Add-AzWebAppAccessRestrictionRule

Module:

Az.Websites

Adds an Access Restiction rule to an Azure Web App.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

Add-AzWebAppAccessRestrictionRule
   [-ResourceGroupName] <String>
   [-WebAppName] <String>
   [-Name <String>]
   [-Description <String>]
   -Priority <UInt32>
   [-Action <String>]
   [-SlotName <String>]
   [-TargetScmSite]
   -IpAddress <String>
   [-PassThru]
   [-HttpHeader <Hashtable>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-AzWebAppAccessRestrictionRule
   [-ResourceGroupName] <String>
   [-WebAppName] <String>
   [-Name <String>]
   [-Description <String>]
   -Priority <UInt32>
   [-Action <String>]
   [-SlotName <String>]
   [-TargetScmSite]
   [-PassThru]
   -ServiceTag <String>
   [-HttpHeader <Hashtable>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-AzWebAppAccessRestrictionRule
   [-ResourceGroupName] <String>
   [-WebAppName] <String>
   [-Name <String>]
   [-Description <String>]
   -Priority <UInt32>
   [-Action <String>]
   [-SlotName <String>]
   [-TargetScmSite]
   -SubnetName <String>
   -VirtualNetworkName <String>
   [-IgnoreMissingServiceEndpoint]
   [-PassThru]
   [-HttpHeader <Hashtable>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-AzWebAppAccessRestrictionRule
   [-ResourceGroupName] <String>
   [-WebAppName] <String>
   [-Name <String>]
   [-Description <String>]
   -Priority <UInt32>
   [-Action <String>]
   [-SlotName <String>]
   [-TargetScmSite]
   -SubnetId <String>
   [-IgnoreMissingServiceEndpoint]
   [-PassThru]
   [-HttpHeader <Hashtable>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Add-AzWebAppAccessRestrictionRule cmdlet adds an Access Restriction rule to an Azure Web App.

Examples

Example 1: Add IpAddress Access Restriction rule to a Web App

Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" 
-Name IpRule -Priority 200 -Action Allow -IpAddress 10.10.0.0/8

This command adds an access restriction rule with priority 200 and ip range to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.

Example 2: Add Subnet Service Endpoint Access Restriction rule to a Web App

Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" 
-Name SubnetRule -Priority 300 -Action Allow -SubnetName appgw-subnet -VirtualNetworkName corp-vnet

This command adds an access restriction rule with priority 300 and with subnet appgw-subnet in corp-vnet to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.

Example 3: Add ServiceTag Access Restriction rule to a Web App

Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" 
-Name ServiceTagRule -Priority 200 -Action Allow -ServiceTag AzureFrontDoor.Backend

This command adds an access restriction rule with priority 200 and a Service Tag representing the ip scope of Azure Front Door to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.

Example 4: Add multi-address Access Restriction rule to a Web App

Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" 
-Name MultipleIpRule -Priority 200 -Action Allow -IpAddress "10.10.0.0/8,192.168.0.0/16"

This command adds an access restriction rule with priority 200 and two ip ranges to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.

Example 5: Add Access Restriction rule with http header to a Web App

Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" 
-Name MultipleIpRule -Priority 400 -Action Allow -ServiceTag AzureFrontDoor.Backend
-HttpHeader @{'x-forwarded-host' = 'www.contoso.com', 'app.contoso.com'; 'x-azure-fdid' = '355deb06-47c4-4ba4-9641-c7d7a98b913e'}

This command adds an access restriction rule with priority 400 for Service Tag AzureFrontDoor.Backend and further restricts access only to http headers of certain values to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.

Parameters

-Action

Allow or Deny rule.

Type:	String
Accepted values:	Allow, Deny
Position:	Named
Default value:	Allow
Accept pipeline input:	False
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Description

Access Restriction description.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-HttpHeader

Http header restrictions. Example: -HttpHeader @{'x-azure-fdid' = '7acacb02-47ea-4cd4-b568-5e880e72582e'; 'x-forwarded-host' = 'www.contoso.com', 'app.contoso.com'}

Type:	Hashtable
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-IgnoreMissingServiceEndpoint

Specify if Service Endpoint registration at Subnet should be validated.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-IpAddress

Ip Address v4 or v6 CIDR range. E.g.: 192.168.0.0/24

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Name

Rule Name

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-PassThru

Return the access restriction config object.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Priority

Access Restriction priority. E.g.: 500.

Type:	UInt32
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-ResourceGroupName

Resource Group Name

Type:	String
Position:	0
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-ServiceTag

Name of Service Tag

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SlotName

Deployment Slot name.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SubnetId

ResourceId of Subnet.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SubnetName

Name of Subnet.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-TargetScmSite

Rule is aimed for Main site or Scm site.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-VirtualNetworkName

Name of Virtual Network.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-WebAppName

The name of the web app.

Type:	String
Position:	1
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

String

Outputs

PSAccessRestrictionConfig

Related Links

• Update-AzWebAppAccessRestrictionConfig
• Get-AzWebAppAccessRestrictionConfig
• Remove-AzWebAppAccessRestrictionRule