Expiscornovus

Discover the new

IP Address Whitelist Environment Variable

by · December 5, 2024

Recently I was trying to restrict a HTTP request trigger action in several Power Automate flows. Paul Murana has a cool solution approach for that. In this blog I demonstrate how you can use a central IP Address Whitelist environment variable for that approach.

Setting the Scene

In Power Automate you can use the When a HTTP request is received trigger action. This action will generate an HTTP url which you can use for GET or POST requests to connect your favourite app to a Power Automate flow instance.

An example use case for this trigger action is to use it in a Service Hook for Azure DevOps to queue a new build, like demonstrated by Jon Russell. Or one of my examples where it was used for an email button on a SharePoint page.

anyone

The Challenge

In these use cases the Anyone option was used for the Who can trigger the flow? dropdown field in the configuration of this action. However, selecting this option means when the endpoint url is obtained it can be triggered by Anyone.

Obviously, we can select the Any user in my tenant or Specific users in my tenant options as well, to make it more strict. But that also requires an app registration and a secret, like demonstrated by Yash Agarwal in his blog P1 – Securing “When an HTTP Request is Received” trigger in Power Automate.

I wanted to use the Anyone option while locking it down a bit. This is where Paul Murana his solution comes into play, Power Automate – Restrict the HTTP Request trigger by IP Address.

In his blog and YouTube video he has demonstrated that you can use a contains function in a trigger condition to check the Client-IP property which is nested within the headers of the triggerOutputs of the request.

This approach would be a per flow type of configuration. Surely Power Automate should be able to handle a central location for this?

Json Environment variable

Short answer, is Yes! 😀

Somewhere in my mind I thought it wasn’t possible to use environment variables (aka parameters) in trigger condition expressions. But I guess I was wrong (or Microsoft has changed some bits since the last time I checked).

I used an environment variable of type json in a solution which means I only have to manage the IP Address whitelist in one place.

ipaddresswhitelist_jsonvariable

The trigger condition looks like the below

contains_parameter

That is it for the whole setup of this example.

Happy testing!

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.