PowerShell scripts to bulk add IP ranges to Restricted Access feature of Azure App Service, learn more at https://swimburger.net/blog/azure/bulk-add-application-insights-availability-test-ips-to-azure-app-service-access-restrictions-using-az-powershell

AddAvailabilityRestrictedIPApp.ps1

Param( 
    [Parameter(Mandatory = $true)] 
    [string] $ResourceGroupName, 
    [Parameter(Mandatory = $true)] 
    [string] $AppServiceName, 
    [Parameter(Mandatory = $true)] 
    [string] $SubscriptionId, 
    [Parameter(Mandatory = $true)] 
    [string] $RulePriority
)

$ErrorActionPreference = "Stop"

$AvailabilityTestIpsFile = Get-Content "$PSScriptRoot/AvailabilityTestIps.txt"
$AvailabilityTestIpsLines = $AvailabilityTestIpsFile -split '\r?\n|\r'

$IsHeader = $True
$CurrentGroup = $Null;
$NewIpRestrictions = @();
ForEach($Line in $AvailabilityTestIpsLines){
    if($IsHeader){
        $CurrentGroup = $Line;
        $IsHeader = $False
        continue
    }

    if([System.String]::IsNullOrEmpty($Line)){
        $IsHeader = $True #next line will be header
        continue
    }

    $Ip = $Null
    if($Line.Contains("/")){
        $Ip = $Line;
    }else{
        $Ip = "$Line/32";
    }

    $NewIpRestrictions += @{
        ipAddress = $Ip; 
        action = "Allow";
        priority = $RulePriority;
        name = "Av IP $CurrentGroup";
        description = "Availability Test IP $CurrentGroup";
        tag = "Default";
    }
}

& "$PSScriptRoot\AddRestrictedIPAzureAppService.ps1" -ResourceGroupName $ResourceGroupName -AppServiceName $AppServiceName -SubscriptionId $SubscriptionId -NewIpRules $NewIpRestrictions

AddCloudflareRestrictedIPApp.ps1

Param( 
    [Parameter(Mandatory = $true)] 
    [string] $ResourceGroupName, 
    [Parameter(Mandatory = $true)] 
    [string] $AppServiceName, 
    [Parameter(Mandatory = $true)] 
    [string] $SubscriptionId, 
    [Parameter(Mandatory = $true)] 
    [string] $RulePriority
)

$ErrorActionPreference = "Stop"

$IPv4s = (Invoke-WebRequest -Uri "https://www.cloudflare.com/ips-v4").Content -split '\r?\n|\r';
$IPv6s = (Invoke-WebRequest -Uri "https://www.cloudflare.com/ips-v6").Content -split '\r?\n|\r';

$NewIpRestrictions = @();
foreach($IPv4 in $IPv4s){
    $NewIpRestrictions += @{
        ipAddress = $IPv4; 
        action = "Allow";
        priority = $RulePriority;
        name = "Cloudflare IPv4";
        description = "Cloudflare IPv4";
        tag = "Default";
    }
}

foreach($IPv6 in $IPv6s){
    $NewIpRestrictions += @{
        ipAddress = $IPv6; 
        action = "Allow";
        priority = $RulePriority;
        name = "Cloudflare IPv6";
        description = "Cloudflare IPv6";
        tag = "Default";
    }
}

& "$PSScriptRoot\AddRestrictedIPAzureAppService.ps1" -ResourceGroupName $ResourceGroupName -AppServiceName $AppServiceName -SubscriptionId $SubscriptionId -NewIpRules $NewIpRestrictions

AddRestrictedIPAzureAppService.ps1

Param( 
    [Parameter(Mandatory = $true)] 
    [string] $ResourceGroupName, 
    [Parameter(Mandatory = $true)] 
    [string] $AppServiceName, 
    [Parameter(Mandatory = $true)] 
    [string] $SubscriptionId, 
    [Parameter(Mandatory = $true)]
    [Hashtable[]] $NewIpRules
)

$ErrorActionPreference = "Stop"

Import-Module Az

if($Null -eq (Get-AzContext)){
    Login-AzAccount
}

Select-AzSubscription -SubscriptionId $SubscriptionId

$APIVersion = ((Get-AzResourceProvider -ProviderNamespace Microsoft.Web).ResourceTypes | Where-Object ResourceTypeName -eq sites).ApiVersions[0]

$WebAppConfig = Get-AzResource -ResourceName $AppServiceName -ResourceType Microsoft.Web/sites/config -ResourceGroupName $ResourceGroupName -ApiVersion $APIVersion

foreach ($NewIpRule in $NewIpRules) {
    $WebAppConfig.Properties.ipSecurityRestrictions += $NewIpRule
}

Set-AzResource -ResourceId $WebAppConfig.ResourceId -Properties $WebAppConfig.Properties -ApiVersion $APIVersion

AvailabilityTestIps.txt

Australia East
20.40.124.176/28
20.40.124.240/28
20.40.125.80/28

Brazil South
191.233.26.176/28
191.233.26.128/28
191.233.26.64/28

France Central - South
20.40.129.96/28
20.40.129.112/28
20.40.129.128/28
20.40.129.144/28

France Central
20.40.129.32/28
20.40.129.48/28
20.40.129.64/28
20.40.129.80/28

East Asia
52.229.216.48/28
52.229.216.64/28
52.229.216.80/28

North Europe
52.158.28.64/28
52.158.28.80/28
52.158.28.96/28
52.158.28.112/28

Japan East
52.140.232.160/28
52.140.232.176/28
52.140.232.192/28

West Europe
51.144.56.96/28
51.144.56.112/28
51.144.56.128/28
51.144.56.144/28
51.144.56.160/28
51.144.56.176/28

UK South
51.105.9.128/28
51.105.9.144/28
51.105.9.160/28

UK West
20.40.104.96/28
20.40.104.112/28
20.40.104.128/28
20.40.104.144/28

Southeast Asia
52.139.250.96/28
52.139.250.112/28
52.139.250.128/28
52.139.250.144/28

West US
40.91.82.48/28
40.91.82.64/28
40.91.82.80/28
40.91.82.96/28
40.91.82.112/28
40.91.82.128/28

Central US
13.86.97.224/28
13.86.97.240/28
13.86.98.48/28
13.86.98.0/28
13.86.98.16/28
13.86.98.64/28

North Central US
23.100.224.16/28
23.100.224.32/28
23.100.224.48/28
23.100.224.64/28
23.100.224.80/28
23.100.224.96/28
23.100.224.112/28
23.100.225.0/28

South Central US
20.45.5.160/28
20.45.5.176/28
20.45.5.192/28
20.45.5.208/28
20.45.5.224/28
20.45.5.240/28

East US
20.42.35.32/28
20.42.35.64/28
20.42.35.80/28
20.42.35.96/28
20.42.35.112/28
20.42.35.128/28

Ah, PS version was the issue. I was using 7.2.5 on Win11. I ran it on the same computer using PowerShell 5.1 and it worked perfectly! Thank you! 🧠

@Marko-TRG, strange. It worked for me on 7.2.5 on macOS.

@Swimburger yes, strange. I tried with 7.2.5 in a Debian 10 shell on the same machine and it works. I guess then just my PowerShell installation is b0rked. Sorry to waste your time.

@Marko-TRG It's all good, no waste of time! Glad it's working for you!