0

I have been reading about blocking Ip addresses from launching attacks against my published service, in this case a Worker Role. I have added a NetworkConfiguration to help achieve this goal and it appears to work just fine.

Now my question is this, how can I add nodes to this file from my running program?

I plan to keep logs and when an IP has sent a number of bad requests I would like my program to update the list of black listed IP addresses. It is not reasonable for me to manually edit this list overtime when I hopefully can blacklist live should my port come under a brute force attack or dns attack.

  1. How can I load the config file in code to use XDocument to edit the values in that node?
  2. Will these changes propagate out to the other instances running automatically?
  3. Is there another way to accomplish this goal?
Adam Heeg
  • 1,704
  • 1
  • 14
  • 34

2 Answers2

2

I believe you can. Changes to ServiceConfig (not Service Defintion) can be updated via Service Management API.

API definition is here: https://msdn.microsoft.com/en-us/library/azure/ee460809.aspx

If you're in .NET you may want to use one of the Nuget packages to assist with this: https://www.nuget.org/packages/Microsoft.WindowsAzure.Management.Compute/

Igorek
  • 15,716
  • 3
  • 54
  • 92
  • What is the deal with all the authentication requirements? Do I have to jump through those hoops just to have the code which consumes the config file be able to edit it? I don't even see an option for my Worker Role in the Azure AD list. Feels like I'm eating a horse when all I want is a muffin. (i.e. I just installed a nuget with 4 dependencies which still shows no simple way to edit a config file). – Adam Heeg Sep 25 '15 at 15:07
  • Yeah, this is somewhat painful. You'll need to generate a certificate, upload it's public key to Azure management certs area, then Auth with the cert – Igorek Sep 25 '15 at 15:09
  • For future visitors I ended up using firewall rules as described in this question and answer. http://stackoverflow.com/questions/32830531/how-to-edit-firewall-rules-in-code-successfully-on-a-worker-role-instance – Adam Heeg Oct 13 '15 at 12:59
2

How can I load the config file in code to use XDocument to edit the values in that node?

For this you would need to get the cloud service properties and extract the configuration settings from the XML returned. You would need to do it by invoking Get Cloud Service Properties Service Management API operation (Please look for appropriate method if you are using Azure Management Library). If you're consuming REST API, then please keep in mind that the config file returned in Bas64 encoded so you would need to convert it into string and then can load the XML.

Will these changes propagate out to the other instances running automatically?

Once you make the changes, you would need to perform Change Deployment Configuration operation for the change to be applied. Once you apply these changes, they will be applied to all the instances automatically.

Is there another way to accomplish this goal?

AFAIK, this is the only way to accomplish this programmatically.

Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
  • Do you know a tutorial on how to actually post the file using the request uri as listed in the Change Deployment Configuration? – Adam Heeg Sep 25 '15 at 16:49