Wednesday, July 30, 2014

Dedicated IP address on Azure Websites

When you share the IP address with some other websites / clients / customers (like it happens on a multi-tenant environment), you could have some problems like, for instance, have your IP blacklisted because of other sites' content.

The only reliable way to resolve this and protect your site from a recurrence is to configure your site with a dedicated IP. This means that the site will be using its own IP, which would not be shared with other sites. 

In Azure, you can easily get a dedicated IP by configuring IP SSL. This option is available only to the sites in the Standard tier, but if you’re using a custom Domain on your site, there are some extra considerations.

If you are using a custom domain and have a CNAME record pointing from it to the site’s name in Azure (for example,, then it’s rather simple – just change the record with your DNS provider and then configure IP-SSL.

If, on the other hand, you are using an A-record to resolve the host name to an IP, it's recommended to follow these steps:

  1. Change your hostname mapping (i.e. from an A record to a CNAME pointing to your Microsoft Azure Web Site (i.e.  This should have no downtime as it will be pointing to the same IP. Wait some time for DNS replication to take place.
  2. Upload a certificate for to your website. This can be accomplished under Domain names in the Configure tab. Usually, you would have to purchase the Certificate from a Certificate provider, but if you don’t intend to actually use SSL, you can use a self-signed certificate which is easy to generate and won’t cost you a dime.
  3. Configure an IP Based SSL binding for This option is available under SSL Binding in the Configure tab. See the section Configure SSL in the Azure guide for SSL.

No comments: