0

I'm testing an application in the staging slot within a given web role. I don't want the staging application to be accessible to the public and I was wondering if there was anything I could add to the .cscfg file to lock down the application to just a set of known IPs? I had a look around the portal but couldn't see any way to restrict IPs there.

Any thoughts on this?

QFDev
  • 8,668
  • 14
  • 58
  • 85

2 Answers2

1

You can enable the built in IIS IP and Domain Restrictions and then provide a list of IPs in your web.config (which sadly will mean a redeploy if you have to modify them). Here is a link to a blog post where someone did this: http://blog.liamcavanagh.com/2011/10/how-to-block-ip-addresses-in-windows-azure/

MikeWo
  • 10,887
  • 1
  • 38
  • 44
  • Thanks Mike. The only problem here is that it will prevent me from being able to do a VIP swap when moving staging to production. It seems like the only option here is to write something into the code. – QFDev Mar 16 '13 at 10:24
  • One option would be to have a startup task that reads your allowable IPs from a BLOB, database, table, service config, etc. and use AppCmd to configure the IIS module. – MikeWo Mar 16 '13 at 14:31
  • Sounds like a good idea! We're already using a startup task to register a DLL so maybe we can adapt this to set the allowable IPs. – QFDev Mar 16 '13 at 15:48
0

I never heard of it.

In your global.asax:

        protected void Session_Start()
        {
            if (Request.ServerVariables["REMOTE_ADDR"]!= "ÿour ip address here")
            {
                 Response.StatusCode = 404;
            }
        }
Magnus Karlsson
  • 3,549
  • 3
  • 31
  • 57