IpSecurityRestriction Class

IP security restriction on an app.

Inheritance

azure.mgmt.web._serialization.Model

IpSecurityRestriction

Constructor

IpSecurityRestriction(*, ip_address: str | None = None, subnet_mask: str | None = None, vnet_subnet_resource_id: str | None = None, vnet_traffic_tag: int | None = None, subnet_traffic_tag: int | None = None, action: str | None = None, tag: str | _models.IpFilterTag | None = None, priority: int | None = None, name: str | None = None, description: str | None = None, headers: Dict[str, List[str]] | None = None, **kwargs: Any)

Keyword-Only Parameters

Name	Description
ip_address	str IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified.
subnet_mask	str Subnet mask for the range of IP addresses the restriction is valid for.
vnet_subnet_resource_id	str Virtual network resource id.
vnet_traffic_tag	int (internal) Vnet traffic tag.
subnet_traffic_tag	int (internal) Subnet traffic tag.
action	str Allow or Deny access for this IP range.
tag	str or IpFilterTag Defines what this IP filter will be used for. This is to support IP filtering on proxies. Known values are: "Default", "XffProxy", and "ServiceTag".
priority	int Priority of IP restriction rule.
name	str IP restriction rule name.
description	str IP restriction rule description.
headers	dict[str, list[str]] IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is .. If the property is null or empty (default), all hosts(or lack of) are allowed. A value is compared using ordinal-ignore-case (excluding port number). Subdomain wildcards are permitted but don't match the root domain. For example, *<<.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com Unicode host names are allowed but are converted to Punycode for matching. X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is .. If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed. If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property. X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match.

Variables

Name	Description
ip_address	str IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified.
subnet_mask	str Subnet mask for the range of IP addresses the restriction is valid for.
vnet_subnet_resource_id	str Virtual network resource id.
vnet_traffic_tag	int (internal) Vnet traffic tag.
subnet_traffic_tag	int (internal) Subnet traffic tag.
action	str Allow or Deny access for this IP range.
tag	str or IpFilterTag Defines what this IP filter will be used for. This is to support IP filtering on proxies. Known values are: "Default", "XffProxy", and "ServiceTag".
priority	int Priority of IP restriction rule.
name	str IP restriction rule name.
description	str IP restriction rule description.
headers	dict[str, list[str]] IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is .. If the property is null or empty (default), all hosts(or lack of) are allowed. A value is compared using ordinal-ignore-case (excluding port number). Subdomain wildcards are permitted but don't match the root domain. For example, *<<.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com Unicode host names are allowed but are converted to Punycode for matching. X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is .. If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed. If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property. X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match.