Azure 网站 IP 限制 [英] Azure website IP restriction
问题描述
我有一个仅用于开发和测试的 Azure 网站,因此我想限制除我自己以外的所有人访问它.根据这篇博客文章 现在正式支持,所以我尝试将其添加到我的 web.config 文件中:
I have an Azure website which I only use for development and testing, therefore I want to restrict access to it for everyone but myself. According to this blog article this is now offically supported, so I tried adding this to my web.config file:
<system.webServer>
<security>
<ipSecurity allowUnlisted="false" denyAction="NotFound">
<add allowed="true" ipAddress="1.2.3.4" />
</ipSecurity>
</security>
</system.webServer>
对于 ipAddress 属性,我必须使用我的 Internet 连接的 IP 地址,对吗?所以我去了 http://www.whatismyip.com/ 并复制了地址,但现在我的网站只是阻止了所有请求,允许规则无效.
For the ipAddress attribute I have to use the IP address of my internet connection right? So I went to http://www.whatismyip.com/ and copied the address, but now my website is simply blocking all requests, the allow rule has no effect.
我错过了什么吗?
更新: 日志文件显示 Web 服务器看到的 IP 不是实际客户端的 IP,而是中间代理 (Cloudflare) 的 IP.所以我尝试通过添加 enableProxyMode="true"
来解决这个问题,不幸的是这并不能解决我的问题.关于如何让 IP 限制与 Cloudflare 一起工作的任何想法?
UPDATE: The log files revealed that the IPs seen by the web server are not those of the actual clients, but of a proxy in between (Cloudflare). So I tried to solve this by adding enableProxyMode="true"
, unfortunately this does not fix my issue. Any ideas of how to get IP restrictions to work with Cloudflare?
推荐答案
以防万一有人试图使用 Cloudflare 设置 IP 限制:解决方案是不仅将您的 IP 添加到白名单,还包括所有 Cloudflare IP (取自这里).
Just in case someone is trying to setup IP restrictions with Cloudflare: the solution is to not only add your IP to the whitelist, but also all the Cloudflare IPs (taken from here).
<system.webServer>
<security>
<ipSecurity enableProxyMode="true" allowUnlisted="false" denyAction="NotFound">
<!-- YOUR IP -->
<add allowed="true" ipAddress="1.2.3.4" />
<!-- CLOUDFLARE -->
<add allowed="true" ipAddress="199.27.128.0" subnetMask="255.255.248.0" />
<add allowed="true" ipAddress="173.245.48.0" subnetMask="255.255.240.0" />
<add allowed="true" ipAddress="103.21.244.0" subnetMask="255.255.252.0" />
<add allowed="true" ipAddress="103.22.200.0" subnetMask="255.255.252.0" />
<add allowed="true" ipAddress="103.31.4.0" subnetMask="255.255.252.0" />
<add allowed="true" ipAddress="141.101.64.0" subnetMask="255.255.192.0" />
<add allowed="true" ipAddress="108.162.192.0" subnetMask="255.255.192.0" />
<add allowed="true" ipAddress="190.93.240.0" subnetMask="255.255.240.0" />
<add allowed="true" ipAddress="188.114.96.0" subnetMask="255.255.240.0" />
<add allowed="true" ipAddress="197.234.240.0" subnetMask="255.255.252.0" />
<add allowed="true" ipAddress="198.41.128.0" subnetMask="255.255.128.0" />
<add allowed="true" ipAddress="162.158.0.0" subnetMask="255.254.0.0" />
<add allowed="true" ipAddress="104.16.0.0" subnetMask="255.240.0.0" />
</ipSecurity>
</security>
</system.webServer>
这篇关于Azure 网站 IP 限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!