Ingress IP Restriction not respected for TCP port 22

[woutervanranst]

This issue is a: (mark with an x)

• [X] bug report -> please search issues before submitting
• [ ] documentation issue or request
• [ ] regression (a behavior that used to work and stopped in a new release)

Issue description

Ingress IP Restriction not working for TCP port 22

Steps to reproduce

1. Deploy an ACE with dedicated network to allow ingress IP restrictions.
2. Deploy ACA app1 (an SFTP eg atmoz/sftp) and configure ingress restrict ips, TCP port 22, setting 'Allow traffic from IPs configured below, deny all other'
3. Deploy another ACA app2 (eg the quickstart one) and configure the same, but from HTTP port 80

Expected behavior On app1 I cannot connect On app2 I cannot connect

Actual behavior On app1 I can connect On app2 I cannot connect (I was able to connect before applying the restriction, demonstrating that it had effect)

Screenshots

SFTP connection successful

Web Traffic effectively blocked

Additional context

Occurs through the Portal

[zhenqxuMSFT]

@woutervanranst We identified a bug which may delay IP restrictions to take effect for TCP apps (but finally it will take effect).

We will fix the bug in next release.

[ilmax]

Same exact issue here, @zhenqxuMSFT do you have an ETA for the next release?

[ilmax]

@zhenqxuMSFT ~6 month ping, any news here?

[vanakool1001]

@zhenqxuMSFT

Could you please specify how long it takes to apply the restrictions (at least approximately). This would really help me right now. Thanks!