Limit the access to one application in Azure Service Fabric

Question

I have one Service Fabric application deployed in one Azure Service Fabric cluster, which provide some REST API, and also a web app in Azure, acting as the consumer of the REST API. What I want to do is to deny any access to my SF application from anywhere except from my web app.

I tried NSG to add the deny rule for source with the tag of Internet but failed. Seems the existence of the load balancer of SF cluster make the deny rule not working. Any suggestion? Thanks!

Answer 1

This works for me:

1. Add an inbound NSG rule, priority lower than the default rules (say 100)
2. Name: Give it a name
3. Source: Any
4. Protocol: TCP Source
5. port range: (web app addresses)
6. Destination: Any
7. Destination port range: *
8. Action: Deny (was incorrectly set to Allow before)

I suspect either the INTERNET tag's range is too broad to block anything, or your rule priority # is too high.

Check here to find out Azure DC port ranges.