[英]how to deploy a azure api app to private network
I would like to use some of the benefits of hosting a web api in Azure, but I want that api to be private (not accessible from the outsite world) as it only be used internally. 我想利用在Azure中托管Web api的一些好处,但是我希望该api是私有的(不能从异地世界访问),因为它只能在内部使用。
I am not sure if that is even possible. 我不确定这是否可能。 I've tried deploying from visual studio but the api is hosted on xyz.azurewebsites.net and is accessible from everywhere.
我曾尝试从Visual Studio进行部署,但该API托管在xyz.azurewebsites.net上,并且可以从任何地方访问。
Thanks in advance. 提前致谢。
You could restrict access to the site to a specific ip address or range of addresses through the web.config. 您可以通过web.config将对站点的访问限制为特定的IP地址或地址范围。 Add a section to
system.webServer
: 在
system.webServer
添加一个部分:
<system.webServer>
<security>
<ipSecurity allowUnlisted="false" denyAction="NotFound">
<add allowed="true" ipAddress="123.456.0.0" subnetMask="255.255.0.0"/>
</ipSecurity>
</security>
</system.webServer>
More info here: IP and Domain Restrictions for Windows Azure Web Sites 此处的更多信息: Windows Azure网站的IP和域限制
In addition to levelnis's suggestion about static ip security restricting access, there is the option of using an App Service Environment. 除了levelnis关于静态IP安全性限制访问的建议之外,还可以选择使用App Service环境。
https://docs.microsoft.com/en-us/azure/app-service-web/app-service-app-service-environment-intro https://docs.microsoft.com/en-us/azure/app-service-web/app-service-app-service-environment-intro
App Service Environments are ideal for application workloads requiring:
应用程序服务环境非常适合需要以下条件的应用程序工作负载:
- Very high scale
规模极高
- Isolation and secure network access
隔离和安全的网络访问
An ASE is always placed in a virtual network's subnet, so you can use NSGs to control access. ASE始终放置在虚拟网络的子网中,因此您可以使用NSG来控制访问。 ASEs are a Premium service though so can be quite expensive.
ASE是一项高级服务,因此可能会非常昂贵。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.