I have an Azure Cloud Service and I am getting a huge traffic from specific IP address. How can I block a traffic coming from specific IP address? Is it possible to do this w/o re-deploying the service using portal configuration?
Asked
Active
Viewed 3,656 times
-1
-
Did created a VNet for your cloud service? – Wayne Yang Dec 25 '17 at 02:25
1 Answers
0
There are two solutions for your scenario:
Solution 1: Open the firewall on your VM OS and Block the IP address by using the firewall.
Solution 2: If your cloud service is not deployed into a VNet, you can leverage NSG changing the NetworkConfiguration section of CSCFG file as in the example below:
<NetworkConfiguration>
<VirtualNetworkSite name="VNet-BL"/>
<AddressAssignments>
<InstanceAddress roleName="WebRole">
<Subnets>
<Subnet name="TestSubnet-2"/>
</Subnets>
</InstanceAddress>
</AddressAssignments>
<NetworkSecurityGroupRefs>
<NetworkSecurityGroupRef roleName="WebRole">
<NetworkSecurityGroup name="BlockOutbound"/>
</NetworkSecurityGroupRef>
</NetworkSecurityGroupRefs>
</NetworkConfiguration>
In the “NetworkSecurityGroupRefs” section, you can reference already existing NSGs, you cannot define new ones here: you have to create outside and using ASM APIs, ARM will not work here. Finally, please keep in mind that NSG is not compatible with Network/Endpoint ACLs.
Hope this helps!
Wayne Yang
- 488
- 3
- 9