Since Azure SDK 2.4 there’s been a possibility to configure IP restrictions for Azure Cloud Services with Access Control List (ACL).
Just add the following to your ServiceConfiguration.Cloud.cscfg.
ServiceConfiguration.Cloud.cscfg
<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="MyWebRole.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="4" osVersion="*" schemaVersion="2014-06.2.4">
<Role name="MyWebRole">
...
</Role>
<NetworkConfiguration>
<AccessControls>
<AccessControl name="ipRestrictions">
<Rule action="permit" description="allowed-edu" order="100" remoteSubnet="137.116.133.111/32" />
<Rule action="permit" description="allowed-test" order="101" remoteSubnet="168.61.66.2/32" />
<Rule action="permit" description="allowed-prod" order="102" remoteSubnet="168.61.66.131/32" />
<Rule action="deny" description="Others" order="800" remoteSubnet="0.0.0.0/0" />
</AccessControl>
</AccessControls>
<EndpointAcls>
<EndpointAcl role="MyWebRole" endPoint="Endpoint1" accessControl="ipRestrictions" />
<EndpointAcl role="MyWebRole" endPoint="HttpsIn" accessControl="ipRestrictions" />
</EndpointAcls>
</NetworkConfiguration>
</ServiceConfiguration>
Be careful with rule attributes. Your deployment will fail if you have specified the same order number or description twice or the IP address in remoteSubnet
is incorrect.
Hi ,
Is there a way to use a hostname instead of an IP adress?
greetings,
Ben