AzureEdge CDN IP范围 [英] AzureEdge CDN IP Ranges
问题描述
我正在尝试从X-Forwarded-For,X-Real-IP或等效报头中获取真实的客户端IP地址.
I'm trying to get real client IP addresses from the X-Forwarded-For, X-Real-IP, or equivalent header.
要安全地执行此操作,需要配置CDN以对后端进行身份验证,例如.客户端证书(例如Cloudflare),或将后端配置为仅在从已知IP范围发送时才信任这些标头.
Doing this securely requires configuring the CDN to authenticate to the backend, eg. client certificates like Cloudflare, or configuring the backend to trust those headers only when sent from a known IP range.
我正在尝试第二步,但这需要信任IP范围的来源.
I'm attempting to do the second, but this requires a source of trusted IP ranges.
对于Cloudflare,它是https://www.cloudflare.com/ips/
For Cloudflare, it's https://www.cloudflare.com/ips/
对于Cloudfront,它是https://ip-ranges.amazonaws.com/ip-ranges.json
For Cloudfront, it's https://ip-ranges.amazonaws.com/ip-ranges.json
对于AzureEdge,我能找到的最接近的是https://docs.microsoft.com/zh-cn/rest/api/cdn/edgenodes/edgenodes_list-但这已通过身份验证(这很烦人,但可行),并且据我了解,仅提供该帐户的当前活动地址, 经常变化.根据频率,这需要大量工作才能使用.
For AzureEdge, the nearest I can find is https://docs.microsoft.com/en-us/rest/api/cdn/edgenodes/edgenodes_list - but this is authenticated (which is annoying, but workable), and as I understand it, gives only the currently-active addresses for the account, which change frequently. Depending on the frequency, this would require significant work to use.
https://www.microsoft.com/en-us/download/details.aspx?id=41653也被反复建议.使用起来会更加令人生气,因为它是:
-不可编写脚本,因此必须手动更新
-包括计算"范围,这意味着将包含租用天蓝色VPS的任何人
https://www.microsoft.com/en-us/download/details.aspx?id=41653 has also been suggested repeatedly. This would be even more infuriating to use, as it is:
- Not scriptable, so must be updated manually
- Includes "compute" ranges, implying that anyone who rents an azure VPS will be included
是否可以为此使用所有受信任IP范围的纯文本或json列表?如果没有,是否有另一种身份验证方法可用?
Is there a plaintext or json list of all trusted IP ranges I can use for this? If not, is there another method of authentication available?
推荐答案
我所知道的唯一准确且可行的方法就是通过API(您已经提到):
The only one I am aware of that is accurate and workable as it is through the API is (which you have mentioned):
https://docs.microsoft.com/en-gb/rest/api /cdn/edgenodes/edgenodes_list
这篇关于AzureEdge CDN IP范围的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
