问题
We use Azure Web Apps with Azure SQL and would like to make this setup more secure by configuring the database firewall to only allow connection from the specific web apps rather than any service in Azure. How can I limit connections to just my Azure services?
回答1:
Assuming that you have an ip address (hosting plan needs to be shared, basic or standard)**:
a) Navigate to SQL Databases >> Servers Tab >> Select the server hosting your database >> Configure Tab
b) Alternatively select your database >> Manage Allowed Ip Address (Right side Quick Glance bar)
- Add your website ip to the list of allowed ip addresses
- Change Windows Azure Services to "No" on "Allowed Services"
**You can view your ip address clicking Manage Domains on the Website Dashboard bottom bar.
回答2:
There are 4 outbound IP addresses for a Web App which you can look up on the Properties tab for the Web App in the management portal.
You need to add these outbound IP addresses to the Firewall rules.
回答3:
To get all possible outbound IP-addresses for your web app you can get them also via Azure CLI or Azure PowerShell, as described in this article.
Azure CLI:
az webapp show --resource-group <group_name> --name <app_name> --query possibleOutboundIpAddresses --output tsv
Azure PowerShell:
(Get-AzWebApp -ResourceGroup <group_name> -name <app_name>).PossibleOutboundIpAddresses
来源:https://stackoverflow.com/questions/29266884/configure-azure-sql-database-firewall-for-just-my-web-app