Filtering traffic by IP and dynamic IP restrictions
We may want to restrict access to Azure Web Apps. We can achieve this using the <ipSecurity>
element. We can define which IP addresses can access Azure, and the action to take in case of a violation of that rule:
<configuration> <system.webServer> <security> <ipSecurity allowUnlisted="true" denyAction="NotFound"> <add allowed="true" ipAddress="xxx.xxx.xxx.xxx" subnetMask="255.xxx.xxx.xxx"/> </ipSecurity> </security> </system.webServer> </configuration>
Dynamic IP restrictions allow us to block access to Azure Web Apps based on different scenarios as follows:
- To deny access by maximum concurrent requests
- To deny access by maximum requests within the specified time period
To configure dynamic IP restriction, make the following changes to the web.config
file:
<configuration> <system.webServer> <security> <dynamicIpSecurity...