Forum Documentation Showcase Pricing Learn more

Database connector Azure SQL firewall question

#1

Hi,

I installed the Bubble database connector and got it to retrieve data from my SQL database on Azure. However, I need to allow a specific IP address on my Azure server in order to allow queries coming from Bubble.

When you setup the original connection in the plugin you get a popup message saying you need to allow xxx.xxx.xxx.xxx IP address in the Azure firewall for the connection to work. So, I update the firewall rule in Azure to allow this IP and all is fine.

The problem is that my connection to the Azure database does not work the following day as the Bubble IP initiating the query to the server changes. That IP not being authorized already in my Azure firewall, the request is denied. So, I have to manually add a new IP address to my Azure firewall for it to work.

Of course, this is tolerable in a development situation but would not work in real life. Are there specific IP addresses that Bubble uses all time that I could whitelist on my Azure firewall ? Of course, I do not want to make my database accessible from any IP…

Has anybody been faced with this same issue ?

Thanks
Mike

#2

If the Bubble app is on a dedicated server plan, it will have a fixed IP address you can use in the firewall.

Otherwise, if the app is on shared servers, so the IP address changes. Bubble support may be able to provide you the range of IP addresses it can be in.

1 Like
#3

Thanks for replying @mishav

Here is the answer I got from support :

We offer static IPs only on Dedicated and don’t have main cluster workarounds at the moment. This is a much requested feature so we will let you know if we find alternatives / change anything on this front. Please let us know if you are interested in learning more about the Dedicated Plan and/or have additional questions.

So IP ranges or static IP are out of the question as Dedicated is $1000+ a month…

I am very novice at all this but did manage to setup REST API calls using the Bubble API connector and Microsoft Flow (part of my O365 subscription). In MS Flow you basically create a “When HTTP request is received” (i.e POST, GET, etc.) action and then use the logic to query your Azure SQL database and send a response. MS Flow allows you to configure a JSON Schema than enables you to pass your query parameters in the body of the call.

I believe this can also be done using Azure Functions or Azure Logic.

Took quite a bit of reading (Google is your friend) but got all the piece together and now all is working and no need to deal with the Azure firewall.

Thanks again.
Mike

1 Like
#4

Hello guys,
I too installed the Bubble SQL database connector only to find that I could not set a connection through my SonicWall without an IP address or set of IP address or a subnet that could be used to ensure that only the intended connection is accessing the data. It would be a huge security hole if a specific IP or set of IPs were not used where a port was left open to the entire internet.

I received the exact response from support today that @michel.allard received so I replied indicating that the IPs did not have to be static asked if there might be a pool or a subnet and received the following response:

I checked with our engineering team and they confirmed a pool or subnet is not available to share currently. We will keep you posted should anything change on our end.

If anyone has tackled this problem any response would be appreciated.

#5

I never found a solution for the firewall issue with the SQL database connector but as indicated in my last post, I ended up using REST API which negates the need for the database connector and firewall IP adresses.

Fair warning, I am not an IT professional (one of the reasons why I use Bubble) and I haven’t worked on this project for quite some time but REST API seems to be working pretty well (with a bit of learning curve if unfamiliar with it).

For me, the entire MS environment (Azure, Flow, etc.) proved to be very valuable.

1 Like