search

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.26k stars 21.43k forks source link

Are there any logs available to check the list of ips invoking my app where the access is denied? #16618

Closed mayurpuli closed 6 years ago

mayurpuli commented 6 years ago

Hello, which logs can help me access the list of IP addresses which are bombarding my app for whom the access is denied? I have tried enabling Diagnostic Logs as well as Application Insights on my Web App but neither of them could help me detect the restricted IPs accessing my App.

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

mimckitt commented 6 years ago

Thanks for the question! We are investigating and will update you shortly.

BryanTrach-MSFT commented 6 years ago

@mayurpuli have you checked the web server logs to see if they are appearing there?

mayurpuli commented 6 years ago

Yes, I did, only the success case entries i see in the log, no entries from restricted IPs. Below is the snapshot of the app diagnostic log settings

mayurpuli commented 6 years ago

Sorry, not able to attach the snapshot

BryanTrach-MSFT commented 6 years ago

@mayurpuli We replied to your query internally. As a result, we will close this thread. Please share any additional concerns on the email thread.

bigpom commented 5 years ago

@BryanTrach-MSFT Bryan Are you saying there isn't a way today?

haiquan commented 5 years ago

@BryanTrach-MSFT Is there any solution that I can monitor the block action by IP whitelist?

mayurpuli commented 5 years ago

@BryanTrach-MSFT Is there any solution that I can monitor the block action by IP whitelist?

Okay, here is the deal: If you want to see the log of which IP addresses accessing my web app, you can see them in webserver logs

But if you want to see a log of restricted IPs accessing my web app, here is the reply from Bryan (copy pasting it which was answered thru an internal email)

I do not believe it would be possible. IP restrictions set in the networking blade of the web app are setup sort as ACLs. This is enforced on the front-end worker, which is right before the request is handed over to the web worker(web app). As a result, the request will likely not show up in any of the diagnostic logs.

If the customer is looking for advanced threat prevention and logging of that system, they will likely need to consider a WAF(https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-web-application-firewall).

The IP restrictions feature that is baked into app services is meant to be a quick way to block malicious traffic. For more advanced needs, an external solution would be required

droessmj commented 5 years ago

I see this was marked as closed back in November of 2018, but I'd like to reconfirm that this logging behavior remains the same today? We are also looking for the exact same logging capabilities as the OP, but continue to struggle in aggregating information on inbound requests which fail (as expected) due to the network ACL.