How to check Azure Network Security Group outbound IP Allowed or not?
Question
I have few problems regarding Azure Network Security Group. Currently I'm using Azure App Services to publish my website and in Azure, App Services, Network Side Controlled By NSG such as inbound and outbound security and other things.
I'm working with sagepay payment gateway.they asked me to do following steps in order to success my sagepay integration.
Please ensure that all of the following IP addresses are allowed within your Server or Firewall: For outbound traffic to our gateway: 195.170.169.9 – live.sagepay.com 195.170.169.8 – test.sagepay.com For inbound traffic you only need to whitelist IPs if you are The IPs from which we call back are: 195.170.169.14 195.170.169.18 195.170.169.15 The Subnet mask used by Sage Pay is 255.255.255.000 Please ensure that your firewalls allow outbound Port 443 (HTTPS only!) and inbound Ports 443 (and optionally 80 HTTP) access in order to communicate with our servers (on Simulator/Test/Live).
In my Network Group,
I just added Inbound rule to port 80,443 and whitelist IPs - 195.170.169.0/24 and did same thing to my outbound rule also.
but how do i suppoed to check these things are working or not? because still my web site cannot get respond from sagepay side(notification URL is also correct according to sagepay support team)
1 answers
solution1
2 2016-08-06 19:38:46
UPDATE (July 2020):
There's now a more elegant approach, use the built-in feature in App Service - https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#adding-and-editing-access-restriction-rules-in-the-portal
My answer below is now deprecated.
Here's the answer for your follow up question in the comments.
<system.webServer>
<security>
<!-- this line denies everybody, except those listed below -->
<ipSecurity allowUnlisted="false">
<!-- remove all upstream restrictions -->
<clear/>
<!-- allow this network -->
<add ipAddress="195.170.169.0" subnetMask="255.255.255.0" allowed="true" />
</ipSecurity>
</security>
...
</system.webServer>
Expected result (when coming from a public IP address outside the allowed network):
$ curl -i http://{sitename}.azurewebsites.net/
HTTP/1.1 403 Forbidden
Content-Length: 58
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sat, 06 Aug 2016 19:46:04 GMT
You do not have permission to view this directory or page.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.