Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Azure App Service - Restrict Access to Azure Front Door
# Fill in the name of the app service and the resource group containing the service
$appServiceName = ''
$resourceGroupName = ''
###################
# Current API version for calls.
$apiVersion = '2019-08-01'
# Starting priority number
$priority = 1000;
# Gather the addresses
$addresses = (Get-AzNetworkServiceTag -Location eastus2).
Values.
Where({$_.Name -eq 'AzureFrontDoor.Backend'}).
Properties.
AddressPrefixes
# Retrieve the current web site configuration
$config = Get-AzResource -ResourceName $appServiceName -ResourceType Microsoft.Web/sites/config -ResourceGroupName $resourceGroupName -ApiVersion $apiVersion
# Filter out the automatically added rules and leave any custom rules
$rules = $config.
Properties.
ipSecurityRestrictions.
Where({ -not ($_.priority -ge $priority -and $_.priority -le ($priority + 999))})
# Add the Azure Infrastructure services to the rules
$rules += New-Object PSObject -Property @{
ipAddress = '168.63.129.16/32'
action = "Allow"
priority = $priority
name = "Azure Infrastructure $priority"
description = "Automatically added address"
}
$priority++;
$rules += New-Object PSObject -Property @{
ipAddress = '169.254.169.254/32'
action = "Allow"
priority = $priority
name = "Azure Infrastructure $priority"
description = "Automatically added address"
}
$priority++;
# Add the FrontDoor.BackEnd IP addresses
foreach ($address in $addresses){
$rules += New-Object PSObject -Property @{
ipAddress = $address
action = "Allow"
priority = $priority
name = "FrontDoor.Backend $priority"
description = "Automatically added address"
}
$priority++;
}
# Update the configuration
$config.Properties.ipSecurityRestrictions= $rules
# Send the updated configuration to Azure
Set-AzResource -ResourceId $config.ResourceId -Properties $config.Properties -ApiVersion $apiVersion -Force
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.