应用程序网关与 IIS IP 地址和域限制
Application Gateway vs IIS IP Address and Domain Restrictions
我有一个包含 两个 网站的虚拟机,其中一个网站的访问受到 IP 地址和域限制 IIS 功能 的限制它就像一个魅力,只允许列入白名单的 IP。
现在,我必须实施一个 应用程序网关,对我可以管理的 public 网站 保持相同的方法当前解决方案 IP 地址和域限制 或其他解决方案将列入白名单的 IP 地址。
知道如何实现吗?
在 Azure App Gateway FAQ document 中,它讨论了这个场景:
Q. Can I whitelist Application Gateway access to a few source IPs?
This scenario can be done using NSGs on Application Gateway subnet.
The following restrictions should be put on the subnet in the listed
order of priority:
- Allow incoming traffic from source IP/IP range
- Allow incoming requests from all sources to ports 65503-65534 for backend health communication.
- Allow incoming Azure Load Balancer probes (AzureLoadBalancer tag) and inbound virtual network traffic(VirtualNetwork tag) on the NSG.
- Block all other incoming traffic with a Deny all rule.
- Allow outbound traffic to the internet for all destinations.
我有一个包含 两个 网站的虚拟机,其中一个网站的访问受到 IP 地址和域限制 IIS 功能 的限制它就像一个魅力,只允许列入白名单的 IP。
现在,我必须实施一个 应用程序网关,对我可以管理的 public 网站 保持相同的方法当前解决方案 IP 地址和域限制 或其他解决方案将列入白名单的 IP 地址。
知道如何实现吗?
在 Azure App Gateway FAQ document 中,它讨论了这个场景:
Q. Can I whitelist Application Gateway access to a few source IPs?
This scenario can be done using NSGs on Application Gateway subnet. The following restrictions should be put on the subnet in the listed order of priority:
- Allow incoming traffic from source IP/IP range
- Allow incoming requests from all sources to ports 65503-65534 for backend health communication.
- Allow incoming Azure Load Balancer probes (AzureLoadBalancer tag) and inbound virtual network traffic(VirtualNetwork tag) on the NSG.
- Block all other incoming traffic with a Deny all rule.
- Allow outbound traffic to the internet for all destinations.