Client IP access error when connecting to Azure SQL Database from an App Service

If you need to connect to an Azure SQL Database from an App Service and are getting a ‘Client with IP address ‘XXX’ is not allowed to access the server.’ error you need to amend the server firewall settings in one of two ways…

Firewall settings Azure SQL DB

1 – Allow access for ALL Azure resources

Switch the ‘Allow Azure services and resources to access this server‘ button on in the server firewall settings page. This allows all resources in the Azure boundary to access the server (not the DB).

2 – Allow access for certain IPs

Add IP based rules for the App Services outbound IP addresses in the DB server firewall settings page.

Each app will have a set number of outbound IPs at any time and the specific IP is selected randomly at runtime so you need to grant access to all outbound IP addresses listed. To find the addresses go to your App Service in the portal and navigate to Settings -> Properties

Azure App Service Outbound IP address

According to Microsoft the set of outbound IP addresses for your app changes when you perform one of the following actions:

Delete an app and recreate it in a different resource group (deployment unit may change).

Delete the last app in a resource group and region combination and recreate it (deployment unit may change).

Scale your app between the lower tiers (Basic, Standard, and Premium) and the Premium V2 tier (IP addresses may be added to or subtracted from the set).

The ‘Outbound IP addresses’ section above shows the current IP addresses based on your current tier but ‘Additional Output IP Addresses’ shows all possible outbound IPs regardless of tier. Therefore when you’re adding your IP whitelist, I recommend using the additional list just in case you change SKU in the future.

Don’t forget to save your changes…


You might also be interested in...

Fix the ‘Your client IP address does not have access to the server.’ error when connecting to an Azure SQL Database from SQL Server Management Studio
If you’ve just created an Azure SQL Database and are trying to connect to it from SQL Server Management Studio … Continue reading Fix the ‘Your client IP address does...

Viewing Azure App Service web server and application logs in real time on the Azure Portal
The ability to view application and web server logs in real time for an App Service in the Azure portal … Continue reading Viewing Azure App Service web server and...

Enabling Azure CDN to read Azure Storage account blobs to resolve ‘The specified resource does not exist’ error
If you’ve got an Azure CDN endpoint hooked into an Azure Storage account you may get an error stating ‘The … Continue reading Enabling Azure CDN to read Azure Storage...

How to reference Key Vault connection strings from an Azure App Service
If we have a connection string defined in our appsettings.json file we can have our App Services override this by … Continue reading How to reference Key Vault connection strings...

Uploading files to Azure App Service directly from the Azure portal without FTP
Despite its lack of visual feedback you can upload files directly into your Azure App Service via the Azure portal. … Continue reading Uploading files to Azure App Service directly...

Leave a Reply

Your email address will not be published. Required fields are marked *