I have a url as below from Azure Portal
https://qwergeneralstorage.blob.core.windows.net/sqldb/DBNAME-Test.bacpac?sp=r&st=2018-07-11T02:12:52Z&se=2018-07-13T08:12:52Z&spr=https&sv=2017-11-09&sig=%2FYrtyuZtl5eJdfj07mTtKjbol8J9d1%2thyuJ%klemhg%3D&sr=b
How can I determine the IP address from this?
If you want to get the IP Address, you could use cmd to ping the url host name.
But you need to note that the IP Address changes every week. You could download the xml file in this link, then check the IP Address range of different regions in the file.
Details
This file contains the IP address ranges (including Compute, SQL and Storage ranges) used in the Microsoft Azure Datacenters. An updated file is posted weekly which reflects the currently deployed ranges and any upcoming changes to the IP ranges. New ranges appearing in the file will not be used in the datacenters for at least one week. Please download the new xml file every week and perform the necessary changes on your site to correctly identify services running in Azure.
Related
Our software uses Azure.Core, Azure.Storage.Blobs and Azure.Storage.Common to interact with Azure Blob Storage Accounts held in North Europe (i.e. Ireland)
We store files in various containers in such Storage Accounts
Some of our clients have very strict policies regarding access to "the internet" and we are asked to provide some information about this, and I have to admit I'm not sure.
I can do something like ping someblobaccounthere.blob.core.windows.net and that will give me an IP address, but will it always be the same IP address? How do Azure.Storage.Blobs and associated DLLs interact with such an account?
Are the requests made through HTTPS or are these DLLs interacting through other protocols, do I need to tell them to open certain ports or will default ports such as 443 and (80 for http) work? Will this play nice with proxies?
I did have a bit of a google around but my Google Fu is failing me and I'm not finding clear answers.
Our apps are built for .NET Framework 4.8 - in case that is significant.
You can view/download the ip ranges from this link:
This file contains the IP address ranges for Public Azure as a whole, each Azure region within Public, and ranges for several Azure Services (Service Tags) such as Storage, SQL and AzureTrafficManager in Public. This file currently includes only IPv4 address ranges but a schema extension in the near future will enable us to support IPv6 address ranges as well. Service Tags are each expressed as one set of cloud-wide ranges and broken out by region within that cloud. This file is updated weekly. New ranges appearing in the file will not be used in Azure for at least one week. Please download the new json file every week and perform the necessary changes at your site to correctly identify services running in Azure.
IMHO Azure storage should be configured to use https only so the https port should be open.
I have placed the installation scripts and files on Blob storage at Azure.
Now I want only specific users/clients to access this storage area and download the installation scripts and files.
In order to accomplish this, I'm using Shared Access Signatures (SAS). So I Generate SAS for script file(s). But when it comes to "Allowed IP addresses", I can only specify one IP address or range of IP addresses. While I've 3 different clients at moment (which will increase in future), and they all have their different IP addresses. So how can I specify these 3 separate IPs in here?
Any assistance in this matter is highly appreciated. Also if there is any other possible / recommended solution for my requirement then please guide me to that as well, if possible. I'm open to any alternate better option.
Thanks
So how can I specify these 3 separate IPs in here?
In a single SAS, you can either specify a single IP address (e.g. 10.2.1.80) or an IP address range (10.2.1.80-10.2.1.90).
In your case, you will need to generate a separate SAS token for each client with their respective IP address.
Have one app service plan (standard 1 pricing tier) with only one web app. From what I understand I have a static ip based on this configuration / price. So when I do an nslookup on my web site and get an ip back, that ip is static correct? Just needed verification. TIA.
So when I do an nslookup on my web site and get an ip back, that ip is static correct? Just needed verification
Every Azure Web App have 1 external IP address and multi outbound addresses. What you saw from nslookup is external IP address.
The external IP address(Inbound address) is used for domain binding(A record binding). If you want to binding your custom domain, please use external IP address. You could find the external IP address from Azure portal. Web App->Custom Domains tab.
From official document, we know
If you delete and recreate your app, or change from a higher pricing tier back to the Shared tier, your app's external IP address may change. Otherwise, the external IP address won't be changed.
Traffic come from your web app will use one of the outbound addresses as IP address. There is no agreement of when the outbound IP address will change or not. They will not change from 1 day to the next, nor is there any plan or real need to change them.
will there be some type of notification from azure when the outbounds do change?
There is no official document which pointed it out. I found following words from MSDN forum. Hope it will be helpful for you.
It becomes necessary for Azure infrastructure to increase the number of outbound IP addresses. In that case the existing IP addresses will be preserved but there will be some new ones. So far there hasn't been a need to increase number of IP addresses and if there ever be the need for that there will be an early notice about it.
The Web App gets relocated to a different scale unit. Prior to that the subscription owner gets an email notification one month in advance.
From: Static outbound IP addresses for Azure Web Apps?
I'm pretty sure you are assigned 4 external IP addresses, so at the very least there are 4 ip addresses you need to consider static, but from what I can tell they are subject to change (that's how it previously was, I'm not sure if it holds now).
Also, remember that those are shared, so whitelisting those is potentially dangerous.
I try to access my Azure SQL Database via U-SQL but I got the following error:
Internal error! Cannot open server 'testusql' requested by the login.
Client with IP address '104.44.91.xx' is not allowed to access the
server. To enable access, use the Windows Azure Management Portal or
run sp_set_firewall_rule on the master database to create a firewall
rule for this IP address or address range. It may take up to five
minutes for this change to take effect.
I found an article about IP range in US (here), but not in Europe. Where can I find information about the range for North Europe?
I configured the Azure SQL Server firewall to allow access to Azure Services, but it not works (maybe due to the different regions).
Thank you very much.
Peter
my apology but I am currently on vacation, so I had not time to update the IP ranges yet. It should be 104.44.91.64/27 for EU North.
I've entered the IP address from the Windows Azure Portal (both the one specified in the website Dashboard or within the Manage Domains area) but when trying to use SagePay Direct it returns that it is not a valid IP address.
I eventually solved this by doing a "showpost" for SagePay and then having to tell me what the IP address is.
The problem is - how can I determine this IP address for myself? As I worry that the IP address could change in the future.
If I use "Request.ServerVariables("LOCAL_ADDR")" (Classic ASP) it seems to return the local IP address of the webserver.
what if you create a script or something that just returns the visitor IP address and make a request, get or post, to that script from your server?
The IP Address that you see to use for your A records is not the outgoing IP Address used by Azure Websites. Hence why SagePay does not accept transactions from the website because it is an invalid IP Address.
Instead there are 4 IP Addresses that you need to add, and those 4 IP Addresses depend on what Scale Unit your site uses.
The scale unit for your site can be found from the FTP Host Name for your Azure website. For example: ftp://waws-prod-blu-011.ftp.azurewebsites.windows.net - the scale unit is 'waws-prod-blu-011'
I then put that into Google, and a couple of azure maintenance articles came up. Scroll the article to you see your region, and then your scale unit and there are the 4 IP Addresses you need.
Please refer to this azure maintenance article for more information.