Share via


IpSecurityRestriction Class

Definition

IP security restriction on an app.

public class IpSecurityRestriction
type IpSecurityRestriction = class
Public Class IpSecurityRestriction
Inheritance
IpSecurityRestriction

Constructors

IpSecurityRestriction()

Initializes a new instance of the IpSecurityRestriction class.

IpSecurityRestriction(String, String, String, Nullable<Int32>, Nullable<Int32>, String, String, Nullable<Int32>, String, String, IDictionary<String,IList<String>>)

Initializes a new instance of the IpSecurityRestriction class.

Properties

Action

Gets or sets allow or Deny access for this IP range.

Description

Gets or sets IP restriction rule description.

Headers

Gets or sets IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is ..

  • If the property is null or empty (default), all hosts(or lack of) are allowed.
  • A value is compared using ordinal-ignore-case (excluding port number).
  • Subdomain wildcards are permitted but don't match the root domain. For example, *.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com
  • Unicode host names are allowed but are converted to Punycode for matching.

X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is ..

  • If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed.
  • If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property.

X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match.

IpAddress

Gets or sets IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified.

Name

Gets or sets IP restriction rule name.

Priority

Gets or sets priority of IP restriction rule.

SubnetMask

Gets or sets subnet mask for the range of IP addresses the restriction is valid for.

SubnetTrafficTag

Gets or sets (internal) Subnet traffic tag

Tag

Gets or sets defines what this IP filter will be used for. This is to support IP filtering on proxies. Possible values include: 'Default', 'XffProxy', 'ServiceTag'

VnetSubnetResourceId

Gets or sets virtual network resource id

VnetTrafficTag

Gets or sets (internal) Vnet traffic tag

Applies to