Solution 1: Netsh and startup task
- On ServiceDefinition.csdef file you need to add the tag
<Task commandLine=”Register.cmd” executionContext=”elevated” taskType=”simple” />
- Create a register.cmd file and place it on the root folder of the application
- Set the property ‘Copy to Output Directory’ to ‘Copy always’
On the register.cmd you need to add the rules to block the IPs, something like:
netsh advfirewall firewall add rule name=”disallow asia IPs” action=block enable=yes localip=any remoteip= 188.8.131.52
Regarding Netsh, you can also block IP Subnets or IP ranges.
Netsh AdvFirewall Firewall Commands
Solution 2: IIS or code
since web role service is hold in IIS and asp.net web site, we have at least 2 choices to block certain external IP.
- Using IIS to set blacklist for external IP http://www.west-wind.com/weblog/posts/2007/Apr/28/Blocking-IIS-IP-Addresses-with-ASPNET
- Using code in asp.net to block certain external IP http://www.hanselman.com/blog/AnIPAddressBlockingHttpModuleForASPNETIn9Minutes.aspx
Reference about this topic: http://ranafaisal.wordpress.com/2008/06/09/aspnet-block-ip-addresses-from-your-site/