0

I am new to cloud computing. Sorry if this is a silly question. I have created a VM from azure portal. My requirement is not to allow the user using the VM to access public website. Can anyone help me how to achieve this functionality?

Thanks

jww
  • 97,681
  • 90
  • 411
  • 885
Mukil Deepthi
  • 6,072
  • 13
  • 71
  • 156
  • Possible duplicate of [How to prevent arbitrary client apps from using anonymous web API?](https://stackoverflow.com/q/5333368/608639), [How to block a specific App from accessing my website](https://stackoverflow.com/q/39669951/608639), [How can I block all mobile phones from accessing my website](https://stackoverflow.com/q/15932775/608639), etc. – jww Jul 03 '19 at 17:02

2 Answers2

2

You probably have a Network Security Group that was created when you created the VM. In there you can specify rules for inbound and outbound data traffic.

Find the NSG and add a rule that blocks all outbound traffic from the VM. You should still be able to connect to the VM, it just can't connect anywhere. You can also make the rule only block traffic bound to the internet if you still wish for it to have access to other machines in the same virtual network.

Network Security Groups documentation: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg

juunas
  • 54,244
  • 13
  • 113
  • 149
1

My requirement is not to allow the user using the VM to access public website.

According to your description, you just want user can't access the public website, as we know website common listen on 80 and 443, so we can add outbound rules to deny port 443, 80 and port 8080 to achieve this functionality.

I deny port 80, 443 and 8080, then my VM can't access https://google.com and http://google.com. enter image description hereenter image description here

Update:enter image description hereenter image description here

Jason Ye
  • 13,710
  • 2
  • 16
  • 25
  • Thanks. would you mind help me how to restrict accessing facebook and specific website. Thanks – Mukil Deepthi Jun 05 '17 at 21:50
  • @MukilDeepthi if you just want to block facebook, we can add outbound security rule, select Advanced and type facebook public ip addresses in it. I will update my answer, please check it. – Jason Ye Jun 06 '17 at 06:50
  • Thank you so much. I tried this earlier but for somereason i keep getting invalid range when i type for eg: 66.220.144.0-66.220.159.255. is this not the right format?Thanks – Mukil Deepthi Jun 06 '17 at 09:03
  • @MukilDeepthi for now, NSG does not support IP range, just support 10.0.0.0/24 or xx.xx.xx.xx/xx – Jason Ye Jun 06 '17 at 09:05
  • Ye sorry again. so what should be right entry in the source for blocking this facebook? will 10.0.0.0/24 will block facebook? sorry for the silly question :) – Mukil Deepthi Jun 06 '17 at 09:16
  • @MukilDeepthi for example we can use 66.220.144.0/19 for 66.220.144.0-66.220.159.255 – Jason Ye Jun 06 '17 at 09:25
  • Sorry not working. Even i tried to block google.com as shown in your example but not able to block – Mukil Deepthi Jun 18 '17 at 21:31