1. 技术文章
  2. How to check Azure Network Security Group outbound IP Allowed or not?

How to check Azure Network Security Group outbound IP Allowed or not?

。_饼干妹妹 提交于 2019-12-18 07:19:49

问题


I have few problems regarding Azure Network Security Group. Currently I'm using Azure App Services to publish my website and in Azure, App Services, Network Side Controlled By NSG such as inbound and outbound security and other things.

I'm working with sagepay payment gateway.they asked me to do following steps in order to success my sagepay integration.

Please ensure that all of the following IP addresses are allowed
within your Server or Firewall:

For outbound traffic to our gateway:

195.170.169.9 – live.sagepay.com
195.170.169.8 – test.sagepay.com

For inbound traffic you only need to whitelist IPs if you are
The IPs from which we call back are:

195.170.169.14
195.170.169.18
195.170.169.15

The Subnet mask used by Sage Pay is 255.255.255.000

Please ensure that your firewalls allow outbound Port 443 (HTTPS
only!) and inbound Ports 443 (and optionally 80 HTTP) access in
order to communicate with our servers (on Simulator/Test/Live).

In my Network Group,

I just added Inbound rule to port 80,443 and whitelist IPs - 195.170.169.0/24 and did same thing to my outbound rule also.

but how do i suppoed to check these things are working or not? because still my web site cannot get respond from sagepay side(notification URL is also correct according to sagepay support team)


回答1:


Here's the answer for your follow up question in the comments.

<system.webServer>
    <security>
       <!-- this line denies everybody, except those listed below -->            
       <ipSecurity allowUnlisted="false">
           <!-- remove all upstream restrictions -->    
           <clear/>
           <!-- allow this network -->          
           <add ipAddress="195.170.169.0" subnetMask="255.255.255.0" allowed="true" />
       </ipSecurity>
    </security>
...
</system.webServer>

Expected result (when coming from a public IP address outside the allowed network):

$ curl -i http://{sitename}.azurewebsites.net/

HTTP/1.1 403 Forbidden
Content-Length: 58
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sat, 06 Aug 2016 19:46:04 GMT

You do not have permission to view this directory or page.


来源:https://stackoverflow.com/questions/38805769/how-to-check-azure-network-security-group-outbound-ip-allowed-or-not

标签
azure
azure-web-sites
sagepay
azure-app-service-envrmnt
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!