Ensure that IP restrictions rules are configured for Azure App Service

MEDIUM

Description

IP restrictions on Azure App Service can help protect the resources from unauthorized access. For more information on setting up restrictions in App Service, see the Azure documentation.
Resources:
https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions

Remediation

In Azure Console -

Open the Azure Portal and go to App Services.
Choose the App you wish to edit.
Under Settings, select Networking.
Under Access Restrictions, select Configure Access Restrictions.
Configure restrictions accordingly.

In Terraform -

In the azurerm_app_service resource, configure the ip_restriction block accordingly.

References:
https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions?tabs=azurecli
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#ip_restriction

Policy Details

Rule Reference ID: AC_AZURE_0196

CSP: Azure

Remediation Available: No

Domain: Infrastructure Security

Resource: azurerm_app_service

Resource Category: Serverless

Resource Type: App Service

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0