Block or only allow certain client IPs in cloud service

Solution 1:  Netsh and startup task

  1. On ServiceDefinition.csdef file you need to add the tag

<WebRole>

<Startup>

<Task commandLine=”Register.cmd” executionContext=”elevated” taskType=”simple” />

</Startup>

</WebRole>

  1. Create a register.cmd file and place it on the root folder of the application
  2. Set the property ‘Copy to Output Directory’ to ‘Copy always’

On the register.cmd you need to add the rules to block the IPs, something like:

netsh advfirewall firewall add rule name=”disallow asia IPs” action=block enable=yes localip=any remoteip= 110.137.242.208

Regarding Netsh, you can also block IP Subnets or IP ranges.

Netsh AdvFirewall Firewall Commands

http://technet.microsoft.com/en-us/library/dd734783(v=WS.10).aspx

Solution 2: IIS or code

since web role service is hold in IIS and asp.net web site, we have at least 2 choices to block certain external IP.

Reference about this topic: http://ranafaisal.wordpress.com/2008/06/09/aspnet-block-ip-addresses-from-your-site/

Leave a Reply

Your email address will not be published. Required fields are marked *