Azure Front-Door - X-Azure-ClientIP is showing an IPV6 address instead of IPV4

1
votes

We, Have an Azure front door setup and as a back-end, we used azure app services(Asp.NET). When we try to see the server variable at that time that it's showing an IPv6 in "X-Azure-ClientIP". We need a IPv4 in "X-Azure-ClientIP" Because we want to apply IP access restriction via our application on our content.

As one of our clients has both IPv4 and IPv6 enabled in their system. But we got only IPV6 in "X-Azure-ClientIP" instead of that we want IPv4.

Is there any provision in the azure front door to tackle this kind of scenario?

1
asp.netasp.net-mvcazure-api-managementazure-front-door

1 Answers

0
votes

This is a limitation for now. You cannot block IPV6 address in AFD. You can always submit your feedback here in this section for features availability. But, as a work around you can use IP address safelist feature In ASP.NET core,

        {
  "AdminSafeList": "127.0.0.1;192.168.1.5;::1",
  "Logging": {

Here, only the client IP addresses listed in the string will be able to access the app. IPv4 addresses of 127.0.0.1 and 192.168.1.5 and the IPv6 loopback address of ::1 (compressed format for 0:0:0:0:0:0:0:1) are allowed.

Ref Doc: https://docs.microsoft.com/en-us/aspnet/core/security/ip-safelist?view=aspnetcore-5.0