使用VNET进行API管理的NSG规则允许来自整个Internet的连接 [英] NSG rule for API management with VNET allows connection from whole internet

问题描述

团队，

我已经在VNET内并根据"API管理所需的端口"部分部署了API管理服务. https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-using-with-vnet.md#network-configuration-issues ，则需要NSG规则，允许来自所有互联网来源的80、443和3443端口.

I have deployed API management services inside a VNET and as per "Ports required for API Management" section of  https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-using-with-vnet.md#network-configuration-issues , it requires NSG rules allowing 80, 443 and 3443 ports from all internet sources.

这已被我们的安全团队标记为安全威胁，只有在我们可以将这些规则替换为特定的NSG规则之后，才能继续进行下去，仅允许需要访问api管理服务的必需服务.是否有人有可以 曾经有更严格的政策.

This has been flagged by our security team as a security threat and can't go ahead until we can replace these rules with specific NSG rules allowing only required services which needs access to api management service. Does anybody have rules which can be used to have more stricter policy.

谢谢

维克兰特

推荐答案

您可以使用策略进行IP过滤.您可以参考本文档，其中描述了有关" API 管理访问限制策略 "，看看是否有帮助.

You could do IP filtering using policies. You may refer this document, which describes regarding "API Management access restriction policies" and see if it helps.

- ---------------- -------------------------------------------------- -----------------------------------如果 体验，请单击

------------------------------------------------------------------------------------------------------If this answer was helpful, click "Mark as Answer" or Up-Vote. To provide additional feedback on your forum experience, click here

这篇关于使用VNET进行API管理的NSG规则允许来自整个Internet的连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！