Skip to content

Instantly share code, notes, and snippets.

@pregress

pregress/Azure-WebApp-IpRestrictions.ps1

Created August 24, 2018 06:36
Show Gist options
  • Save pregress/dab3193dc3f7d9806eb0433ccc1145b0 to your computer and use it in GitHub Desktop.
Save pregress/dab3193dc3f7d9806eb0433ccc1145b0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Azure-WebApp-IpRestrictions.ps1
function Add-WebAppIPRestrictions {
Param(
[Parameter(Position = 0, Mandatory = $true, HelpMessage = "WebApp name", ValueFromPipeline = $false)]
$WebApp,
[Parameter(Position = 1, Mandatory = $true, HelpMessage = "Resource group name", ValueFromPipeline = $false)]
$ResourceGroupName,
[Parameter(Position = 2, Mandatory = $true, HelpMessage = "Restricted IP address: 1.1.1.1/1 (including mask)", ValueFromPipeline = $false)]
$IPAddress,
[Parameter(Position = 4, Mandatory = $true, HelpMessage = "Restricted IP Priority", ValueFromPipeline = $false)]
$Priority,
[Parameter(Position = 5, Mandatory = $true, HelpMessage = "Restricted IP address mask", ValueFromPipeline = $false)]
$Name,
[Parameter(Position = 6, Mandatory = $true, HelpMessage = "Allow or Deny", ValueFromPipeline = $false)]
[ValidateSet('Allow','Deny')]
$Action
)
$resourceName = "$($WebApp)/web"
$r = Get-AzureRmResource -ResourceGroupName $ResourceGroupName -ResourceType Microsoft.Web/sites/config -ResourceName $resourceName -ApiVersion 2018-02-01
$p = $r.Properties
if($p.ipSecurityRestrictions -eq $null)
{
#Create the collection if there are no restrictions
$p.ipSecurityRestrictions = @()
}
if ($ipAddress -in $p.ipSecurityRestrictions.ipAddress)
{
"IP address $IPAddress is already added as restricted to $WebApp."
return
}
elseif ($Name -in $p.ipSecurityRestrictions.name)
{
"IP restriction with name: $Name is already added as restricted to $WebApp."
return
}
"Adding restriction $IPAddress to $WebApp"
$restriction = @{}
$restriction.Add("ipAddress",$IPAddress)
$restriction.Add("action",$Action)
$restriction.Add("priority",$Priority)
$restriction.Add("name", $Name)
$p.ipSecurityRestrictions += $restriction
Set-AzureRmResource -ResourceGroupName $ResourceGroupName -ResourceType Microsoft.Web/sites/config -ResourceName $resourceName -ApiVersion 2018-02-01 -PropertyObject $p -force
}
function Remove-WebAppIPRestrictions {
Param(
[Parameter(Position = 0, Mandatory = $true, HelpMessage = "WebApp name", ValueFromPipeline = $false)]
$WebApp,
[Parameter(Position = 1, Mandatory = $true, HelpMessage = "Resource group name", ValueFromPipeline = $false)]
$ResourceGroupName,
[Parameter(Position = 2, Mandatory = $true, HelpMessage = "Restricted IP address: 1.1.1.1/1 (including mask)", ValueFromPipeline = $false)]
$IPAddress
)
$resourceName = "$($WebApp)/web"
$r = Get-AzureRmResource -ResourceGroupName $ResourceGroupName -ResourceType Microsoft.Web/sites/config -ResourceName $resourceName -ApiVersion 2018-02-01
$p = $r.Properties
if($p.ipSecurityRestrictions -eq $null)
{
#Create the collection if there are no restrictions
$p.ipSecurityRestrictions = @()
}
if (!($ipAddress -in $p.ipSecurityRestrictions.ipAddress))
{
"IP address $IPAddress is not in ip restrictions of $WebApp."
return
}
"Removing restriction $IPAddress to $WebApp"
$p.ipSecurityRestrictions = $p.ipSecurityRestrictions | where ipAddress -ne $IPAddress
Set-AzureRmResource -ResourceGroupName $ResourceGroupName -ResourceType Microsoft.Web/sites/config -ResourceName $resourceName -ApiVersion 2018-02-01 -PropertyObject $p -force
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment