App Service-Web配置-设置dynamicIpSecurity [英] App Service - web config - Setting dynamicIpSecurity

问题描述

H 我需要为上的Api配置dynamicIpSecurity Azure应用服务

https://azure.microsoft.com/fr-fr/blog/confirming-dynamic-ip-address-restrictions-in-windows-azure-web-sites/

我们使用安全工具对突发请求进行了测试，但始终获得http状态200，并且从未收到过 403或401

我们还使用以下配置进行了测试，并且突发请求仍以HTTP状态200继续返回

  < enableLoggingOnlyMode =          < denyByConcurrentRequests 已启用 = maxConcurrentRequests =          < denyByRequestRate 已启用 = maxRequests =            requestIntervalInMilliseconds =       </ >

我知道在我自己的服务器上，我需要激活"IP和域限制"

https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/dynamicipsecurity/

要使此配置正常工作，我需要在App Service中做什么?

解决方案

< system.webServer> <安全性> < ipSecurity allowUnlisted ="false" denyAction ="NotFound"> <添加允许="true" ipaddress ="123.456.0.0" subnetMask ="255.255.0.0"/> </ipSecurity> </security> </system.webServer>

限制 IP地址 "以手动限制IP地址.

如果此答案很有帮助，请单击"标记为答案"或"投票".提供额外的 关于您的论坛体验的反馈，请单击 .

Hi need to configure the dynamicIpSecurity for an Api on Azure App Service 

https://azure.microsoft.com/fr-fr/blog/confirming-dynamic-ip-address-restrictions-in-windows-azure-web-sites/

We tested the submission of request in burst (with a security tool) but we allways received http status 200 and never receided 403 nor 401 as expected

We also tested with the configuration below and the burst requests still continue to return with http status 200

  <dynamicIpSecurity enableLoggingOnlyMode="true">

        <denyByConcurrentRequests enabled="true" maxConcurrentRequests="1" />

        <denyByRequestRate enabled="true" maxRequests="1"

           requestIntervalInMilliseconds="5000" />

      </dynamicIpSecurity>

I know that on a server of my own, I need to activate the "IP and Domain Restrictions"

https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/dynamicipsecurity/

What do I need to do in App Service to have this configuration working?

解决方案

You may try below code in you ‘web.config’ file & see if it helps you.

<system.webServer>
<security>
<ipSecurity allowUnlisted="false" denyAction="NotFound">
<add allowed="true" ipaddress="123.456.0.0" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
</system.webServer>

Here, ‘add’ element is ‘True’, which means it will allow IP only available in the <add..> element. If the website is access from IP address outside the range, will receive "HTTP 404 ERROR"

Also, you may refer to "Restrict IP address" to restrict IP address manually.

-----------------------------------------------------------------------------------------------

If this answer was helpful, click "Mark as Answer" or "Up-Vote". To provide additional feedback on your forum experience, click here.

这篇关于App Service-Web配置-设置dynamicIpSecurity的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！