[英]Cannot get IIS ipsecurity working when behind a AWS Elastic load balancer
I have set up IP restrictions (installed on IIS8, set feature delegation to read/write) and IIS appears to be reading from my web.config OK, blocking all IP addresses but mine when I hit the server directly, and not through the load balancer我已经设置了 IP 限制(安装在 IIS8 上,将功能委托设置为读/写)并且 IIS 似乎正在从我的 web.config 中读取数据平衡器
When I do go through the load balancer it doesn't seem to respect the client IP.当我通过负载平衡器时,它似乎不尊重客户端 IP。
So even though my IP is in the allowed IP list and I have selected 'enable proxy mode', I am still being blocked.因此,即使我的 IP 在允许的 IP 列表中并且我选择了“启用代理模式”,我仍然被阻止。
I have debugged the headers and the x-forwarded-for IP is coming through as the specified allowed IP.我已经调试了标头,并且 x-forwarded-for IP 作为指定的允许 IP 通过。 If I reverse it all, set everything to allow and then deny my specific IP with the proxy checkbox set, it works, I just can't get it to deny all and allow my IP.如果我全部反转,将所有内容设置为允许,然后使用代理复选框设置拒绝我的特定 IP,它可以工作,但我无法让它全部拒绝并允许我的 IP。
Here is my config:这是我的配置:
<security>
<ipSecurity allowUnlisted="false" enableProxyMode="true">
<add ipAddress="80.200.100.40" allowed="true"/>
</ipSecurity>
</security>
I've tested similar situation in my own setup.我在自己的设置中测试了类似的情况。 IIS needs to have the actual IP of the load balancer (or proxy) and the x-forwarded-for IP address in the allowed list to allow access. IIS 需要在允许列表中具有负载平衡器(或代理)的实际 IP和x-forwarded-for IP 地址才能允许访问。 You could check IIS logs for the actual client IP address your site gets.您可以检查 IIS 日志以获取站点获得的实际客户端 IP 地址。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.