问题描述
我必须限制对Azure应用服务的公共访问,因此,我已经在Web配置中实现了IP白名单.是否需要将Azure数据中心IP范围列入白名单?我的应用程序服务使用Azure SQL,redis和搜索服务.
I have to restrict public access to my Azure app service, Hence I have implemented IP whitelist in web config. Is it required to whitelist the Azure datacenter IP ranges?My app service uses Azure SQL, redis and search service.
推荐答案
-
您的问题的简短答案是,您不需要添加Azure数据中心IP地址来使用Azure服务.唯一需要将IP地址添加到允许列表的情况是,当服务/应用程序尝试访问您的Web应用程序时,而不是相反.
Short answer to your question is no, you will not need to add Azure data center IP addresses for using Azure services. Only case where you need to add IP addresses to the allow list is when a service/application tries to access your web application and not the other way round.
鉴于限制公共访问的目标,您绝对应该考虑使用Azure Portal的IP限制功能. Microsoft已改进了此功能,它比仅具有web.config <ipsecurity>配置
Given your objective to restrict public access, you should definitely consider using the IP restrictions feature from Azure Portal. Microsoft has improved this feature and it's better than having just the web.config <ipsecurity> configuration,
- 由于受Azure App Service IP限制,流量甚至会被阻止在到达您的IIS之前.
- 您仍然可以按原样继续使用web.config配置.
- 配置工作量很小,因为可以通过门户网站全部使用
- With Azure App Service IP restrictions, traffic will blocked evenbefore it reaches your IIS.
- You can still continue to use your web.config configuration as it is.
- Configuration effort is pretty minimal as it's all available through portal
在此处阅读有关此内容的更多信息 Azure App Service静态IP限制
Read more about it hereAzure App Service Static IP Restrictions
这篇关于是否有必要将Azure IP数据中心IP添加到应用服务白名单?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!