Last active
August 3, 2023 15:27
-
-
Save Swimburger/b2d58bff38156b73a5417b7f818fc5be to your computer and use it in GitHub Desktop.
PowerShell scripts to bulk add IP ranges to Restricted Access feature of Azure App Service, learn more at https://swimburger.net/blog/azure/bulk-add-application-insights-availability-test-ips-to-azure-app-service-access-restrictions-using-az-powershell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Param( | |
[Parameter(Mandatory = $true)] | |
[string] $ResourceGroupName, | |
[Parameter(Mandatory = $true)] | |
[string] $AppServiceName, | |
[Parameter(Mandatory = $true)] | |
[string] $SubscriptionId, | |
[Parameter(Mandatory = $true)] | |
[string] $RulePriority | |
) | |
$ErrorActionPreference = "Stop" | |
$AvailabilityTestIpsFile = Get-Content "$PSScriptRoot/AvailabilityTestIps.txt" | |
$AvailabilityTestIpsLines = $AvailabilityTestIpsFile -split '\r?\n|\r' | |
$IsHeader = $True | |
$CurrentGroup = $Null; | |
$NewIpRestrictions = @(); | |
ForEach($Line in $AvailabilityTestIpsLines){ | |
if($IsHeader){ | |
$CurrentGroup = $Line; | |
$IsHeader = $False | |
continue | |
} | |
if([System.String]::IsNullOrEmpty($Line)){ | |
$IsHeader = $True #next line will be header | |
continue | |
} | |
$Ip = $Null | |
if($Line.Contains("/")){ | |
$Ip = $Line; | |
}else{ | |
$Ip = "$Line/32"; | |
} | |
$NewIpRestrictions += @{ | |
ipAddress = $Ip; | |
action = "Allow"; | |
priority = $RulePriority; | |
name = "Av IP $CurrentGroup"; | |
description = "Availability Test IP $CurrentGroup"; | |
tag = "Default"; | |
} | |
} | |
& "$PSScriptRoot\AddRestrictedIPAzureAppService.ps1" -ResourceGroupName $ResourceGroupName -AppServiceName $AppServiceName -SubscriptionId $SubscriptionId -NewIpRules $NewIpRestrictions |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Param( | |
[Parameter(Mandatory = $true)] | |
[string] $ResourceGroupName, | |
[Parameter(Mandatory = $true)] | |
[string] $AppServiceName, | |
[Parameter(Mandatory = $true)] | |
[string] $SubscriptionId, | |
[Parameter(Mandatory = $true)] | |
[string] $RulePriority | |
) | |
$ErrorActionPreference = "Stop" | |
$IPv4s = (Invoke-WebRequest -Uri "https://www.cloudflare.com/ips-v4").Content -split '\r?\n|\r'; | |
$IPv6s = (Invoke-WebRequest -Uri "https://www.cloudflare.com/ips-v6").Content -split '\r?\n|\r'; | |
$NewIpRestrictions = @(); | |
foreach($IPv4 in $IPv4s){ | |
$NewIpRestrictions += @{ | |
ipAddress = $IPv4; | |
action = "Allow"; | |
priority = $RulePriority; | |
name = "Cloudflare IPv4"; | |
description = "Cloudflare IPv4"; | |
tag = "Default"; | |
} | |
} | |
foreach($IPv6 in $IPv6s){ | |
$NewIpRestrictions += @{ | |
ipAddress = $IPv6; | |
action = "Allow"; | |
priority = $RulePriority; | |
name = "Cloudflare IPv6"; | |
description = "Cloudflare IPv6"; | |
tag = "Default"; | |
} | |
} | |
& "$PSScriptRoot\AddRestrictedIPAzureAppService.ps1" -ResourceGroupName $ResourceGroupName -AppServiceName $AppServiceName -SubscriptionId $SubscriptionId -NewIpRules $NewIpRestrictions |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Param( | |
