I have an Azure Function App setup and there is a CDN (Standard Microsoft) endpoint associated with the Function App. In the Function App --> Networking --> Access Restrictions settings, I have some rules to 'Allow' certain sources access and at the bottom is the 'Deny all' rule.
With the rules in place, the CDN returns a 403 Forbidden message. I can access the page directly from the Function App from one of the allowed source IPs. The only way I have been able to get the CDN to work has been to remove ALL the access restriction rules.
How can I get the CDN to work with the rules in place? Do I need to find the CDN IP to add an 'Allow' rule and where would I even find the CDN source IP?
Not an expert on CDN, but if function app is getting any incoming connection, the IP address needs to be whitelisted. Can you have a look at this - https://learn.microsoft.com/en-us/azure/cdn/cdn-pop-list-api#retrieve-the-current-microsoft-pop-ip-list-for-azure-cdn
This has the POP IP list for Microsoft. If CDN is trying to connect to function app, you can try to whitelist these IPs.
In case the link above every gets moved or broken, here is the critical information.