dynamicipsecurity和多个Web应用程序实例 [英] dynamicipsecurity and multiple web app instances

问题描述

我在我的azure web服务应用程序（大型，有10个实例）上使用以下web.config代码，因为我认为我们处于DOS攻击之下：

I'm using the following web.config code on my azure web service app (large, with 10 instances) as I think we are under DOS attack:

<security>
      <dynamicIpSecurity denyAction="Forbidden" enableProxyMode="true" enableLoggingOnlyMode="false">
        <denyByConcurrentRequests enabled="true" maxConcurrentRequests="30" />
        <denyByRequestRate enabled="true" maxRequests="30" requestIntervalInMilliseconds="1000" />
      </dynamicIpSecurity>
    </security>

一旦我申请，网站就会拒绝所有请求。我认为必须检测负载均衡器IP地址？它完全无法使用。我可以让网站再次加载的唯一方法是设置enabled =" false"两个< deny ...行。我有
尝试禁用代理模式，增加maxconcurrentrequests，增加maxrequests，禁用日志记录......没有任何工作。

As soon as I apply this the website denies all requests. I think it must be detecting a load balancer IP address? It's completely unusable. The only way I can get the site to load again is by setting enabled="false" on both <deny... lines. I've tried disabling proxy mode, increasing maxconcurrentrequests, increasing maxrequests, disabling logging... nothing is working.

推荐答案

您可以通过Azure门户中的诊断刀片启用Web服务器日志记录，以检查客户端IP的记录内容。

You can enable web server logging via the Diagnostic Blade in the Azure Portal to check what the client IPs are being logged as.

https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs#enablediag

https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs#enablediag

这篇关于dynamicipsecurity和多个Web应用程序实例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！