I have an API hosted in Azure VM on IIS. I have exposed that End point to public through Azure API Manager. Currently the server end point can be called directly bypassing the Azure API Manager. I need to configure IIS to accept calls only through the API Manager and IIS should reject direct end point calls. I'm Using IIS v.10
How to make this configuration on IIS?
Thanks in advance
Enable the IP security feature
And then you can filter based on IP
I would prefer to achieve this in a different way by deploying my APIM to virtual network (external mode) and my VM to the same network and through NSG rule prevent the access to my VM except from the APIM service and any other service has to access my VM. NSG rules has way more benefits than the IIS IP security feature.