none
Restricting outbound access from Azure Instances

    Pertanyaan

  • Hi,

    I have a requirement where I need to allow only a set of URLs for "outbound" calls from the Windows Azure application. It looks like Windows Firewall only allows specifying IP Addresses. IP Addresses can be dynamic and can cause security/maintenance issues if I were to go down that route.

    Is there a recommended approach in Windows Azure Platform for imposing outbound restrictions by URLs (or domain names) instead of IP Addresses? 

    Thanks,
    Sudhir

    13 Maret 2012 19:36

Jawaban

  • Hi,

    Why do you want to control "outbound" access from Azure VM? If your application only access the specific set of endpoints, Azure VM will not access other endpoints, you need only maintain these set of endpoints.


    Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework

    15 Maret 2012 2:19
    Moderator

Semua Balasan

  • Hi Sudhir,

    According to your description, if you want to allow a set of customers or users access your Windows Azure application, i think authentication is a better method for achieving your goals, you can maintain a authentication module for it, such as Access control service in Windows Azure, you can add many identity providers with ACS (ADFS, WIF, WS-Federation, Windows Live, Google, etc). Check this link for more details about ACS:

    http://msdn.microsoft.com/en-us/WAZPlatformTrainingCourse_IntroToACS2

    Hope it can help you.


    Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework

    14 Maret 2012 7:55
    Moderator
  • ACS can be used to control "inbound" access to the Azure Application. What I would like to do is allow "outbound" access only to a specific set of endpoints (URLs). These endpoints could be a 3rd party web services our app is using.

    Does ACS have any support for something like this?

    Today we can use Windows Firewall to do this type of set up by IP Addresses. However, the firewall does not allow configuring host names. We don't want to depend on IP Addresses since they are subject to change. So, any alternatives here when doing this type of thing in Azure?

    Thanks,
    Sudhir

    14 Maret 2012 20:08
  • Hi,

    Why do you want to control "outbound" access from Azure VM? If your application only access the specific set of endpoints, Azure VM will not access other endpoints, you need only maintain these set of endpoints.


    Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework

    15 Maret 2012 2:19
    Moderator