MS Azure : Identify outbound IP addresses from an MS Azure Web App Service

When setting up an Web App Service on Azure which you are wanting to hook up to an Azure Database you will need to ensure that the IP address of the Web App Service is white listed for the Database Server. This is true of Postgres and SQL Azure in my experience. Now when you upload your project to the Web App Service and connect to an SQL Azure the error message indicates what IP address of the web application is failing. That is not the case when trying to connect to Azure Database for Postgres Flexible Server (my experience at September 2023) so how do we find this. As usual the answer is in Azure documentation but thoroughly buried.

One paragraph states

Regardless of the number of scaled-out instances each has a set number of outbound IP addresses at any given time. Any outbound outbound connection from the App Service app, such as to a back end database, uses one of the outbound IP addresses as the origin IP address. The IP address is selected randomly at runtime,

SO YOUR BACK END SERVICE MUST OPEN ITS FIREWALL TO ALL THE OUTBOUND IP ADDRESSES FOR YOUR APP

So how do we find these outbound IP addresses?
Log into the Azure Portal using the administrator account that has access to the Web App Service you want to identify outbound IP Addresses for.

Select the web app service

Look to Networking within Settings menu

Now several boxes should be presented to you towards the right of your browser window identify the one marked Outbound Traffic.

IP Addresses you are interested in should be presented where the red box is. There is a helpful copy button should you need to quickly copy them.

So that is great but what if you are quickly wanting to identify the outbound IP address of a web app

So go to the windows terminal

and use the nslookup command followed by the domain you wish to identify the IP address of.

Postscript
One point is that I seemed to have difficulty registering the outbound IP addresses and it was repeatedly failing to connect a front end application to the Azure Database for Postgres flexible server – I went through my outbound addresses thoroughly and then stopped and started the server itself. Note the restart option wasn’t working for me so I did a complete stop and then start. After this it seemed to work. I will continue to monitor this but its not a process I perform often so it may be sometime before I can truly establish my issue. It should be noted that nslookup did not initially reveal the IP that worked I still don’t know which of the outbounds are working or whether it was the restart that made it work. I did note that the allow all azure connections option always corrected the issue (so this can be used for testing)

Azure App Service – Simple Web App Service IP Restriction

Its written about extensively but here are my links and notes on setting up IP restriction for web apps in Microsoft Azure. You can allow or deny specific IPs. Setting up a restriction immediately denys all other IPs.

For this you will need
1) Azure Account with Web App Service running.
2) the IP you specifically wish to ALLOW

Firstly a useful service to identify the external IP you or your customers are using.
WhatIsMyIP.com

1) Navigate to portal.azure.com and go into your account

2) Identify the App Service you wish to place IP restrictions on.

3) Within Settings look for Networking

4) Scroll down to Access Restrictions

and select

    Configure Access Restrictions

5) Adjust as appropriate

Restrictions occur almost immediately so usually within 30 seconds or a browser refresh new policy will be in place.