locked
Restrict Website to open in specific area using Microsoft Azure RRS feed

  • Question

  • I have bought my domain from GoDaddy and I have hosted my website code on Microsoft Azure now I want to restrict my website to run in a specified area as geolocation wise using Microsoft Azure.

    I have used Networking in Azure by specified IP Restrictions but when I do this my website stopped working everywhere.

    Example: I have configured IP Restrictions for my address 192.168.1.X/10 but when I add rule it stops my service with 403 error everywhere where actually it should only disallow/allow configured ip address.

    I have also read an article IP and Domain Restrictions for Windows Azure WebSites posted by Stefan Schackow and configure my web.config but still not helpful.

    How can I accomplish this?

    Anyone who has done this before or have anything to say please suggest me.

    Thanks in advance.




    Thursday, October 18, 2018 5:29 AM

Answers

All replies

  • The 192.168.0.0/16 (or subset of) is private ip address.  Meaning it is not your actual outbound ip for your client talking to Azure App Service (WebSite).   Hence all access is denied.   Check what the actual outbound is and configure that appropriately.

    Suwatch

    Thursday, October 18, 2018 5:50 AM
  • I have found my outbound address now what do I do ahead?

    One more thing to tell you, sir I do not have specific IP, I want to restrict a region.

    How can I accomplish that?





    Thursday, October 18, 2018 6:00 AM
  • Please try out htese steps:

    1. Remove all IP restrictions from the Portal Blade

    2. Navigate to http://whatismyip.host/

    3. Add an allow rule in the IP Restrictions blade in the portal for the IP that shows up there using the CIDR block of /32 meaning you are only allowing that one IP. for example my IP right now would be 70.61.86.50/32

    This is just an example of adding your current IP. For a whole network you need to understand all IPs that you or your clients would use and add the repsective CIDR blocks or individual IPs.

    https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions 

    Tuesday, October 23, 2018 12:21 AM
  • Thanks for the answer Jeremy Brooks.

    It works for my IP address but what I want is to disallow access to whole region like I don't want to allow my site accessible to the country for example Australia.

    To write IP addresses for all to whom I don't give access might be a tedious job.

    Any solution for this!


    Thursday, October 25, 2018 6:14 AM
  • This may not be the ideal situation in your case. But are you using CDN? Its easy to geo-filter using CDN. Restrict Azure CDN content by country

    Rahber
    @Rahber


    • Edited by Rahber Thursday, October 25, 2018 7:10 AM
    • Marked as answer by Mayur Padhiyar Thursday, October 25, 2018 12:21 PM
    Thursday, October 25, 2018 7:09 AM
  • Thanks for the answer Rahber,

    I have also done this using CDN but it only gives restriction in folder structure I guess (/wwwroot/) and still after giving restriction I can open it anywhere not working for me and I want to give a restriction on my service, not root folder or any sub folders.

    If it is the only way then please suggest me the steps how can I implement that for my web application for taking any country as an example by disallowing it.


    Thursday, October 25, 2018 7:15 AM
  • I just tested it out and it worked fine.

    Are you accessing the site from azurewebsite url or the CDN url? You need to acess the website using CDN url. 


    Rahber
    @Rahber

    Thursday, October 25, 2018 7:49 AM
  • Yes, I am using Azure website URL not CDN URL (azureedge.net/).
    Thursday, October 25, 2018 8:49 AM
  • You need to use the Azureedge.net URL to take benefit of the Geo-filtering. 

    Rahber
    @Rahber

    Thursday, October 25, 2018 8:52 AM
  • OK but I have taken a custom domain from third party and my azure-website link redirect me to my custom domain.

    Where and how I can apply this in my custom domain? Where I have to configure these settings at third party or in azure?

    Thursday, October 25, 2018 9:24 AM
    • Marked as answer by Mayur Padhiyar Thursday, October 25, 2018 11:15 AM
    Thursday, October 25, 2018 10:25 AM
  • Thank you so much for your quick responses.

    I have done the changes as you said and with the help of article last you provided done those changes as well.

    Let's hope will run.

    Thanks a lot again.


    Thursday, October 25, 2018 12:19 PM