将 azure appservice/网站限制为域 [英] restrict azure appservice / website to a domain

问题描述

我有一个在 azure 应用服务上运行的 WCF 服务.我想将此 WCF 限制为一些 azure 网站、外部 IP 和其他一些部署.我在我的 WCF web.config 中使用 IPSecurity 标记

I have a WCF service running on a azure app service. I want to restrict this WCF to a few azure website, external IPs and some other deployments. I am using IPSecurity tag for that in my WCF web.config

我的问题是 IP 限制有效，但我允许访问的 azure 网站域似乎无效.

My issue is the IP restrictions work, but the azure website domains that i allow access to, dont seem to work.

例如，我有一个带有自定义域 abcdef.info 的天蓝色网站.我试图让这个域访问 wcf，但它似乎没有工作.下面是我的配置.

for exmaple, i have an azure website with a custom domain, abcdef.info. i am trying to give this domain access to wcf, but it doesnt seem to be working. below is my configuration.

<ipSecurity enableReverseDns="true" allowUnlisted="false">
        <add ipAddress="127.0.0.1" allowed="true" /> 
        <add ipAddress="xx.xx.xx.xx" allowed="true" />  (IP of azure website i got after nslookup)  
        <add domainName="azurewebsitedomain.azurewebsites.net" allowed="true" />
        <add domainName="abcdef.info" allowed="true" /> (custom domain tied to my azure website)    
</ipSecurity>

我假设这里的最后 3 个设置之一会将运行到 azure 网站以访问 WCF 的 wcf 客户端列入白名单，但到目前为止没有.

i was assuming that one of the last 3 settings here will whitelist my wcf client running to azure website to access WCF but so far nothing.

将不胜感激任何帮助.谢谢.

Will appreciate any help. Thanks.

推荐答案

Azure Web App 基础结构使用不同的 IP 进行入站和出站通信.您已将入站 IP 地址列入白名单.此外，将域名列入白名单也可能不起作用.

Azure Web App infrastructure uses different IP's for inbound and outbound communications. You have whitelisted the inbound IP address. Also, Whitelisting the domain name may not work either.

Azure Web 应用程序使用一组 4 个出站 IP 进行出站通信.这可以从门户中检索:

Azure Web Apps use a set of 4 outbound IP's for Outbound communication. This can be retrieved from portal:

• 选择网络应用
• 点击属性
• 复制出站 IP 地址

按照您之前所做的方式将这 4 个 IP 地址列入白名单，然后您可以通过从源应用的 KUDU 控制台 (SCM) 发出 CURL 请求进行测试.

Whitelist these 4 IP Addresses the way you did earlier and then you could test by issuing a CURL request from the KUDU console (SCM) of the source app.

curl -i https://destinationsitename.azurewebsites.net

这篇关于将 azure appservice/网站限制为域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！