-
-
Save Swimburger/b2d58bff38156b73a5417b7f818fc5be to your computer and use it in GitHub Desktop.
Param( | |
[Parameter(Mandatory = $true)] | |
[string] $ResourceGroupName, | |
[Parameter(Mandatory = $true)] | |
[string] $AppServiceName, | |
[Parameter(Mandatory = $true)] | |
[string] $SubscriptionId, | |
[Parameter(Mandatory = $true)] | |
[string] $RulePriority | |
) | |
$ErrorActionPreference = "Stop" | |
$AvailabilityTestIpsFile = Get-Content "$PSScriptRoot/AvailabilityTestIps.txt" | |
$AvailabilityTestIpsLines = $AvailabilityTestIpsFile -split '\r?\n|\r' | |
$IsHeader = $True | |
$CurrentGroup = $Null; | |
$NewIpRestrictions = @(); | |
ForEach($Line in $AvailabilityTestIpsLines){ | |
if($IsHeader){ | |
$CurrentGroup = $Line; | |
$IsHeader = $False | |
continue | |
} | |
if([System.String]::IsNullOrEmpty($Line)){ | |
$IsHeader = $True #next line will be header | |
continue | |
} | |
$Ip = $Null | |
if($Line.Contains("/")){ | |
$Ip = $Line; | |
}else{ | |
$Ip = "$Line/32"; | |
} | |
$NewIpRestrictions += @{ | |
ipAddress = $Ip; | |
action = "Allow"; | |
priority = $RulePriority; | |
name = "Av IP $CurrentGroup"; | |
description = "Availability Test IP $CurrentGroup"; | |
tag = "Default"; | |
} | |
} | |
& "$PSScriptRoot\AddRestrictedIPAzureAppService.ps1" -ResourceGroupName $ResourceGroupName -AppServiceName $AppServiceName -SubscriptionId $SubscriptionId -NewIpRules $NewIpRestrictions |
Param( | |
[Parameter(Mandatory = $true)] | |
[string] $ResourceGroupName, | |
[Parameter(Mandatory = $true)] | |
[string] $AppServiceName, | |
[Parameter(Mandatory = $true)] | |
[string] $SubscriptionId, | |
[Parameter(Mandatory = $true)] | |
[string] $RulePriority | |
) | |
$ErrorActionPreference = "Stop" | |
$IPv4s = (Invoke-WebRequest -Uri "https://www.cloudflare.com/ips-v4").Content -split '\r?\n|\r'; | |
$IPv6s = (Invoke-WebRequest -Uri "https://www.cloudflare.com/ips-v6").Content -split '\r?\n|\r'; | |
$NewIpRestrictions = @(); | |
foreach($IPv4 in $IPv4s){ | |
$NewIpRestrictions += @{ | |
ipAddress = $IPv4; | |
action = "Allow"; | |
priority = $RulePriority; | |
name = "Cloudflare IPv4"; | |
description = "Cloudflare IPv4"; | |
tag = "Default"; | |
} | |
} | |
foreach($IPv6 in $IPv6s){ | |
$NewIpRestrictions += @{ | |
ipAddress = $IPv6; | |
action = "Allow"; | |
priority = $RulePriority; | |
name = "Cloudflare IPv6"; | |
description = "Cloudflare IPv6"; | |
tag = "Default"; | |
} | |
} | |
& "$PSScriptRoot\AddRestrictedIPAzureAppService.ps1" -ResourceGroupName $ResourceGroupName -AppServiceName $AppServiceName -SubscriptionId $SubscriptionId -NewIpRules $NewIpRestrictions |
Param( | |
[Parameter(Mandatory = $true)] | |
[string] $ResourceGroupName, | |
[Parameter(Mandatory = $true)] | |
[string] $AppServiceName, | |
[Parameter(Mandatory = $true)] | |
[string] $SubscriptionId, | |
[Parameter(Mandatory = $true)] | |
[Hashtable[]] $NewIpRules | |
) | |
$ErrorActionPreference = "Stop" | |
Import-Module Az | |
if($Null -eq (Get-AzContext)){ | |
Login-AzAccount | |
} | |
Select-AzSubscription -SubscriptionId $SubscriptionId | |
$APIVersion = ((Get-AzResourceProvider -ProviderNamespace Microsoft.Web).ResourceTypes | Where-Object ResourceTypeName -eq sites).ApiVersions[0] | |
$WebAppConfig = Get-AzResource -ResourceName $AppServiceName -ResourceType Microsoft.Web/sites/config -ResourceGroupName $ResourceGroupName -ApiVersion $APIVersion | |
foreach ($NewIpRule in $NewIpRules) { | |
$WebAppConfig.Properties.ipSecurityRestrictions += $NewIpRule | |
} | |
Set-AzResource -ResourceId $WebAppConfig.ResourceId -Properties $WebAppConfig.Properties -ApiVersion $APIVersion |
Australia East | |
20.40.124.176/28 | |
20.40.124.240/28 | |
20.40.125.80/28 | |
Brazil South | |
191.233.26.176/28 | |
191.233.26.128/28 | |
191.233.26.64/28 | |
France Central - South | |
20.40.129.96/28 | |
20.40.129.112/28 | |
20.40.129.128/28 | |
20.40.129.144/28 | |
France Central | |
20.40.129.32/28 | |
20.40.129.48/28 | |
20.40.129.64/28 | |
20.40.129.80/28 | |
East Asia | |
52.229.216.48/28 | |
52.229.216.64/28 | |
52.229.216.80/28 | |
North Europe | |
52.158.28.64/28 | |
52.158.28.80/28 | |
52.158.28.96/28 | |
52.158.28.112/28 | |
Japan East | |
