Dynamic IP Address Restrictions on Microsoft Azure Websites

To increase the security of a site, I think it’s important to know the dynamicIpSecurity section. It’s used to block malicious requests to our site based on the number of concurrent requests or considering the number of requests for a period of time, although both can be combined.

To make use of this section is necessary to have IP and Domain restrictions module on the IIS server, as shown in the official documentation . Microsoft Azure Web Sites enabled this module last summer.

To define these rules, simply add the dynamicIpSecurity section in system.webServer > security of the web.config file:

      <dynamicIpSecurity enableLoggingOnlyMode="true">
         <denyByConcurrentRequests enabled="true" maxConcurrentRequests="15" />
         <denyByRequestRate enabled="true" maxRequests="30" requestIntervalInMilliseconds="1000" />

Through denyByConcurrentRequests we choose the maximum number of concurrent connections using maxConcurrentRequests attribute. For denyByRequestRate is necessary to indicate the maximum number of requests through maxRequest and the interval during which it must not exceed this limit, using the requestIntervalInMilliseconds attribute.

Hope this helps.

Happy blocking!