将azure appservice / website限制为域名 [英] restrict azure appservice / website to a domain

问题描述

我在Azure应用服务上运行WCF服务。我想将此WCF限制为几个azure网站，外部IP和一些其他部署。
我在我的WCF web.config中使用IPSecurity标签

I have a WCF service running on a azure app service. I want to restrict this WCF to a few azure website, external IPs and some other deployments. I am using IPSecurity tag for that in my WCF web.config

我的问题是IP限制工作，但是我允许访问的azure网站域名，似乎没有用。

My issue is the IP restrictions work, but the azure website domains that i allow access to, dont seem to work.

例如，我有一个带有自定义域名的azure网站abcdef.info。我试图让这个域访问wcf，但它似乎没有工作。
以下是我的配置。

for exmaple, i have an azure website with a custom domain, abcdef.info. i am trying to give this domain access to wcf, but it doesnt seem to be working. below is my configuration.

<ipSecurity enableReverseDns="true" allowUnlisted="false">
        <add ipAddress="127.0.0.1" allowed="true" /> 
        <add ipAddress="xx.xx.xx.xx" allowed="true" />  (IP of azure website i got after nslookup)  
        <add domainName="azurewebsitedomain.azurewebsites.net" allowed="true" />
        <add domainName="abcdef.info" allowed="true" /> (custom domain tied to my azure website)    
</ipSecurity>

我假设这里最后3个设置中的一个会将运行到azure网站的wcf客户端列入白名单访问WCF但到目前为止没有。

i was assuming that one of the last 3 settings here will whitelist my wcf client running to azure website to access WCF but so far nothing.

非常感谢任何帮助。谢谢。

Will appreciate any help. Thanks.

推荐答案

Azure Web App基础架构使用不同的IP进行入站和出站通信。您已将入站IP地址列入白名单。此外，将域名列入白名单也可能无效。

Azure Web App infrastructure uses different IP's for inbound and outbound communications. You have whitelisted the inbound IP address. Also, Whitelisting the domain name may not work either.

Azure Web Apps使用一组4个出站IP进行出站通信。这可以从门户网站检索：

Azure Web Apps use a set of 4 outbound IP's for Outbound communication. This can be retrieved from portal:

• 选择网络应用程序


• 点击属性


• 复制 OUTBOUND IP ADDRESSES

• Select the web app
• Click on Properties
• Copy the OUTBOUND IP ADDRESSES

将这4个IP地址列入白名单您之前做过，然后您可以通过从源应用程序的 KUDU控制台（SCM）发出CURL请求进行测试。

Whitelist these 4 IP Addresses the way you did earlier and then you could test by issuing a CURL request from the KUDU console (SCM) of the source app.

curl -i https://destinationsitename.azurewebsites.net

这篇关于将azure appservice / website限制为域名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！