52.140.232.160/28 | |
52.140.232.176/28 | |
52.140.232.192/28 | |
West Europe | |
51.144.56.96/28 | |
51.144.56.112/28 | |
51.144.56.128/28 | |
51.144.56.144/28 | |
51.144.56.160/28 | |
51.144.56.176/28 | |
UK South | |
51.105.9.128/28 | |
51.105.9.144/28 | |
51.105.9.160/28 | |
UK West | |
20.40.104.96/28 | |
20.40.104.112/28 | |
20.40.104.128/28 | |
20.40.104.144/28 | |
Southeast Asia | |
52.139.250.96/28 | |
52.139.250.112/28 | |
52.139.250.128/28 | |
52.139.250.144/28 | |
West US | |
40.91.82.48/28 | |
40.91.82.64/28 | |
40.91.82.80/28 | |
40.91.82.96/28 | |
40.91.82.112/28 | |
40.91.82.128/28 | |
Central US | |
13.86.97.224/28 | |
13.86.97.240/28 | |
13.86.98.48/28 | |
13.86.98.0/28 | |
13.86.98.16/28 | |
13.86.98.64/28 | |
North Central US | |
23.100.224.16/28 | |
23.100.224.32/28 | |
23.100.224.48/28 | |
23.100.224.64/28 | |
23.100.224.80/28 | |
23.100.224.96/28 | |
23.100.224.112/28 | |
23.100.225.0/28 | |
South Central US | |
20.45.5.160/28 | |
20.45.5.176/28 | |
20.45.5.192/28 | |
20.45.5.208/28 | |
20.45.5.224/28 | |
20.45.5.240/28 | |
East US | |
20.42.35.32/28 | |
20.42.35.64/28 | |
20.42.35.80/28 | |
20.42.35.96/28 | |
20.42.35.112/28 | |
20.42.35.128/28 |
Are the parentheses illegal characters or something, is that why you had to rename it?
Apologies, I meant to state that!
It exceeds the 32 character name limit.
Thank you for letting me know. Glad it was helpful.
I updated the name in the gist, but if folks get it from the source (Azure Docs), it'll still have the 30+ character name, so follow @madshaun1984 's advice 👍
Great scripts, thank you! I am just getting this error with the AddCloudflareRestrictedIPApp one, something to do with the newlines perhaps?
{"Code":"BadRequest","Message":"IpSecurityRestriction.IpAddress is invalid.
| '173.245.48.0/20\n103.21.244.0/22\n103.22.200.0/22\n103.31.4.0/22\n141.101.64.0/18\n108.162.192.0/18\n190.93.240.0/20\n188.114.96.0/20\n197.234.240.0/22\n198.41.128.0/17\n162.158.0.0/15\n104.16.0.0/13\n104.24.0.0/14\n172.64.0.0/13\n131.0.72.0/22' is an invalid CIDR!","Target":null,"Details":[{"Message":"IpSecurityRestriction.IpAddress is invalid. '173.245.48.0/20\n103.21.244.0/22\n103.22.200.0/22\n103.31.4.0/22\n141.101.64.0/18\n108.162.192.0/18\n190.93.240.0/20\n188.114.96.0/20\n197.234.240.0/22\n198.41.128.0/17\n162.158.0.0/15\n104.16.0.0/13\n104.24.0.0/14\n172.64.0.0/13\n131.0.72.0/22' is an invalid CIDR!"},{"Code":"BadRequest"},{"ErrorEntity":{"ExtendedCode":"51021","MessageTemplate":"{0} is invalid. {1}","Parameters":["IpSecurityRestriction.IpAddress","'173.245.48.0/20\n103.21.244.0/22\n103.22.200.0/22\n103.31.4.0/22\n141.101.64.0/18\n108.162.192.0/18\n190.93.240.0/20\n188.114.96.0/20\n197.234.240.0/22\n198.41.128.0/17\n162.158.0.0/15\n104.16.0.0/13\n104.24.0.0/14\n172.64.0.0/13\n131.0.72.0/22' is an invalid CIDR!"],"Code":"BadRequest","Message":"IpSecurityRestriction.IpAddress is invalid. '173.245.48.0/20\n103.21.244.0/22\n103.22.200.0/22\n103.31.4.0/22\n141.101.64.0/18\n108.162.192.0/18\n190.93.240.0/20\n188.114.96.0/20\n197.234.240.0/22\n198.41.128.0/17\n162.158.0.0/15\n104.16.0.0/13\n104.24.0.0/14\n172.64.0.0/13\n131.0.72.0/22' is an invalid CIDR!"}}],"Innererror":null}
@Marko-TRG , the script uses the newline character to split the CIDR's.
$IPv4s = (Invoke-WebRequest -Uri "https://www.cloudflare.com/ips-v4").Content.TrimEnd([Environment]::NewLine).Split([Environment]::NewLine);
I'm not having this issue when I run it.
What OS do you use? What version of PowerShell?
Ah, PS version was the issue. I was using 7.2.5 on Win11. I ran it on the same computer using PowerShell 5.1 and it worked perfectly! Thank you! 🧠
@Marko-TRG, strange. It worked for me on 7.2.5 on macOS.
@Swimburger yes, strange. I tried with 7.2.5 in a Debian 10 shell on the same machine and it works. I guess then just my PowerShell installation is b0rked. Sorry to waste your time.
@Marko-TRG It's all good, no waste of time! Glad it's working for you!
Line 11 of "AvailabilityTestIps.txt" breaks naming rules.
Renaming this group to "France Central - South" works.
Once this was resolved this script saved me from at least an hour manually adding these IP's to Web App 2 instances! Cheers