Apply IP restrictions for Azure Cloud Service

Since Azure SDK 2.4 there’s been a possibility to configure IP restrictions for Azure Cloud Services with Access Control List (ACL).

Just add the following to your ServiceConfiguration.Cloud.cscfg.


<?xml version="1.0" encoding="utf-8"?>  
<ServiceConfiguration serviceName="MyWebRole.Azure" xmlns="" osFamily="4" osVersion="*" schemaVersion="2014-06.2.4">  
  <Role name="MyWebRole">
      <AccessControl name="ipRestrictions">
        <Rule action="permit" description="allowed-edu" order="100" remoteSubnet="" />
        <Rule action="permit" description="allowed-test" order="101" remoteSubnet="" />
        <Rule action="permit" description="allowed-prod" order="102" remoteSubnet="" />
        <Rule action="deny" description="Others" order="800" remoteSubnet="" />
      <EndpointAcl role="MyWebRole" endPoint="Endpoint1" accessControl="ipRestrictions" />
      <EndpointAcl role="MyWebRole" endPoint="HttpsIn" accessControl="ipRestrictions" />

Be careful with rule attributes. Your deployment will fail if you have specified the same order number or description twice or the IP address in remoteSubnet is incorrect.