CODEWITHSUNDEEP
powershellazureazure-resource-manager
Andy C
Andy C

Reputation: 73

Azure Resource Manager IP Security Restrictions using Powershell

I'm trying to use Powershell to set IP Security Restrictions. My syntax is not returning any errors, but settings are not changing. The "ipSecurityRestrictions" property is a hashtable.

$r = Get-AzureRmResource -ResourceGroupName *resource-group-name* -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01
$p = $r.Properties
$p.ipSecurityRestrictions = @{ ipAddress = "0.0.0.0"; subnetMask = "0.0.0.0" }
Set-AzureRmResource -ResourceGroupName *resource-group-name* -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01 -PropertyObject $p

It's not a permissions issue, and there are no errors returned. To change a property that is not a hashtable, such as the phpVersion the following code is working fine:

$p.phpVersion = "7.0"

Anyone successfully set ipSecurityRestrictions using this method?

Upvotes: 7

Views: 4130

Answers (2)

Martin Brandl
Martin Brandl

Reputation: 58931

Here is a convenience function to add a rule:

function Add-AzureIpRestrictionRule
{
    [CmdletBinding()]
    Param
    (
        # Name of the resource group that contains the App Service.
        [Parameter(Mandatory=$true, Position=0)]
        $ResourceGroupName, 

        # Name of your Web or API App.
        [Parameter(Mandatory=$true, Position=1)]
        $AppServiceName, 

        # rule to add.
        [Parameter(Mandatory=$true, Position=2)]
        [PSCustomObject]$rule 
    )

    $ApiVersions = Get-AzureRmResourceProvider -ProviderNamespace Microsoft.Web | 
        Select-Object -ExpandProperty ResourceTypes |
        Where-Object ResourceTypeName -eq 'sites' |
        Select-Object -ExpandProperty ApiVersions

    $LatestApiVersion = $ApiVersions[0]

    $WebAppConfig = Get-AzureRmResource -ResourceType 'Microsoft.Web/sites/config' -ResourceName $AppServiceName -ResourceGroupName $ResourceGroupName -ApiVersion $LatestApiVersion

    $WebAppConfig.Properties.ipSecurityRestrictions =  $WebAppConfig.Properties.ipSecurityRestrictions + @($rule) | 
        Group-Object name | 
        ForEach-Object { $_.Group | Select-Object -Last 1 }

    Set-AzureRmResource -ResourceId $WebAppConfig.ResourceId -Properties $WebAppConfig.Properties -ApiVersion $LatestApiVersion -Force    
}

Usage example:

Login-AzureRmAccount
# determine current ip
$clientIp = Invoke-WebRequest 'https://api.ipify.org' | Select-Object -ExpandProperty Content

$rule = [PSCustomObject]@{
    ipAddress = "$($clientIp)/32"
    action = "Allow"  
    priority = 123 
    name = '{0}_{1}' -f $env:computername, $env:USERNAME 
    description = "Automatically added ip restriction"
}

Add-AzureIpRestrictionRule -ResourceGroupName "myResourceGroup" -AppServiceName "myAppServiceName" -rule $rule

Source: Configure Azure App Service IP Restrictions using PowerShell

Upvotes: 0

Tom Sun
Tom Sun

Reputation: 24529

ipSecurityRestrictions should be object array. Please have a try to change code as following. It works correctly for me.

$r = Get-AzureRmResource -ResourceGroupName "Resoucegroup name" -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01

$p = $r.Properties
$p.ipSecurityRestrictions = @()
$restriction = @{}
$restriction.Add("ipAddress","0.0.0.0")
$restriction.Add("subnetMask","0.0.0.0")
$p.ipSecurityRestrictions+= $restriction

Set-AzureRmResource -ResourceGroupName  "Resoucegroup name" -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01 -PropertyObject $p

enter image description here

After that we can get the result from the resources azure (https://resources.azure.com).

enter image description here

We also can get powershell cmd from the resource azure.

enter image description here

Upvotes: 14

Related Questions