如何将对Azure VM上托管的网站的访问限制为给定IP及其自身?
[英]How do I restrict access to a website hosted on an Azure VM to a given IP and itself?
问题描述
I am doing some testing on an Azure VM and have an ASP.NET website that I wish to limit access to. 
我正在Azure VM上进行一些测试,并且有一个我希望限制访问的ASP.NET网站。 The website should only be accessible from a given IP (our office) but I also want the server to be able to make requests to other websites hosted on itself. 该网站只能从给定的IP(我们的办公室)访问,但我也希望服务器能够向自身托管的其他网站发出请求。
I have successfully setup an IP and Domain Restriction for our office IP but cannot find a way to allow requests internally from itself. 我已经为我们的办公室IP成功设置了IP和域限制,但是找不到允许其内部进行请求的方法。
Is this possible without setting up a static IP in Azure? 如果不在Azure中设置静态IP,是否可以做到这一点?
1 个解决方案
解决方案1
0 2015-10-27 14:22:06
This question should be migrated to ServerFault, but given that there are programmatic approaches to it, I'll answer: 这个问题应该迁移到ServerFault,但是鉴于有编程的方法,我将回答:
You need to set up Access Control Lists on the input endpoints, to specify ranges (via CIDR notation) of allowable or blocked IP addresses. 您需要在输入端点上设置访问控制列表,以指定允许或阻止的IP地址的范围(通过CIDR表示法)。
While this may be done via the portal, you may do it via the CLI: 尽管这可以通过门户网站完成,但是您可以通过CLI进行:
azure vm endpoint acl-rule create [vm-name] [endpoint-name] [order] [action] [remote-subnet]
You may do this via PowerShell as well. 您也可以通过PowerShell执行此操作。 Rough outline: 粗略的轮廓:
- Use
New-AzureAclConfigto set up a config object使用New-AzureAclConfig设置配置对象 - Use
Set-AzureAclConfigto add rules to the config使用Set-AzureAclConfig将规则添加到配置中 - Use
Get-AzureVMto retrieve the config of your given virtual machine and add the ACL config to the VM使用Get-AzureVM检索给定虚拟机的配置并将ACL配置添加到VM - Use
Update-AzureVMto save your changes使用Update-AzureVM保存更改
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.