Azure Web site IP White list for Windows Azure Web site

Windows Azure Platform Family of articles Catalog

We know that in Azure Cloud service and virtual machine, you can access control lists through the endpoint ACL (Access control list). To set the IP whitelist rule.

For details, see:Windows Azure Virtual Network (10) Setting Client access permissions using the Azure Access Control List (ACL)

By default, Azure Web site does not have an IP whitelist. This means that all users on the Internet have access to services on Azure.

That would create a problem, assuming that I want to implement the IP whitelist on Azure Web site. In this chapter I briefly introduce.

We can define the system.webserver node through the Web. config file to set which IPs can access Azure Web Site.

1. Set IP Whitelist

The rules for IP whitelist are set in this way

(1) Disable all access by default

(2) Increase the allowed access to the public IP address

　　

, we set up the system.webserver node.

In the IPSecurity node

-Allowunlisted is set to true. Allow all public IP access to the Azure Web site service

-Allowunlisted is set to false. Default, all public IP addresses do not allow access to the Azure Web site service

-Denyaction is set to NotFound, all public IP IPs that are forbidden to access the Azure Web site service, error message is not Found

　　

In, the rules we set are:

(1) By default, all public IP addresses do not allow access to the Azure Web site service

(2) Add an IP whitelist rule that allows the public IP address to be 167.220.232.192 public IP to access the Azure Web site service

(3) Add an IP whitelist rule that allows the public IP address to be 202.96.0.0, subnet is 255.255.0.0 public IP, Access Azure WEB site service

Display effect:

(1) The public IP address of my local calculator is 167.220.232.192, you can access services on Azure

　　

(2) I have a virtual machine on Azure, the public IP is 42.159.227.98. This IP is not in the IP whitelist above, so the error message is not Found defined by us. Such as:

　　

　　

2. Set IP blacklist

　　The IP blacklist rules are set in this way

(1) All access is allowed by default

(2) Increase the public IP address of the forbidden access

　The system.webserver node is set as shown in:

　　

-Allowunlisted is set to true. Allow all public IP access to the Azure Web site service

-Add an IP blacklist rule that disables public IP addresses for 167.220.232.192, accessing the Azure Web site service

　　

　　

Display effect:

(1) The public network IP address of my local calculator is 167.220.232.192, access to services on Azure is forbidden

　　

　　

(2) I have a virtual machine on Azure, the public IP is 42.159.227.98. This IP is not in the IP blacklist above, so the display is normal:

　　

　　

Resources:

https://azure.microsoft.com/en-us/blog/ip-and-domain-restrictions-for-windows-azure-web-sites/

https://msdn.microsoft.com/en-us/library/ms691353 (v=vs.90). aspx

　　

　　

Azure Web site IP White list for Windows Azure Web site