Restricting HTTP/HTTPS Access to Web Application Gateway for Dev and Stage Webservers

Sarthak legitbytesSarthak legitbytes
2 min read

Client Request

"@DevOps please add to the web application gateway for the dev webserver and the stage webserver restrictions for https / http viewing to the following IP addresses from "

Example IP Addresses (for illustration):

  • 203.0.113.1

  • 203.0.113.11

  • 203.0.113.12

(Replace with actual IPs from Project when available.)

Objective

To restrict HTTP and HTTPS access to the Web Application Gateway for both Dev and Stage webservers so that only specific IP addresses from are allowed.

Step-by-Step Guide

🔍 1. Identify the Web Application Gateway

  1. Access the Dev or Stage website in a browser.

  2. Open Command Prompt and run:

     ping <dev-stage-url>

    This returns the public IP address of the application.

  3. Log in to the Azure Portal.

  4. Search for the public IP address in the search bar to locate the associated Public IP resource.

🧭 2. Trace the Resource Associations

  1. From the Public IP Address resource, check which component it's associated with.

  2. Confirm it's linked to the Application Gateway (e.g., Webserver_Gateway).

  3. Click on the Application Gateway name to open its configuration.

🧰 3. Edit Backend Pool / Find Target VM

  1. In the left sidebar of the Application Gateway, go to:

     Backend Pools > Click on the pool name (e.g., Webserver_Backend)

  2. Check the target IPs or FQDNs used in the backend pool.

  3. If the target is an IP, search for it in the Azure search bar to find the associated VM.

🔐 4. Add NSG Rules for HTTP/HTTPS Access

  1. Open the Virtual Machine that was identified.

  2. In the VM’s menu, click Networking.

  3. Under Inbound Port Rules, click Add inbound port rule.

  4. Configure two new rules (one for HTTP and one for HTTPS):

Example: HTTP Rule

  • Source: IP Addresses

  • Source IP address range: 203.0.113.10, 203.0.113.11, 203.0.113.12

  • Destination: Any

  • Service: HTTP (port 80)

  • Action: Allow

  • Priority: 300

  • Name: Allow_HTTP_

Example: HTTPS Rule

  • Service: HTTPS (port 443)

  • Name: Allow_HTTPS_

  • (Other fields same as above)

✅ Make sure to place these above any “Deny All” rules.

Validation

  • Use a VPN or proxy from the allowed IP ranges to verify access.

  • From a non-listed IP, ensure access is denied.

0
Subscribe to my newsletter

Read articles from Sarthak legitbytes directly inside your inbox. Subscribe to the newsletter, and don't miss out.

ipblockAzureip address

Written by

Sarthak legitbytes
Sarthak legitbytes