Add-AzWebAppAccessRestrictionRule
Adds an Access Restriction rule to an Azure Web App.
Syntax
IpAddressParameterSet (Default)
Add-AzWebAppAccessRestrictionRule
[-ResourceGroupName] <String>
[-WebAppName] <String>
-Priority <UInt32>
-IpAddress <String>
[-Name <String>]
[-Description <String>]
[-Action <String>]
[-SlotName <String>]
[-TargetScmSite]
[-PassThru]
[-HttpHeader <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
ServiceTagParameterSet
Add-AzWebAppAccessRestrictionRule
[-ResourceGroupName] <String>
[-WebAppName] <String>
-Priority <UInt32>
-ServiceTag <String>
[-Name <String>]
[-Description <String>]
[-Action <String>]
[-SlotName <String>]
[-TargetScmSite]
[-PassThru]
[-HttpHeader <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SubnetNameParameterSet
Add-AzWebAppAccessRestrictionRule
[-ResourceGroupName] <String>
[-WebAppName] <String>
-Priority <UInt32>
-SubnetName <String>
-VirtualNetworkName <String>
[-Name <String>]
[-Description <String>]
[-Action <String>]
[-SlotName <String>]
[-TargetScmSite]
[-IgnoreMissingServiceEndpoint]
[-PassThru]
[-HttpHeader <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SubnetIdParameterSet
Add-AzWebAppAccessRestrictionRule
[-ResourceGroupName] <String>
[-WebAppName] <String>
-Priority <UInt32>
-SubnetId <String>
[-Name <String>]
[-Description <String>]
[-Action <String>]
[-SlotName <String>]
[-TargetScmSite]
[-IgnoreMissingServiceEndpoint]
[-PassThru]
[-HttpHeader <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Add-AzWebAppAccessRestrictionRule cmdlet adds an Access Restriction rule to an Azure Web App.
Examples
Example 1: Add IpAddress Access Restriction rule to a Web App
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" `
-Name IpRule -Priority 200 -Action Allow -IpAddress 10.10.0.0/8
This command adds an access restriction rule with priority 200 and ip range to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.
Example 2: Add Subnet Service Endpoint Access Restriction rule to a Web App
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" `
-Name SubnetRule -Priority 300 -Action Allow -SubnetName appgw-subnet -VirtualNetworkName corp-vnet
This command adds an access restriction rule with priority 300 and with subnet appgw-subnet in corp-vnet to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.
Example 3: Add ServiceTag Access Restriction rule to a Web App
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" `
-Name ServiceTagRule -Priority 200 -Action Allow -ServiceTag AzureFrontDoor.Backend
This command adds an access restriction rule with priority 200 and a Service Tag representing the ip scope of Azure Front Door to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.
Example 4: Add multi-address Access Restriction rule to a Web App
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" `
-Name MultipleIpRule -Priority 200 -Action Allow -IpAddress "10.10.0.0/8,192.168.0.0/16"
This command adds an access restriction rule with priority 200 and two ip ranges to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" `
-Name MultipleIpRule -Priority 400 -Action Allow -ServiceTag AzureFrontDoor.Backend `
-HttpHeader @{'x-forwarded-host' = 'www.contoso.com', 'app.contoso.com'; 'x-azure-fdid' = '355deb06-47c4-4ba4-9641-c7d7a98b913e'}
This command adds an access restriction rule with priority 400 for Service Tag AzureFrontDoor.Backend and further restricts access only to http headers of certain values
to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.
Parameters
-Action
Allow or Deny rule.
Parameter properties
Type: String
Default value: Allow Accepted values: Allow, Deny Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Description
Access Restriction description.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Http header restrictions. Example: -HttpHeader @{'x-azure-fdid' = '7acacb02-47ea-4cd4-b568-5e880e72582e'; 'x-forwarded-host' = 'www.contoso.com', 'app.contoso.com'}
Type: Hashtable
Default value: None Supports wildcards: False DontShow: False
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-IgnoreMissingServiceEndpoint
Specify if Service Endpoint registration at Subnet should be validated.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SubnetNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
SubnetIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-IpAddress
Ip Address v4 or v6 CIDR range. E.g.: 192.168.0.0/24
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
IpAddressParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
Rule Name
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-PassThru
Return the access restriction config object.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Priority
Access Restriction priority. E.g.: 500.
Parameter properties
Type: UInt32
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
Resource Group Name
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ServiceTag
Name of Service Tag
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ServiceTagParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SlotName
Deployment Slot name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SubnetId
ResourceId of Subnet.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SubnetIdParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SubnetName
Name of Subnet.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SubnetNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-TargetScmSite
Rule is aimed for Main site or Scm site.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-VirtualNetworkName
Name of Virtual Network.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SubnetNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WebAppName
The name of the web app.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: 1 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
