将 Azure 网站/Web 应用程序限制为只能在 vnet 内部查看的方法
Ways to restrict Azure Website / WebApp to only be view-able internally on a vnet
这是我注意到的两种方法。还有其他我想念的方法吗?有没有一种受欢迎的方法?几乎我有一个 webAPI,我想 运行 作为一个 webAPP,我正试图找出最好的方法让它只在内部使用
一种似乎有点涉及的方式如下
https://azure.microsoft.com/en-us/documentation/articles/web-sites-integrate-with-vnet/
我注意到的第二种方式如下
http://www.microsofttrends.com/2014/09/30/add-a-firewall-to-your-microsoft-azure-web-site/
后者看起来更快我只是想知道是否有更好的方法来解决这个问题或更新更标准的方法来做到这一点?
更新
As of 7/23/2015 this is not possible but the closest solution is the accepted answer. One would have to whitelist all of the public IP addresses inside of their vnets. The reason you cant specify the range of addresses in the Azure vnet is because azure websites currently run on the public internet and they have no concept of the vnet ranges. Thus they cannot see the private ip address ranges that vnets create so you cant specify them in the web.config. http://azure.microsoft.com/blog/2015/04/29/introducing-app-service-environment/ may solve this in the future
web.config 中的简单 ip 安全规则如何?
<system.webServer>
<security>
<ipSecurity allowUnlisted="false" denyAction="NotFound">
<add allowed="true" ipAddress="192.168.1.0" subnetMask="255.255.255.0"/>
</ipSecurity>
</security>
</system.webServer>
只需将 ipAddress 和 subnetMask 替换为您的 VNet 设置。您可能还需要先将 Web 应用程序连接到 vnet。
https://azure.microsoft.com/en-us/documentation/articles/web-sites-integrate-with-vnet/
这是我注意到的两种方法。还有其他我想念的方法吗?有没有一种受欢迎的方法?几乎我有一个 webAPI,我想 运行 作为一个 webAPP,我正试图找出最好的方法让它只在内部使用
一种似乎有点涉及的方式如下
https://azure.microsoft.com/en-us/documentation/articles/web-sites-integrate-with-vnet/
我注意到的第二种方式如下
http://www.microsofttrends.com/2014/09/30/add-a-firewall-to-your-microsoft-azure-web-site/
后者看起来更快我只是想知道是否有更好的方法来解决这个问题或更新更标准的方法来做到这一点?
更新
As of 7/23/2015 this is not possible but the closest solution is the accepted answer. One would have to whitelist all of the public IP addresses inside of their vnets. The reason you cant specify the range of addresses in the Azure vnet is because azure websites currently run on the public internet and they have no concept of the vnet ranges. Thus they cannot see the private ip address ranges that vnets create so you cant specify them in the web.config. http://azure.microsoft.com/blog/2015/04/29/introducing-app-service-environment/ may solve this in the future
web.config 中的简单 ip 安全规则如何?
<system.webServer>
<security>
<ipSecurity allowUnlisted="false" denyAction="NotFound">
<add allowed="true" ipAddress="192.168.1.0" subnetMask="255.255.255.0"/>
</ipSecurity>
</security>
</system.webServer>
只需将 ipAddress 和 subnetMask 替换为您的 VNet 设置。您可能还需要先将 Web 应用程序连接到 vnet。
https://azure.microsoft.com/en-us/documentation/articles/web-sites-integrate-with-vnet/