restrict azure appservice / website to a domain - McMap

About

restrict azure appservice / website to a domain

Asked 17/6, 2016 at 1:34 Answered 29/8, 2016 at 16:27

azure iis web-config azure-web-app-service azure-app-service-envrmnt

S

1

6

I have a WCF service running on a azure app service. I want to restrict this WCF to a few azure website, external IPs and some other deployments. I am using IPSecurity tag for that in my WCF web.config

My issue is the IP restrictions work, but the azure website domains that i allow access to, dont seem to work.

for exmaple, i have an azure website with a custom domain, abcdef.info. i am trying to give this domain access to wcf, but it doesnt seem to be working. below is my configuration.

<ipSecurity enableReverseDns="true" allowUnlisted="false">
        <add ipAddress="127.0.0.1" allowed="true" /> 
        <add ipAddress="xx.xx.xx.xx" allowed="true" />  (IP of azure website i got after nslookup)  
        <add domainName="azurewebsitedomain.azurewebsites.net" allowed="true" />
        <add domainName="abcdef.info" allowed="true" /> (custom domain tied to my azure website)    
</ipSecurity>

i was assuming that one of the last 3 settings here will whitelist my wcf client running to azure website to access WCF but so far nothing.

Will appreciate any help. Thanks.

Shagbark answered 17/6, 2016 at 1:34 Comment(0)

B

3

Azure Web App infrastructure uses different IP's for inbound and outbound communications. You have whitelisted the inbound IP address. Also, Whitelisting the domain name may not work either.

Azure Web Apps use a set of 4 outbound IP's for Outbound communication. This can be retrieved from portal:

Select the web app
Click on Properties
Copy the OUTBOUND IP ADDRESSES

Whitelist these 4 IP Addresses the way you did earlier and then you could test by issuing a CURL request from the KUDU console (SCM) of the source app.

curl -i https://destinationsitename.azurewebsites.net

Bullfighter answered 29/8, 2016 at 16:27 Comment(5)

I tried this when no one replied for weeks and it worked. – Shagbark 1/9, 2016 at 23:56

I tried this when no one replied for weeks and it worked. but thank you again for you answer. We also used outbound ips to play around with firewalls and they work great. I have tried to +1 it, but cant as i dont have enough reputation points at the moment. But if someone else makes a VM on same host, they get access to the restricted resource too? – Shagbark 2/9, 2016 at 0:4

Yes. In this case, you can specify the hostname in the whitelisting too. – Bullfighter 2/9, 2016 at 6:18

Thank you @KaushalKumarPanday, you are the best, it solved my other problem : #44101386 – Honolulu 21/5, 2017 at 19:34

glad to know it helped. :) – Bullfighter 26/6, 2017 at 13:33

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.