find a location for property in a new city

Thursday, 6 August 2015

Outbound IP address from Azure WebJobs or WebSite

I need to find the outbound IP address of an Azure Website so that I can whitelist this IP address in a service I wish to call. However there are concerns with this practice as I will explain.

Azure WebJobs are completely awesome and they should be used more. I have project however that I am using to pre-process a large amount of data. As part of this process, my Web Job will need to call a third party web service that operates an IP whitelist. So to call it successfully I need to find the IP address of my Azure WebJob.

That is simple enough, I confirmed the IP address using two sources, one is a given list of IP's as documented by Microsoft. Details on how to find yours are here: Azure Outbound IP restrictions. I also wrote a little code to make sure this matches from a WebJob like so:

public async static Task ProcessQueueMessage(
    [QueueTrigger("iptest")] string message,
    TextWriter log)
{
    using (var client = new HttpClient())
    {
        var response = await client.GetAsync("http://ip.appspot.com/");
        var ip = await response.Content.ReadAsStringAsync();
        await log.WriteAsync(ip);
    }
}

Popping something in the "iptest" queue kicked off the job and checking the logs confirmed the WebJobs are in fact consistent with the IP ranges documented.

There is a problem however, if you read that link you will discover that although it is roughly static it is not unique. You will share your outbound IP with other users of Azure WebSites that are hosted in the same region as you and the same scale unit as you. What is a scale unit? Who cares but there are 15 of them in the North Europe data centre for example so not a lot. Now how secure do you think IP whitelisting a shared IP is? Not very!

Workaround

Don't give up hope! The work arounds I can see are to ask the service provider to not rely on only IP whitelisting, have another form of authentication, an API key over SSL would work for example. Have it as well as IP Whitelisting if it makes them happy.

If they can't be controlled you can do your own magic. There are proxy providers out there that will provide your calls with a unique static IP address. Try QuotaGuard. Or make your own - if you already have a Cloud Service running in Azure you can proxy the service via that as they can have static and unique outbound IP addresses.

Follow britishdev on Twitter

7 comments:

  1. Thanks a lot for this nice and well maintained website. I have also bookmarked this website. Now get the most affordable mats in London from rubbergymmatsuk.co.uk

    ReplyDelete
  2. Thank you for taking the time to provide us with your valuable information. We strive to provide our candidates with excellent care and we take your comments to heart.As always, we appreciate your confidence and trust in us.


    SAP Training in Chennai

    ReplyDelete

  3. Thanks for posting this useful content, Good to know about new things here, Let me share this, . Hadoop training in pune

    ReplyDelete
  4. That the development team for each company all the theoretical and practical knowledge of PHP web development work. Houston Website Development

    ReplyDelete
  5. Very helpful post.Thanks for your great information! Keep sharing.
    erp in chennai | erp software providers in chennai

    ReplyDelete
  6. Nice Blog.Thank you for Sharing. We are leading erp software software solution providers in chennai. For more details call +91 9677025199. erp software in chennai | erp providers in chennai | online events registration

    ReplyDelete