For an Azure SQL Database it can easily be set to only accept connection requests from within the datacenter it is running in and from a specified list of IP addresses (in my case, my home). Does Azure App Service have something like this?
And/or can I specify specifically what app in the datacenter, plus my home IP, can access it? This is for an App Server written in Python which will only be called by my Blazor/C# App Server. My Blazor app is set to scale out so it's more than 1 IP address.
We're going to use an authentication token passed in the request header. But we want to avoid the tsunami of requests that hit it as a public app server.
First of all, you'll want to create a new Virtual Network that you'll be using as a private network that will allow connections between your Blazor/App Server and the App in question. You can find detailed instructions on setting up a Virtual Network here as I feel like it's somewhat out of the scope of the question.
Once you've created the virtual network, you'll want to add your new network to the Outgoing Connections section in your Blazor/App Server's Networking section. Once again, the specifics of your configuration for the networking is out of the scope of the question, but is documented in depth here.
You should then head to the Network section of your App Service's Settings and click on Public Network Access and select the second option: Enabled from select virtual networks and IP addresses. Here, you can add your newly created Virtual Network, and your Home IP address to the Allowed list.