Apply IP restrictions for Azure Cloud Service

Since Azure SDK 2.4 there’s been a possibility to configure IP restrictions for Azure Cloud Services with Access Control List (ACL).

Just add the following to your ServiceConfiguration.Cloud.cscfg.

ServiceConfiguration.Cloud.cscfg

<?xml version="1.0" encoding="utf-8"?>  
<ServiceConfiguration serviceName="MyWebRole.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="4" osVersion="*" schemaVersion="2014-06.2.4">  
  <Role name="MyWebRole">
    ...
  </Role>
  <NetworkConfiguration>
    <AccessControls>
      <AccessControl name="ipRestrictions">
        <Rule action="permit" description="allowed-edu" order="100" remoteSubnet="137.116.133.111/32" />
        <Rule action="permit" description="allowed-test" order="101" remoteSubnet="168.61.66.2/32" />
        <Rule action="permit" description="allowed-prod" order="102" remoteSubnet="168.61.66.131/32" />
        <Rule action="deny" description="Others" order="800" remoteSubnet="0.0.0.0/0" />
      </AccessControl>
    </AccessControls>
    <EndpointAcls>
      <EndpointAcl role="MyWebRole" endPoint="Endpoint1" accessControl="ipRestrictions" />
      <EndpointAcl role="MyWebRole" endPoint="HttpsIn" accessControl="ipRestrictions" />
    </EndpointAcls>
  </NetworkConfiguration>
</ServiceConfiguration>  

Be careful with rule attributes. Your deployment will fail if you have specified the same order number or description twice or the IP address in remoteSubnet is incorrect.