1

我对 Azure 网络安全组有一些问题。目前我正在使用 Azure App Services 发布我的网站,并在 Azure、App Services、由 NSG 控制的网络端,例如入站和出站安全等。

我正在使用 sagepay 支付网关。他们要求我执行以下步骤以成功集成 sagepay。

Please ensure that all of the following IP addresses are allowed
within your Server or Firewall:

For outbound traffic to our gateway:

195.170.169.9 – live.sagepay.com
195.170.169.8 – test.sagepay.com

For inbound traffic you only need to whitelist IPs if you are
The IPs from which we call back are:

195.170.169.14
195.170.169.18
195.170.169.15

The Subnet mask used by Sage Pay is 255.255.255.000

Please ensure that your firewalls allow outbound Port 443 (HTTPS
only!) and inbound Ports 443 (and optionally 80 HTTP) access in
order to communicate with our servers (on Simulator/Test/Live).

在我的网络组中,

我刚刚将入站规则添加到端口 80,443 并将 IP 列入白名单 - 195.170.169.0/24 并对我的出站规则做了同样的事情。

但是我应该如何检查这些东西是否正常工作?因为我的网站仍然无法从 sagepay 方面得到响应(根据 sagepay 支持团队,通知 URL 也是正确的)

4

1 回答 1

2

更新(2020 年 7 月):

现在有一种更优雅的方法,使用应用服务中的内置功能 - https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#adding-and-editing -访问限制规则在门户中

知识产权限制

我在下面的回答现在已被弃用。

这是评论中您后续问题的答案。

<system.webServer>
    <security>
       <!-- this line denies everybody, except those listed below -->            
       <ipSecurity allowUnlisted="false">
           <!-- remove all upstream restrictions -->    
           <clear/>
           <!-- allow this network -->          
           <add ipAddress="195.170.169.0" subnetMask="255.255.255.0" allowed="true" />
       </ipSecurity>
    </security>
...
</system.webServer>

预期结果(来自允许网络之外的公共 IP 地址时):

$ curl -i http://{sitename}.azurewebsites.net/

HTTP/1.1 403 Forbidden
Content-Length: 58
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sat, 06 Aug 2016 19:46:04 GMT

You do not have permission to view this directory or page.
于 2016-08-06T19:38:46.860 回答