阻止 public 访问服务结构集群中的后端池
Block public access to a backend pool in a service fabric cluster
我有一个具有两种节点类型的服务结构集群,即前端和后端。每个节点类型都有一个监听 REST 接口的应用程序。前端应用程序应该可以从外部世界访问,但后端节点类型应该只能从前端应用程序访问。
每个节点类型都有一个关联的负载均衡器,我有设置规则以允许访问每个应用程序,这一切都很好。但是,如果通信源自前端应用程序,我想确保负载均衡器只允许通信到后端节点类型。我在负载均衡器规则中看不到配置它的方法。
谁能告诉我如何防止 public 访问我的后端应用程序?
我相信你可以使用Network Security Groups解决这个问题。
A network security group (NSG) contains a list of security rules that
allow or deny network traffic to resources connected to Azure Virtual
Networks (VNet).
Here's有关如何部署的示例。
Use this template as a sample for setting up a three nodetype secure
cluster and to control the inbound and outbound network traffic using
Network Security Groups. The template has a Network Security Group for
each of the VMSS to control the traffic in and out of the VMSS.
我有一个具有两种节点类型的服务结构集群,即前端和后端。每个节点类型都有一个监听 REST 接口的应用程序。前端应用程序应该可以从外部世界访问,但后端节点类型应该只能从前端应用程序访问。
每个节点类型都有一个关联的负载均衡器,我有设置规则以允许访问每个应用程序,这一切都很好。但是,如果通信源自前端应用程序,我想确保负载均衡器只允许通信到后端节点类型。我在负载均衡器规则中看不到配置它的方法。
谁能告诉我如何防止 public 访问我的后端应用程序?
我相信你可以使用Network Security Groups解决这个问题。
A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet).
Here's有关如何部署的示例。
Use this template as a sample for setting up a three nodetype secure cluster and to control the inbound and outbound network traffic using Network Security Groups. The template has a Network Security Group for each of the VMSS to control the traffic in and out of the VMSS.