Windows Azure with WCF web role and restricting IPs via web.config

2
votes

I'm attempting to restrict only certain IP addresses to my Azure hosted WCF service. I have followed both of the instructions listed on the following websites:

http://msdn.microsoft.com/en-us/library/windowsazure/jj154098.aspx

http://blog.elastacloud.com/2011/04/06/restricting-access-by-ip-in-azure-web-role-v1-4/

But I'm still able to access the service from an address that isn't listed. Is there something I'm missing?

Here is the cmd file:

@echo off

@echo Installing “IPv4 Address and Domain Restrictions” feature
%windir%\System32\ServerManagerCmd.exe -install Web-IP-Security

@echo Unlocking configuration for “IPv4 Address and Domain Restrictions” feature
%windir%\system32\inetsrv\AppCmd.exe unlock config -section:system.webServer/security/ipSecurity

And the web.config section:

<system.webServer>
   <security>
   <!-- IP addresses are denied access -->
    <ipSecurity allowUnlisted="false">
        <!--The following IP addresses are granted access -->
        <clear />
        <add allowed="true" ipAddress="x.x.x.x" />
    </ipSecurity>
   </security>
  </system.webServer>
1
wcfsecurityazureconfig
Are you certain the startup task is running successfully? RDP into the box and see if you can run the commands locally on the server. The reason I say this is that I've had issues where the startup.cmd file won't run because of the encoding. If you're using Visual Studio to author the startup.cmd file, then try File | Advanced Save Options and chose the UTF-8 No Signature option.Rick Rainey
Thanks for that. I'm kinda new to Azure, so I didn't know that you could RDP into the role. I did and found that the first command was failing. I'm guess because its on a 2012 server. I'm going look into doing the samething with Power Shell and use the following Cmdlet technet.microsoft.com/en-us/library/jj205467.aspxChris

1 Answers

2
votes

Thanks to Rick Rainey I discovered that I could RDP into the web role and run the script manually. I discovered that the first part of the script was failing because the app was running on server 2012. I changed it to:

powershell -ExecutionPolicy Unrestricted -command "Install-WindowsFeature Web-IP-Security"

And now everything works as expected...