Menu
I'm using ARM templates to deploy to Azure Web Apps, the site is deployed to a number of environments, with the ARM Template accepting different parameters for each.
One of the requirements is to enable an IP block on the site in some environments but not others. This can be done through web.config but this isn't ideal as I manager all app settings through ARM and do a webdeploy of zipped site. Adding transforms for each environment would be a pain and require significant rework.
I'd like to specify something like this in my our template file:
{
"type": "config",
"apiVersion": "2015-08-01",
"name": "web",
"properties": {
"ipSecurityRestrictions": {
"allowUnlisted": false,
"ipAddresses": [ "127.0.0.1", "127.0.0.2" ]
}
},
"dependsOn": [
"[concat('Microsoft.Web/sites/', parameters('nameofwebapp'))]"
]
}
Browsing the resource provider for "Microsoft/Web" with resources.azure.com it appears that this might be possible as there is a "ipSecurityRestrictions" property on "config/web".
ARMView
The ARM Explorer code shows it here and hints as it's usage. I can also find a past usage of it in the .netSDK here (Run out of allowed links).
When I attempt to set this using resources.azure.com I get no feedback and it returns to be null.
Can anyone help with details on how I can use this property?
457
That setting is for allowed IP address rather than exclusions - you can set via https://resources.azure.com/
Usage example is:
"ipSecurityRestrictions": [
{
"ipAddress": "12.23.254.3",
"subnetMask": "255.255.0.0"
}
]
I've had to add siteConfig and place the ipSecurityRestrictions there to make it work:
{
"apiVersion": "2015-06-01",
"name": "[parameters('siteName')]",
"type": "Microsoft.Web/Sites",
...
"properties":{
"siteConfig":{
"ipSecurityRestrictions" : {
"ipAddress": "123.123.123.123"
}
}
},
"resources" : {
...
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
