我对Azure Network Security Group几乎没有任何问题。 目前,我正在使用Azure App Services发布我的网站以及Azure,App Services,NSG控制的网络端,例如入站和出站安全性等。
我正在使用sagepay支付网关。他们让我做以下步骤,以便我的sagepay集成成功。
Please ensure that all of the following IP addresses are allowed within your Server or Firewall: For outbound traffic to our gateway: 195.170.169.9 – live.sagepay.com 195.170.169.8 – test.sagepay.com For inbound traffic you only need to whitelist IPs if you are The IPs from which we call back are: 195.170.169.14 195.170.169.18 195.170.169.15 The Subnet mask used by Sage Pay is 255.255.255.000 Please ensure that your firewalls allow outbound Port 443 (HTTPS only!) and inbound Ports 443 (and optionally 80 HTTP) access in order to communicate with our servers (on Simulator/Test/Live).
在我的网络群中,
我刚刚将入站规则添加到端口80,443并将IP列入白名单 - 195.170.169.0/24 并对我的出境规则做了同样的事情。
但我如何支持检查这些东西是否正常工作? 因为我的网站仍然无法从sagepay方面得到回应(根据sagepay支持团队,通知URL也是正确的)
答案 0 :(得分:2)
以下是评论中跟进问题的答案。
<system.webServer>
<security>
<!-- this line denies everybody, except those listed below -->
<ipSecurity allowUnlisted="false">
<!-- remove all upstream restrictions -->
<clear/>
<!-- allow this network -->
<add ipAddress="195.170.169.0" subnetMask="255.255.255.0" allowed="true" />
</ipSecurity>
</security>
...
</system.webServer>
预期结果(来自允许网络外的公共IP地址):
$ curl -i http://{sitename}.azurewebsites.net/
HTTP/1.1 403 Forbidden
Content-Length: 58
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sat, 06 Aug 2016 19:46:04 GMT
You do not have permission to view this directory or page.