locked
Block an IP address? RRS feed

  • Question

  • Here's the scenario: Over 98% of the traffic on my site is coming from less than 5 ip addresses. They are all hitting the same URL and that URL doesn't exist anymore. They're hitting it pretty hard too (hundreds of requests per minute.) I'm guessing that a 404 isn't a huge server load, but in aggregate, I think this is contributing to some of my performance woes.

    Is there any way to either block these specific IPs? Or maybe I could actually serve something else at that URL that would slow them down? I can't think of anything for the latter that would be less server work than a 404.

    Tuesday, January 13, 2015 12:09 AM

Answers

  • You shouldn't have to create ASP.NET project. Just create a web.config file in your wwwroot folder with the settings

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <system.webServer>
            <dynamicIpSecurity>
              ...
            </dynamicIpSecurity>
        </system.webServer>
    </configuration>

    and you should be fine.

    Thanks,
    Petr

    Tuesday, January 13, 2015 12:40 AM

All replies

  • Hello,

    Try to look at http://azure.microsoft.com/blog/2013/08/27/confirming-dynamic-ip-address-restrictions-in-windows-azure-web-sites/ - it describes how to utilize a dynamic IP restriction which might help you for these cases. On the other hand, if they are hitting 404 and you don't have anything expensive on the 404 code path, the improvement might not be big.

    Hope that helps.

    Thanks,
    Petr

    Tuesday, January 13, 2015 12:26 AM
  • Excellent, based on a quick skim I think this is what I need! I actually don't have any ASP.NET projects running on that website right now. Should I just create a new ASP.NET project that basically just has this config file?

    FYI I did some more digging (Azure Diagnostics as a Service is great!) and discovered that it wasn't just serving a simple 404. It was bouncing around and ending up as a 404 from Wordpress and it took quite a while. I dropped a blank text file into the URL that was being requested most often and my CPU usage dropped by almost an order of magnitude. So that bought me some time and now I can look at blocking the IPs using the link you provided.

    Tuesday, January 13, 2015 12:35 AM
  • You shouldn't have to create ASP.NET project. Just create a web.config file in your wwwroot folder with the settings

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <system.webServer>
            <dynamicIpSecurity>
              ...
            </dynamicIpSecurity>
        </system.webServer>
    </configuration>

    and you should be fine.

    Thanks,
    Petr

    Tuesday, January 13, 2015 12:40 AM
  • Hi,

    You can restrict the access to your azure website by whitelisting.

    Thanks & Regards,

    Kaveri T

    Tuesday, January 13, 2015 11:20 AM