Add-AzWebAppAccessRestrictionRule

Adds an Access Restiction rule to an Azure Web App.

Syntax

Add-AzWebAppAccessRestrictionRule
   [-ResourceGroupName] <String>
   [-WebAppName] <String>
   [-Name <String>]
   [-Description <String>]
   -Priority <UInt32>
   [-Action <String>]
   [-SlotName <String>]
   [-TargetScmSite]
   -IpAddress <String>
   [-PassThru]
   [-HttpHeader <Hashtable>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-AzWebAppAccessRestrictionRule
   [-ResourceGroupName] <String>
   [-WebAppName] <String>
   [-Name <String>]
   [-Description <String>]
   -Priority <UInt32>
   [-Action <String>]
   [-SlotName <String>]
   [-TargetScmSite]
   [-PassThru]
   -ServiceTag <String>
   [-HttpHeader <Hashtable>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-AzWebAppAccessRestrictionRule
   [-ResourceGroupName] <String>
   [-WebAppName] <String>
   [-Name <String>]
   [-Description <String>]
   -Priority <UInt32>
   [-Action <String>]
   [-SlotName <String>]
   [-TargetScmSite]
   -SubnetName <String>
   -VirtualNetworkName <String>
   [-IgnoreMissingServiceEndpoint]
   [-PassThru]
   [-HttpHeader <Hashtable>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-AzWebAppAccessRestrictionRule
   [-ResourceGroupName] <String>
   [-WebAppName] <String>
   [-Name <String>]
   [-Description <String>]
   -Priority <UInt32>
   [-Action <String>]
   [-SlotName <String>]
   [-TargetScmSite]
   -SubnetId <String>
   [-IgnoreMissingServiceEndpoint]
   [-PassThru]
   [-HttpHeader <Hashtable>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Add-AzWebAppAccessRestrictionRule cmdlet adds an Access Restriction rule to an Azure Web App.

Examples

Example 1: Add IpAddress Access Restriction rule to a Web App

Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" 
-Name IpRule -Priority 200 -Action Allow -IpAddress 10.10.0.0/8

This command adds an access restriction rule with priority 200 and ip range to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.

Example 2: Add Subnet Service Endpoint Access Restriction rule to a Web App

Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" 
-Name SubnetRule -Priority 300 -Action Allow -SubnetName appgw-subnet -VirtualNetworkName corp-vnet

This command adds an access restriction rule with priority 300 and with subnet appgw-subnet in corp-vnet to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.

Example 3: Add ServiceTag Access Restriction rule to a Web App

Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" 
-Name ServiceTagRule -Priority 200 -Action Allow -ServiceTag AzureFrontDoor.Backend

This command adds an access restriction rule with priority 200 and a Service Tag representing the ip scope of Azure Front Door to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.

Example 4: Add multi-address Access Restriction rule to a Web App

Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" 
-Name MultipleIpRule -Priority 200 -Action Allow -IpAddress "10.10.0.0/8,192.168.0.0/16"

This command adds an access restriction rule with priority 200 and two ip ranges to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.

Example 5: Add Access Restriction rule with http header to a Web App

Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" 
-Name MultipleIpRule -Priority 400 -Action Allow -ServiceTag AzureFrontDoor.Backend
-HttpHeader @{'x-forwarded-host' = 'www.contoso.com', 'app.contoso.com'; 'x-azure-fdid' = '355deb06-47c4-4ba4-9641-c7d7a98b913e'}

This command adds an access restriction rule with priority 400 for Service Tag AzureFrontDoor.Backend and further restricts access only to http headers of certain values to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.

Parameters

-Action

Allow or Deny rule.

Type:String
Accepted values:Allow, Deny
Position:Named
Default value:Allow
Accept pipeline input:False
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Description

Access Restriction description.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-HttpHeader

Http header restrictions. Example: -HttpHeader @{'x-azure-fdid' = '7acacb02-47ea-4cd4-b568-5e880e72582e'; 'x-forwarded-host' = 'www.contoso.com', 'app.contoso.com'}

Type:Hashtable
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IgnoreMissingServiceEndpoint

Specify if Service Endpoint registration at Subnet should be validated.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IpAddress

Ip Address v4 or v6 CIDR range. E.g.: 192.168.0.0/24

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Name

Rule Name

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PassThru

Return the access restriction config object.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Priority

Access Restriction priority. E.g.: 500.

Type:UInt32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ResourceGroupName

Resource Group Name

Type:String
Position:0
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-ServiceTag

Name of Service Tag

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SlotName

Deployment Slot name.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SubnetId

ResourceId of Subnet.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SubnetName

Name of Subnet.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-TargetScmSite

Rule is aimed for Main site or Scm site.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-VirtualNetworkName

Name of Virtual Network.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WebAppName

The name of the web app.

Type:String
Position:1
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Outputs

PSAccessRestrictionConfig