We have a system that is fronted by Azure Front Door. We now have a customer that needs to access the system from a closed down location and wants to white-list the ip addresses of the system. I have not found any list of ip ranges for Front door. Azure App Service and many other services provide a list of addresses. App Service, however, is not as distributed as Front Door, but I'm asking anyway:
Is there a set of exposed public ip addresses where Front Door operates?
We do have a FAQ which answers your question. Here is the FAQ of Frontdoor to lock the down access only via Frontdoor
Configure IP ACLing for your backends to accept traffic from Azure Front Door's backend IP address space and Azure's infrastructure services only. Refer the IP details below for ACLing your backend:
Refer AzureFrontDoor.Backend section in Azure IP Ranges and Service Tags for Front Door's IPv4 backend IP address range or you can also use the service tag AzureFrontDoor.Backend in your network security groups.
Front Door's IPv6 backend IP space while covered in the service tag, is not listed in the Azure IP ranges JSON file. If you are looking for explicit IPv6 address range, it is currently limited to 2a01:111:2050::/44
Azure's basic infrastructure services through virtualized host IP addresses: 168.63.129.16 and 169.254.169.254
Microsoft publishes the set of IP address ranges used by its services in a variety of formats including:
JSON Download at https://www.microsoft.com/en-us/download/details.aspx?id=56519
Via REST interface
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Network/locations/{location}/serviceTags?api-version=2020-07-01
Get-AzNetworkServiceTag -Location <String>
az network list-service-tags --location [--subscription]
In this case, I believe you're asking for the IP addresses at which Azure FrontDoor accepts inbound traffic, so search for "AzureFrontDoor.Frontend" in the output of one of the above resources.
