Skip to content

Limit Logic App HTTP request triggers#

Security · Logic App · Rule · 2020_12 · Critical

Limit HTTP request trigger access to trusted IP addresses.

Description#

When a Logic App uses a HTTP request trigger by default any source IP address can trigger the workflow. Logic Apps can be configured to limit the IP addresses that are accepted to trigger the workflow.

Recommendation#

Consider limiting Logic Apps with HTTP request triggers to trusted IP addresses.

Comments