我已经获得了我需要的所有资源。我将 Web 服务放入应用程序服务环境中,然后将 NSG 连接到应用程序服务环境使用的子网。然后,我允许 VNET 内的应用程序与 Web 服务进行通信,但它无法正常工作。我到底需要什么安全规则?
最佳答案
您可能想要一个ILB ASE相反,如果您只关心从虚拟网络内部访问应用服务环境,那么通过 VIP(公共(public) IP)公开您的应用服务环境是没有意义的。
An ASE can be deployed with an internet accessible endpoint or with an IP address in your VNet. In order to set the IP address to a VNet address you need to deploy your ASE with an Internal Load Balancer(ILB).
When your ASE is configured with an ILB you provide:
- your own domain or subdomain. but you can configure it either way.
- the certificate used for HTTPS
- DNS management for your subdomain
In return, you can do things such as:
- host intranet applications, like line of business applications, securely in the cloud which you access through a Site to Site or ExpressRoute VPN
- host apps in the cloud that are not listed in public DNS servers
- create internet isolated backend apps which your front end apps can securely integrate with
关于web-services - 如何使用网络安全组仅允许我的 Web 应用程序与我的 Web 服务通信,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39833242/