问题
I have deployed API App written in Java Servlet.
What I want to know is, that IP address of my API App and the way to allow requests from only one or two IP addresses meaning I want to restrict every IPs except for those.
seems like IP addresses are shared once i deploy several APPs in one region.
anyway please give me some advice : )
回答1:
There is a range of ip addresses that can be used by azure web apps - basically you are having your site hosted in a web farm that is on a vnet managed by Microsoft. Microsoft do publish the addresses but they are also subject to change. Found the link discovering outgoing ip addresses from azure web sites here and it says you can now get this information directly from your portal pages.
For the other question, if you want to protect your services or apps so they can only be called from specific up addresses or ranges, you can continue to use web apps in azure and use IPFilters in the web.config, or use App Service Environments (a private web server farm on your own vnet) and setup network security groups to control traffic; or host in a VM where you can combine ip filters, nsgs and Windows firewall if you want!
IP Filtering for Java based apps (Tomcat): see server fault answer
IP filtering in web.config (.net based apps): see this page
<security>
<!-- deny everybody -->
<ipSecurity allowUnlisted="false">
<!-- "clear" removes all upstream restrictions -->
<clear/>
<<!-- permit the loopback address -->
<add ipAddress="127.0.0.1" allowed="true"/>
<!--permit network 83.116.119.0 to 83.116.119.255-->
<add ipAddress="83.116.119.0" subnetMask="255.255.255.0" allowed="true"/>
</ipSecurity>
</security>
来源:https://stackoverflow.com/questions/37906500/ip-address-of-azure-api-app-and-how-to-restrict-ips