Azure 网站 IP 限制

本文介绍了Azure 网站 IP 限制的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我有一个仅用于开发和测试的 Azure 网站，因此我想限制除我自己以外的所有人访问它.根据这篇博客文章 现在正式支持，所以我尝试将其添加到我的 web.config 文件中:

I have an Azure website which I only use for development and testing, therefore I want to restrict access to it for everyone but myself. According to this blog article this is now offically supported, so I tried adding this to my web.config file:

<system.webServer> <security> <ipSecurity allowUnlisted="false" denyAction="NotFound"> <add allowed="true" ipAddress="1.2.3.4" /> </ipSecurity> </security> </system.webServer>

对于 ipAddress 属性，我必须使用我的 Internet 连接的 IP 地址，对吗?所以我去了 www.whatismyip/ 并复制了地址，但现在我的网站只是阻止了所有请求，允许规则无效.

For the ipAddress attribute I have to use the IP address of my internet connection right? So I went to www.whatismyip/ and copied the address, but now my website is simply blocking all requests, the allow rule has no effect.

我错过了什么吗?

更新: 日志文件显示 Web 服务器看到的 IP 不是实际客户端的 IP，而是中间代理 (Cloudflare) 的 IP.所以我尝试通过添加 enableProxyMode="true" 来解决这个问题，不幸的是这并不能解决我的问题.关于如何让 IP 限制与 Cloudflare 一起工作的任何想法?

UPDATE: The log files revealed that the IPs seen by the web server are not those of the actual clients, but of a proxy in between (Cloudflare). So I tried to solve this by adding enableProxyMode="true", unfortunately this does not fix my issue. Any ideas of how to get IP restrictions to work with Cloudflare?

推荐答案

以防万一有人试图使用 Cloudflare 设置 IP 限制:解决方案是不仅将您的 IP 添加到白名单，还包括所有 Cloudflare IP (取自这里).

Just in case someone is trying to setup IP restrictions with Cloudflare: the solution is to not only add your IP to the whitelist, but also all the Cloudflare IPs (taken from here).

<system.webServer> <security> <ipSecurity enableProxyMode="true" allowUnlisted="false" denyAction="NotFound"> <!-- YOUR IP --> <add allowed="true" ipAddress="1.2.3.4" /> <!-- CLOUDFLARE --> <add allowed="true" ipAddress="199.27.128.0" subnetMask="255.255.248.0" /> <add allowed="true" ipAddress="173.245.48.0" subnetMask="255.255.240.0" /> <add allowed="true" ipAddress="103.21.244.0" subnetMask="255.255.252.0" /> <add allowed="true" ipAddress="103.22.200.0" subnetMask="255.255.252.0" /> <add allowed="true" ipAddress="103.31.4.0" subnetMask="255.255.252.0" /> <add allowed="true" ipAddress="141.101.64.0" subnetMask="255.255.192.0" /> <add allowed="true" ipAddress="108.162.192.0" subnetMask="255.255.192.0" /> <add allowed="true" ipAddress="190.93.240.0" subnetMask="255.255.240.0" /> <add allowed="true" ipAddress="188.114.96.0" subnetMask="255.255.240.0" /> <add allowed="true" ipAddress="197.234.240.0" subnetMask="255.255.252.0" /> <add allowed="true" ipAddress="198.41.128.0" subnetMask="255.255.128.0" /> <add allowed="true" ipAddress="162.158.0.0" subnetMask="255.254.0.0" /> <add allowed="true" ipAddress="104.16.0.0" subnetMask="255.240.0.0" /> </ipSecurity> </security> </system.webServer>