Azure 应用服务是否支持扩展 ACL?
Does Azure App Service support extended ACLs?
我想知道 Azure 应用服务中的 IP 限制是如何工作的。文档指出:
https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions
"The IP Restrictions capability is implemented in the App Service front-end roles, which are upstream of the worker hosts where your code runs. Therefore, IP Restrictions are effectively network ACLs."
但它们不是网络 ACL,而是不同机器上的防火墙规则 - 这种说法有效吗?
如果不是这种情况,是否有任何方法可以配置扩展 ACL(使用基于端口的规则)?
Azure Web 应用程序仅打开端口 80 和 443,因此确实无法执行基于端口的规则。如果你真的想锁定你的网络应用程序,你可以 disable the FTP functionality in the Application Settings and you can force HTTPS under the Custom Domain settings. Additionally, if you want to apply Network Security Groups to a Web App, you can deploy it to an App Service Environment (ASE v2) 这是一个可以使用私有 IP 部署的隔离实例。
您也可以使用 Application Gateway with Web App Firewall (WAF) to protect your web app. If you are planning on using an App Gateway with a multi-tenant web app (non-ASE) see our documentation here。
我想知道 Azure 应用服务中的 IP 限制是如何工作的。文档指出:
https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions
"The IP Restrictions capability is implemented in the App Service front-end roles, which are upstream of the worker hosts where your code runs. Therefore, IP Restrictions are effectively network ACLs."
但它们不是网络 ACL,而是不同机器上的防火墙规则 - 这种说法有效吗?
如果不是这种情况,是否有任何方法可以配置扩展 ACL(使用基于端口的规则)?
Azure Web 应用程序仅打开端口 80 和 443,因此确实无法执行基于端口的规则。如果你真的想锁定你的网络应用程序,你可以 disable the FTP functionality in the Application Settings and you can force HTTPS under the Custom Domain settings. Additionally, if you want to apply Network Security Groups to a Web App, you can deploy it to an App Service Environment (ASE v2) 这是一个可以使用私有 IP 部署的隔离实例。
您也可以使用 Application Gateway with Web App Firewall (WAF) to protect your web app. If you are planning on using an App Gateway with a multi-tenant web app (non-ASE) see our documentation here。