我有一个仅用于开发和测试的 Azure 网站,因此我想限制除我自己以外的所有人访问它.根据这篇博客文章 现在正式支持,所以我尝试将其添加到我的 web.config 文件中:
I have an Azure website which I only use for development and testing, therefore I want to restrict access to it for everyone but myself. According to this blog article this is now offically supported, so I tried adding this to my web.config file:
<system.webServer> <security> <ipSecurity allowUnlisted="false" denyAction="NotFound"> <add allowed="true" ipAddress="1.2.3.4" /> </ipSecurity> </security> </system.webServer>对于 ipAddress 属性,我必须使用我的 Internet 连接的 IP 地址,对吗?所以我去了 www.whatismyip/ 并复制了地址,但现在我的网站只是阻止了所有请求,允许规则无效.
For the ipAddress attribute I have to use the IP address of my internet connection right? So I went to www.whatismyip/ and copied the address, but now my website is simply blocking all requests, the allow rule has no effect.
我错过了什么吗?
更新: 日志文件显示 Web 服务器看到的 IP 不是实际客户端的 IP,而是中间代理 (Cloudflare) 的 IP.所以我尝试通过添加 enableProxyMode="true" 来解决这个问题,不幸的是这并不能解决我的问题.关于如何让 IP 限制与 Cloudflare 一起工作的任何想法?
UPDATE: The log files revealed that the IPs seen by the web server are not those of the actual clients, but of a proxy in between (Cloudflare). So I tried to solve this by adding enableProxyMode="true", unfortunately this does not fix my issue. Any ideas of how to get IP restrictions to work with Cloudflare?
推荐答案以防万一有人试图使用 Cloudflare 设置 IP 限制:解决方案是不仅将您的 IP 添加到白名单,还包括所有 Cloudflare IP (取自这里).
Just in case someone is trying to setup IP restrictions with Cloudflare: the solution is to not only add your IP to the whitelist, but also all the Cloudflare IPs (taken from here).
<system.webServer> <security> <ipSecurity enableProxyMode="true" allowUnlisted="false" denyAction="NotFound"> <!-- YOUR IP --> <add allowed="true" ipAddress="1.2.3.4" /> <!-- CLOUDFLARE --> <add allowed="true" ipAddress="199.27.128.0" subnetMask="255.255.248.0" /> <add allowed="true" ipAddress="173.245.48.0" subnetMask="255.255.240.0" /> <add allowed="true" ipAddress="103.21.244.0" subnetMask="255.255.252.0" /> <add allowed="true" ipAddress="103.22.200.0" subnetMask="255.255.252.0" /> <add allowed="true" ipAddress="103.31.4.0" subnetMask="255.255.252.0" /> <add allowed="true" ipAddress="141.101.64.0" subnetMask="255.255.192.0" /> <add allowed="true" ipAddress="108.162.192.0" subnetMask="255.255.192.0" /> <add allowed="true" ipAddress="190.93.240.0" subnetMask="255.255.240.0" /> <add allowed="true" ipAddress="188.114.96.0" subnetMask="255.255.240.0" /> <add allowed="true" ipAddress="197.234.240.0" subnetMask="255.255.252.0" /> <add allowed="true" ipAddress="198.41.128.0" subnetMask="255.255.128.0" /> <add allowed="true" ipAddress="162.158.0.0" subnetMask="255.254.0.0" /> <add allowed="true" ipAddress="104.16.0.0" subnetMask="255.240.0.0" /> </ipSecurity> </security> </system.webServer>更多推荐
Azure 网站 IP 限制
发布评论