Restrict access to Azure Websites by whitelisting

Question

I've found this interesting article where it's described how to only allow certain IPs to access a given website.

If I understood it correctly I can use a list of static IP address of the office computers to limit the machines that can access it, right?

My doubt now is about the DNS lookup. At the company we have 3 DNS servers working 10.xxx.xxx.xxx, etc.. If I had those three address like the following, can I rest assure that only pcs in the company network will be able to access the site?

<add domainName="10.xxx.xxx.xx1" allowed="true" />
<add domainName="10.xxx.xxx.xx2" allowed="true" />
<add domainName="10.xxx.xxx.xx3" allowed="true" />

Answer 1

The 10...* network is classed as network address that is only usable by private networks. The routers on the public network i.e. the internet (and Azure) are configured to drop all packets with a destination of a private network.

When a machine on your private network sends a request to Azure it sends the request from your public IP address, that is mapped to an address on the internal network.

Azure never sees the 10...* network, it has no ability to make decisions based on addresses in that network.

Answer 2

You can try adding combination on ip address and subnet mask. Check https://azure.microsoft.com/en-us/blog/ip-and-domain-restrictions-for-windows-azure-web-sites/