restrict azure appservice / website to a domain

早过忘川 提交于 2019-12-21 12:28:34

问题


I have a WCF service running on a azure app service. I want to restrict this WCF to a few azure website, external IPs and some other deployments. I am using IPSecurity tag for that in my WCF web.config

My issue is the IP restrictions work, but the azure website domains that i allow access to, dont seem to work.

for exmaple, i have an azure website with a custom domain, abcdef.info. i am trying to give this domain access to wcf, but it doesnt seem to be working. below is my configuration.

<ipSecurity enableReverseDns="true" allowUnlisted="false">
        <add ipAddress="127.0.0.1" allowed="true" /> 
        <add ipAddress="xx.xx.xx.xx" allowed="true" />  (IP of azure website i got after nslookup)  
        <add domainName="azurewebsitedomain.azurewebsites.net" allowed="true" />
        <add domainName="abcdef.info" allowed="true" /> (custom domain tied to my azure website)    
</ipSecurity>

i was assuming that one of the last 3 settings here will whitelist my wcf client running to azure website to access WCF but so far nothing.

Will appreciate any help. Thanks.


回答1:


Azure Web App infrastructure uses different IP's for inbound and outbound communications. You have whitelisted the inbound IP address. Also, Whitelisting the domain name may not work either.

Azure Web Apps use a set of 4 outbound IP's for Outbound communication. This can be retrieved from portal:

  • Select the web app
  • Click on Properties
  • Copy the OUTBOUND IP ADDRESSES

Whitelist these 4 IP Addresses the way you did earlier and then you could test by issuing a CURL request from the KUDU console (SCM) of the source app.

curl -i https://destinationsitename.azurewebsites.net


来源:https://stackoverflow.com/questions/37871795/restrict-azure-appservice-website-to-a-domain

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!