Azure 网站 IP 限制 [英] Azure website IP restriction

问题描述

我有一个仅用于开发和测试的 Azure 网站，因此我想限制除我自己以外的所有人访问它.根据这篇博客文章 现在正式支持，所以我尝试将其添加到我的 web.config 文件中:

I have an Azure website which I only use for development and testing, therefore I want to restrict access to it for everyone but myself. According to this blog article this is now offically supported, so I tried adding this to my web.config file:

<system.webServer>
    <security>
        <ipSecurity allowUnlisted="false" denyAction="NotFound">
            <add allowed="true" ipAddress="1.2.3.4" />
        </ipSecurity>
    </security>
</system.webServer>

对于 ipAddress 属性，我必须使用我的 Internet 连接的 IP 地址，对吗?所以我去了 http://www.whatismyip.com/ 并复制了地址，但现在我的网站只是阻止了所有请求，允许规则无效.

For the ipAddress attribute I have to use the IP address of my internet connection right? So I went to http://www.whatismyip.com/ and copied the address, but now my website is simply blocking all requests, the allow rule has no effect.

我错过了什么吗?

更新: 日志文件显示 Web 服务器看到的 IP 不是实际客户端的 IP，而是中间代理 (Cloudflare) 的 IP.所以我尝试通过添加 enableProxyMode="true" 来解决这个问题，不幸的是这并不能解决我的问题.关于如何让 IP 限制与 Cloudflare 一起工作的任何想法?

UPDATE: The log files revealed that the IPs seen by the web server are not those of the actual clients, but of a proxy in between (Cloudflare). So I tried to solve this by adding enableProxyMode="true", unfortunately this does not fix my issue. Any ideas of how to get IP restrictions to work with Cloudflare?

推荐答案

以防万一有人试图使用 Cloudflare 设置 IP 限制:解决方案是不仅将您的 IP 添加到白名单，还包括所有 Cloudflare IP (取自这里).

Just in case someone is trying to setup IP restrictions with Cloudflare: the solution is to not only add your IP to the whitelist, but also all the Cloudflare IPs (taken from here).

<system.webServer>
    <security>
        <ipSecurity enableProxyMode="true" allowUnlisted="false" denyAction="NotFound">
            <!-- YOUR IP -->
            <add allowed="true" ipAddress="1.2.3.4" />
            <!-- CLOUDFLARE -->
            <add allowed="true" ipAddress="199.27.128.0" subnetMask="255.255.248.0" />
            <add allowed="true" ipAddress="173.245.48.0" subnetMask="255.255.240.0" />
            <add allowed="true" ipAddress="103.21.244.0" subnetMask="255.255.252.0" />
            <add allowed="true" ipAddress="103.22.200.0" subnetMask="255.255.252.0" />
            <add allowed="true" ipAddress="103.31.4.0" subnetMask="255.255.252.0" />
            <add allowed="true" ipAddress="141.101.64.0" subnetMask="255.255.192.0" />
            <add allowed="true" ipAddress="108.162.192.0" subnetMask="255.255.192.0" />
            <add allowed="true" ipAddress="190.93.240.0" subnetMask="255.255.240.0" />
            <add allowed="true" ipAddress="188.114.96.0" subnetMask="255.255.240.0" />
            <add allowed="true" ipAddress="197.234.240.0" subnetMask="255.255.252.0" />
            <add allowed="true" ipAddress="198.41.128.0" subnetMask="255.255.128.0" />
            <add allowed="true" ipAddress="162.158.0.0" subnetMask="255.254.0.0" />
            <add allowed="true" ipAddress="104.16.0.0" subnetMask="255.240.0.0" />
        </ipSecurity>
    </security>
</system.webServer>

这篇关于Azure 网站 IP 限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！