[Parameter(Mandatory = $true)] | |
[string] $ResourceGroupName, | |
[Parameter(Mandatory = $true)] | |
[string] $AppServiceName, | |
[Parameter(Mandatory = $true)] | |
[string] $SubscriptionId, | |
[Parameter(Mandatory = $true)] | |
[Hashtable[]] $NewIpRules | |
) | |
$ErrorActionPreference = "Stop" | |
Import-Module Az | |
if($Null -eq (Get-AzContext)){ | |
Login-AzAccount | |
} | |
Select-AzSubscription -SubscriptionId $SubscriptionId | |
$APIVersion = ((Get-AzResourceProvider -ProviderNamespace Microsoft.Web).ResourceTypes | Where-Object ResourceTypeName -eq sites).ApiVersions[0] | |
$WebAppConfig = Get-AzResource -ResourceName $AppServiceName -ResourceType Microsoft.Web/sites/config -ResourceGroupName $ResourceGroupName -ApiVersion $APIVersion | |
foreach ($NewIpRule in $NewIpRules) { | |
$WebAppConfig.Properties.ipSecurityRestrictions += $NewIpRule | |
} | |
Set-AzResource -ResourceId $WebAppConfig.ResourceId -Properties $WebAppConfig.Properties -ApiVersion $APIVersion |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Australia East | |
20.40.124.176/28 | |
20.40.124.240/28 | |
20.40.125.80/28 | |
Brazil South | |
191.233.26.176/28 | |
191.233.26.128/28 | |
191.233.26.64/28 | |
France Central - South | |
20.40.129.96/28 | |
20.40.129.112/28 | |
20.40.129.128/28 | |
20.40.129.144/28 | |
France Central | |
20.40.129.32/28 | |
20.40.129.48/28 | |
20.40.129.64/28 | |
20.40.129.80/28 | |
East Asia | |
52.229.216.48/28 | |
52.229.216.64/28 | |
52.229.216.80/28 | |
North Europe | |
52.158.28.64/28 | |
52.158.28.80/28 | |
52.158.28.96/28 | |
52.158.28.112/28 | |
Japan East | |
52.140.232.160/28 | |
52.140.232.176/28 | |
52.140.232.192/28 | |
West Europe | |
51.144.56.96/28 | |
51.144.56.112/28 | |
51.144.56.128/28 | |
51.144.56.144/28 | |
51.144.56.160/28 | |
51.144.56.176/28 | |
UK South | |
51.105.9.128/28 | |
51.105.9.144/28 | |
51.105.9.160/28 | |
UK West | |
20.40.104.96/28 | |
20.40.104.112/28 | |
20.40.104.128/28 | |
20.40.104.144/28 | |
Southeast Asia | |
52.139.250.96/28 | |
52.139.250.112/28 | |
52.139.250.128/28 | |
52.139.250.144/28 | |
West US | |
40.91.82.48/28 | |
40.91.82.64/28 | |
40.91.82.80/28 | |
40.91.82.96/28 | |
40.91.82.112/28 | |
40.91.82.128/28 | |
Central US | |
13.86.97.224/28 | |
13.86.97.240/28 | |
13.86.98.48/28 | |
13.86.98.0/28 | |
13.86.98.16/28 | |
13.86.98.64/28 | |
North Central US | |
23.100.224.16/28 | |
23.100.224.32/28 | |
23.100.224.48/28 | |
23.100.224.64/28 | |
23.100.224.80/28 | |
23.100.224.96/28 | |
23.100.224.112/28 | |
23.100.225.0/28 | |
South Central US | |
20.45.5.160/28 | |
20.45.5.176/28 | |
20.45.5.192/28 | |
20.45.5.208/28 | |
20.45.5.224/28 | |
20.45.5.240/28 | |
East US | |
20.42.35.32/28 | |
20.42.35.64/28 | |
20.42.35.80/28 | |
20.42.35.96/28 | |
20.42.35.112/28 | |
20.42.35.128/28 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@Swimburger yes, strange. I tried with 7.2.5 in a Debian 10 shell on the same machine and it works. I guess then just my PowerShell installation is b0rked. Sorry to waste your time.