rcabr/WebApp-default-IP-restrictions-deploy.json

## WebApp-default-IP-restrictions-deploy.json
{
  "properties": {
    "displayName": "Web App default IP restrictions",
    "mode": "indexed",
    "description": "Configures Web App IP restriction to allow access from specified public IP addresses",
    "metadata": {
      "category": "Security v5"
    },
    "parameters": {},
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Web/sites"
      },
      "then": {
        "effect": "DeployIfNotExists",
        "details": {
          "type": "Microsoft.Web/sites/config",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772"
          ],
          "existenceCondition": {
            "not": {
              "field": "Microsoft.Web/sites/config/web.ipSecurityRestrictions[*].action",
              "Equals": "Allow"
            }
          },
          "deployment": {
            "properties": {
              "mode": "incremental",
              "parameters": {
                "name": {
                  "value": "[field('name')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "name": {
                    "type": "string"
                  }
                },
                "resources": [
                  {
                    "name": "[concat(parameters('name'), '/web')]",
                    "type": "Microsoft.Web/sites/config",
                    "apiVersion": "2018-11-01",
                    "properties": {
                      "scmIpSecurityRestrictionsUseMain": true,
                      "ipSecurityRestrictions": [
                        {
                          "ipAddress": "[IP Address CIDR format]",
                          "action": "Allow",
                          "priority": 3000,
                          "name": "[Your name]"
                        },
                        {
                          "ipAddress": "[IP Address CIDR format]",
                          "action": "Allow",
                          "priority": 3001,
                          "name": "[Your name]"
                        }
                      ]
                    }
                  }
                ]
              }
            }
          }
        }
      }
    }
  }
}
	{
	"properties": {
	"displayName": "Web App default IP restrictions",
	"mode": "indexed",
	"description": "Configures Web App IP restriction to allow access from specified public IP addresses",
	"metadata": {
	"category": "Security v5"
	},
	"parameters": {},
	"policyRule": {
	"if": {
	"field": "type",
	"equals": "Microsoft.Web/sites"
	},
	"then": {
	"effect": "DeployIfNotExists",
	"details": {
	"type": "Microsoft.Web/sites/config",
	"roleDefinitionIds": [
	"/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772"
	],
	"existenceCondition": {
	"not": {
	"field": "Microsoft.Web/sites/config/web.ipSecurityRestrictions[*].action",
	"Equals": "Allow"
	}
	},
	"deployment": {
	"properties": {
	"mode": "incremental",
	"parameters": {
	"name": {
	"value": "[field('name')]"
	}
	},
	"template": {
	"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
	"contentVersion": "1.0.0.0",
	"parameters": {
	"name": {
	"type": "string"
	}
	},
	"resources": [
	{
	"name": "[concat(parameters('name'), '/web')]",
	"type": "Microsoft.Web/sites/config",
	"apiVersion": "2018-11-01",
	"properties": {
	"scmIpSecurityRestrictionsUseMain": true,
	"ipSecurityRestrictions": [
	{
	"ipAddress": "[IP Address CIDR format]",
	"action": "Allow",
	"priority": 3000,
	"name": "[Your name]"
	},
	{
	"ipAddress": "[IP Address CIDR format]",
	"action": "Allow",
	"priority": 3001,
	"name": "[Your name]"
	}
	]
	}
	}
	]
	}
	}
	}
	}
	}
	}
	}
	}