Does PSI uses client IP to access the requested URL or it uses any internal network IP address?
We would like to allow only PSI to access our website.
PageSpeed Insights does not publish a fixed set of IP addresses (see here for previous discussion on this).
I would advise running Lighthouse Separately (via CI or via DevTools) which will get you the same lab-based analysis. Though be aware it can have different settings.
For the field analysis shown at the top, your site needs to be public anyway.
Related
Some of my apps are not working from some customers site, I later discovered that this was because I am using the default websites for my app hosting that is the url is myapp.azurewebsites.net which was not whitelisted on the customers firewall. The customer whitelisted my website domain name and its sub domain names .i.e mywebsite.com and *.mywebsite.com are all whitelisted.
If i were to create CNAME record which has a CNAME pointer to the azure default web app for example myapp.mywebsite.com points to myapp.azurewebsites.net, will this get around the issue ? Or do I need to whitelist myapp.azurewebsites.net Or its IP address that is the IP address of myapp.azurewebsites.net ?
Firstly, by default, apps hosted in App Service are accessible directly through the internet and can reach only internet-hosted endpoints. So, typically, anyone with the URL without any specific local network/firewall/proxy restrictions can access the WebApp URL.
As I understand, your WebApp is open to the public and only a few users (on a specific network), have trouble accessing the site. Plus, there are no access restrictions that you have implemented from the WebApp side.
Just to highlight,
Network administrators often deploy proxy servers, firewalls, or other
devices, which can help secure and give control over how users access
the internet. Rules designed to protect users can sometimes block or
slow down legitimate business-related internet traffic. This traffic
includes communications between you and Azure over the URLs listed
here.
Reference : Allow the Azure portal URLs on your firewall or proxy server
So, on case-case basis, for the affected network, you may have them add appservice.azure.com (Azure App Services) in the allowed list.
Or
As your customer performed – “The customer whitelisted my website domain name and its sub domain names .i.e mywebsite.com and *.mywebsite.com are all whitelisted.” have them add the URLs to allowedlist.
Or
Since IP address of your WebApp (see the reasons for the change), the best route would be for you to set up a custom domain for your WebApp.
Kindly check this doc - Tutorial: Map an existing custom DNS name to Azure App Service
The CNAME maps to the app's default hostname instead, which is less susceptible to change. | | Wildcard | *.contoso.com | CNAME record. |
-- As a side note (as indicated above), by setting up access restrictions, you can define a priority-ordered allow/deny list that controls network access to your app. Which is the opposite of your scenario, just sharing as FYI, in case you wish to know about access restrictions from WebApp side. Set up Azure App Service access restrictions
I am very new to Cloudflare. So please bear with me. I need to access my website (hosted in Microsoft Azure - App Services) via IP address instead of the domain name.
To do this, I need to add HOST=www.mydomain.com into the HTTP header when requesting the website via IP address.
I heard it can be solved via Cloudflare, but the person I asked will not elaborate further. Is it possible? If yes, what service should I purchase? Any manual or instruction will be appreciated.
If Cloudflare isn't possible, do you have any service recommendations?
Thanks :)
The reason the host header is needed is because Azure App Services are multi-tenant (multiple apps on a single IP) by default. So, the server needs some way to know where to route your request to (the host name). In addition, IPs are not guaranteed to be static (they can change as you scale for instance).
It should be possible to secure a single static IP address using the following method -
https://learn.microsoft.com/en-us/azure/app-service/overview-inbound-outbound-ips#get-a-static-inbound-ip
What is unclear is whether or not this IP would also be dedicated (meaning only your domain would use it). This is what would be required in order to allow you to access the app service without a hostname specified.
Cloudflare will not solve this issue, as it sits at the DNS layer (domain name access). Accessing a server via IP would bypass Cloudflare entirely.
i'm wondering if it's possible to configure a redirection on the Application Gateway and exclude an IP range from it.
Let's say i have a website configured and i'm currently running a maintenance tasks. So i'll configure a redirection on the application to my maintenance site. But after the maintenance is finished i want to check first if everything is fine before removing the temporary redirection. So for example my IP should be able to access the "real" website and all other requests are still forwarded to the maintenance page. Is this maybe possible with the traffic manager?
I haven't found anything really helpful untill now. Has someone an idea how this might be possible to configure?
Redirection based on specific IPs is not possible using the application gateway as far as I'm aware. But this feature is available with Azure APIM, and this is exactly the type of scenario were APIM is useful. You can set your Back-end service URL based on specific conditions (including IP filters). see link https://learn.microsoft.com/en-us/azure/api-management/api-management-transformation-policies#SetBackendService
For a full list of APIM polices : https://learn.microsoft.com/en-us/azure/api-management/api-management-policies
I'm attempting to create a server using IIS.
I created a site. Configured the firewall. It's available in the browser as localhost(http://localhost:8555/) and static IP(http://10.12.66.79:8555/) too
But from another network like my phone. I tried accessing using the static IP but it failed. then I tried using the virtual IP then it show me the login page of my service provider.
what I can do next?
Hope you grab a computer networking book some time to study the basic concepts.
10...* is a private address your ISP gives to your server,
https://en.wikipedia.org/wiki/IP_address#Private_addresses
So that this server can be accessed by other devices on the same network.
Your phone is on another network (via Internet in most cases), so it won't be able to access your server.
To pass packets between two networks, many other devices and settings are required.
If you do want to do experiments, public cloud computing platforms are far better an option, as they can give your server public IP addresses that can be accessed anywhere.
you can change the mobile's default DNS to your system's(IIS) IP may be this could help you but it can be able to run locally only. Make sure that your site is working in your system through the static IP (http://10.12.66.79:8555/) if it is working properly then this could be the only problem change the DNS.
I'm building a shopping site which uses a service which allows credit card payments (tranzilla), the service is requiring an IP or IP mask from which it will allow requests (by sockets). The problem is that I'm using heroku as hosting, which is decentralized...
Is there any way to do this? (except buying the custom ssl add-on, which is my last resort and not the best solution)
P.S. full IP mask is not acceptable.
There is now a new Heroku add-on called Proximo that gives you a static outbound IP address to connect to services with IP whitelists! At this time it's in private beta, and there is no pricing info available yet, but it seems like a promising solution: https://devcenter.heroku.com/articles/proximo
Yes, you can use a hosted VPN service to maintain a static IP Address in which to contact tranzilla. A proxy server might also work, however, using a public proxy server would be a bad idea.
You can also use Apigee to wrap the API in question - http://app.apigee.com/, and make your API call through Apigee instead of directly to the API in question. Then enter the IP that the Apigee call comes from, and you're set.