Windows Azure - Restricting IP Access to Access WebRole

Question

Windows Azure - Restricting IP Access to Access WebRole

Is it possible to restrict access to Azure WebRole by a list of IP ranges. I saw that there are a number of articles explaining how to configure a firewall to access an Azure SQL instance, but what about WebRoles / WorkerRoles?

Thanks Luke

+5

azure

Azure Aug 19 '10 at 12:06

source share

4 answers

AndyElastacloud · Answer 1 · 2011-04-07T12:55:58+0000

Starting with the V1.3 SDK (and now V1.4), full support for IIS and launch tasks were available to solve this problem.

I wrote about this http://blog.bareweb.eu/2011/04/restricting-access-by-ip-in-azure-web-role-v1-4/

You can use ipSecurity in web.config, but you also need to do some work on installing the IPSec module in IIS.

Relationship Andy

Henri Hietala · Answer 2 · 2014-12-03T07:27:18+0000

Azure SDK 2.4 (ACL) IP . : http://www.henrihietala.fi/apply-ip-restrictions-for-azure-cloud-service/

ACL ServiceConfiguration.Cloud.cscfg:

<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="MyWebRole.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="4" osVersion="*" schemaVersion="2014-06.2.4">
  <Role name="MyWebRole">
    ...
  </Role>
  <NetworkConfiguration>
    <AccessControls>
      <AccessControl name="ipRestrictions">
        <Rule action="permit" description="allowed-edu" order="100" remoteSubnet="137.133.228.111/32" />
        <Rule action="permit" description="allowed-test" order="101" remoteSubnet="168.61.66.2/32" />
        <Rule action="permit" description="allowed-prod" order="102" remoteSubnet="168.61.66.131/32" />
        <Rule action="deny" description="Others" order="800" remoteSubnet="0.0.0.0/0" />
      </AccessControl>
    </AccessControls>
    <EndpointAcls>
      <EndpointAcl role="MyWebRole" endPoint="Endpoint1" accessControl="ipRestrictions" />
      <EndpointAcl role="MyWebRole" endPoint="HttpsIn" accessControl="ipRestrictions" />
    </EndpointAcls>
  </NetworkConfiguration>
</ServiceConfiguration>

. , IP- remoteSubnet , .

Drew Marsh · Answer 3 · 2010-08-19T13:22:10+0000

Azure, IP IIS7 system.webServer/security/ipSecurity?

Gilad · Answer 4 · 2012-12-15T09:14:09+0000

Microsoft provides a recipe for this in a May 2012 article at http://msdn.microsoft.com/en-us/library/windowsazure/jj154098.aspx .

You can restrict access to the Windows Azure web role to the set of IP addresses by modifying the IIS web.config file and creating a batch file that unlocks the ipSecurity section of the ApplicationHost.config file.

Windows Azure - Restricting IP Access to Access WebRole

More articles: