Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IP Restriction on Azure WebApp from ARM (Azure Resource Manager)

I'm using ARM templates to deploy to Azure Web Apps, the site is deployed to a number of environments, with the ARM Template accepting different parameters for each.

One of the requirements is to enable an IP block on the site in some environments but not others. This can be done through web.config but this isn't ideal as I manager all app settings through ARM and do a webdeploy of zipped site. Adding transforms for each environment would be a pain and require significant rework.

I'd like to specify something like this in my our template file:

   {
      "type": "config",
      "apiVersion": "2015-08-01",
      "name": "web",
      "properties": {
        "ipSecurityRestrictions": {
          "allowUnlisted": false,
          "ipAddresses": [ "127.0.0.1", "127.0.0.2" ]
        }
      },
      "dependsOn": [
        "[concat('Microsoft.Web/sites/', parameters('nameofwebapp'))]"
      ]
    }

Browsing the resource provider for "Microsoft/Web" with resources.azure.com it appears that this might be possible as there is a "ipSecurityRestrictions" property on "config/web".

ARMView

The ARM Explorer code shows it here and hints as it's usage. I can also find a past usage of it in the .netSDK here (Run out of allowed links).

When I attempt to set this using resources.azure.com I get no feedback and it returns to be null.

Can anyone help with details on how I can use this property?

like image 457
lawrencegripper Avatar asked May 11 '16 17:05

lawrencegripper


2 Answers

That setting is for allowed IP address rather than exclusions - you can set via https://resources.azure.com/

Usage example is:

"ipSecurityRestrictions": [
  {
    "ipAddress": "12.23.254.3",
    "subnetMask": "255.255.0.0"
  }
]
like image 163
Jamie D Avatar answered Oct 21 '22 16:10

Jamie D


I've had to add siteConfig and place the ipSecurityRestrictions there to make it work:

{
    "apiVersion": "2015-06-01",
    "name": "[parameters('siteName')]",
    "type": "Microsoft.Web/Sites",
    ...
    "properties":{
        "siteConfig":{
            "ipSecurityRestrictions" : {
                 "ipAddress": "123.123.123.123"
            }
        }
    },
    "resources" : {
        ...
    }
}
like image 7
Lars Celie Avatar answered Oct 21 '22 18:10

Lars Celie