#This repository is now obsolete!
Switch to ACLs instead of using this package.
More information: http://blogs.msdn.com/b/walterm/archive/2014/04/22/windows-azure-paas-acls-are-here.aspx
#Windows Azure Cloud Services - IP Address Restrictions
There are times that you might need restrict access to one or more endpoints of a Web/Worker Role. The WindowsAzure.IPAddressRestriction library allows you to do just that based on an IP address, IP address range or even a hostname. It does this by making changes to the Windows Firewall on each instance.
Each time an instance is provisioned or after a reboot the Fabric Controller will configure firewall rules on each instance. This means, if you configured an input endpoint on port 80, the Fabric Controller configure the firewall on all instances of that role in order to allow traffic to that port. This library allows you to:
Since we make changes to the Windows Firewall we'll need to run under elevated context.
<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="Hostnames" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2012-10.1.8">
<WebRole name="HostnamesWeb" vmsize="ExtraSmall">
<Runtime executionContext="elevated" />
...
</WebRole>
</ServiceDefinition>
###Configuration
The library supports the following settings in the ServiceConfiguration.cscfg:
<Setting name="IPAddressRestriction.Enabled" value="true" />
<Setting name="IPAddressRestriction.Settings" value="80=123.4.5.6" />
The IPAddressRestriction.Enabled
setting allows you to enable or disable the library. You typically use this when you want to IP Address restrictions in the staging
environment but you don't want these in production.
The IPAddressRestriction.Settings
allows you to configure the ports and IP ranges. Here are a few examples:
The following code shows how you would typically use the library:
IPAddressRestrictionManager
ResetDisabledRules
and DeleteRules