30. November 2014
At times it may become necessary to restrict a website to a particular set of IP addresses sometimes know as IP filtering. I recently deployed an internal application for a company on the Azure platform hosted my Microsoft. Deploying the app is content for a different article, but being that it is a internal site for the company in question, I wanted to restrict its access. After some research, a simple config change can accomplish this in MVC, and Azure supports it.
<!-- this line blocks everybody, except those listed below -->
<ipSecurity allowUnlisted="false" denyAction="NotFound">
<!-- removes all upstream restrictions -->
<!-- allow requests from the local machine -->
<add ipAddress="127.0.0.1" allowed="true"/>
<!--allow network 220.127.116.11 to 18.104.22.168-->
<add ipAddress="192.168.1.0" subnetMask="255.255.255.0" allowed="true"/>
<!-- allow the specific IP of 22.214.171.124 -->
<add ipAddress="126.96.36.199" allowed="true"/>
This can be used to either restrict ip ranges or grant depending on the ipsecurity tag's denyAccess flag is set. In the example I allow access only to localhost, our network's IP range, and the public facing IP for the business. Luckily we only have 1, so it was simple, if you have a range, one would just put the 0 in to cover all sets.