Management. Its different than the list of IP Address provided in this link.

When you use logic app to call APIM, you could see the X-Forwarded-For attribute in output which is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.

Here is my test snapshot. My logic app location is eastasia and my IP address is 13.75.94.173 which is inside the East Asia Outbound IP of Logic App.

enter image description here

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.