I am testing a simple html page with Azure Static Web Apps (SWA) and want to implement an IP restriction so I can only view the site. I also have a simple Azure Devops task to push the project.
The issue is while the pipeline output shows the task finding and reading the swa.config.json file the site is still accessible from other IPs other than my own. Even if I set allowedIpRanges
to an empty list [""]
the site is still accessible even though that should not allow any IPs to access the site.
My project structure:
project_folder/
| - index.html
| _ staticwebapp.config.json
My staticwebapp.config.json:
{
"networking": {
"allowedIpRanges": ["MY_IP"]
}
}
Azure Devops Task:
- task: AzureStaticWebApp@0
inputs:
workingDirectory: $(System.DefaultWorkingDirectory)/project_folder/
app_location: /
output_location: ''
is_static_export: true
skip_app_build: true
skip_api_build: true
verbose: true
azure_static_web_apps_api_token: $(SWA_DEPLOYMENT_TOKEN)
The pipeline output:
Verbose logging enabled
Build timeout not specified, defaulting to 15 minutes
App Directory Location: '/' was found.
Looking for event info
Event info parsed from action options.
Skipping step to build /working_dir with Oryx
Found staticwebapp.config.json file: 'staticwebapp.config.json'
Didn't find Oryx manifest file under location: /a2b4be88-c84d-41ed-acfe-2f2c9b2f87b1-swa-oryx/app-manifest/oryx-manifest.toml
Determined default file to be: index.html
Using 'staticwebapp.config.json' file for configuration information, 'routes.json' will be ignored.
No Api directory specified. Azure Functions will not be created.
Either no Api directory was specified, or the specified directory was not found. Azure Functions will not be created.
Zipping App Artifacts
App Zip will be created from directory: /working_dir
Done Zipping App Artifacts
Uploading build artifacts.
Skipping function upload as functions are identical to last successful deployment.
Finished Upload. Polling on deployment.
Status: InProgress. Time: 0.057026(s)
Status: Succeeded. Time: 15.225704(s)
Deployment Complete :)
Visit your site at: https://asdf.azurestaticapps.net
Thanks for using Azure Static Web Apps!
Exiting
Finishing: AzureStaticWebApp
2
Answers
While I couldn't figure out the IP restrictions on the free SKU of Azure Static Web Apps, I used AAD auth instead with the paid sku and the following configuration in my staticwebapp.config.json file.
I have tried to repro the same using the below steps and got the results as expected.
Step 1: Initialize repo and add index.html and staticwebapp.config.json files.
staticwebapp.config.json:
In the above configuration file, 49.204.176.183 under networking is my public IP address. If you are allowing a single IP, use
/32
CIDR block.Please refer networking section in this ms doc for more information.
Step 2: Create and run the pipeline and verify the webapp whether it is accessible or not.
Below is the azure static webapp task in pipeline.
Step 3: Now change IP address to any other address and run pipeline to verify the network configuration applied.