Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Add-AzWebAppAccessRestrictionRule
- Module:
- Az.Websites Module
Adds an Access Restriction rule to an Azure Web App.
Syntax
IpAddressParameterSet (Default)
Add-AzWebAppAccessRestrictionRule
[-ResourceGroupName] <String>
[-WebAppName] <String>
-Priority <UInt32>
-IpAddress <String>
[-Name <String>]
[-Description <String>]
[-Action <String>]
[-SlotName <String>]
[-TargetScmSite]
[-PassThru]
[-HttpHeader <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-AcquirePolicyToken]
[-ChangeReference <String>]
[<CommonParameters>]
ServiceTagParameterSet
Add-AzWebAppAccessRestrictionRule
[-ResourceGroupName] <String>
[-WebAppName] <String>
-Priority <UInt32>
-ServiceTag <String>
[-Name <String>]
[-Description <String>]
[-Action <String>]
[-SlotName <String>]
[-TargetScmSite]
[-PassThru]
[-HttpHeader <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-AcquirePolicyToken]
[-ChangeReference <String>]
[<CommonParameters>]
SubnetNameParameterSet
Add-AzWebAppAccessRestrictionRule
[-ResourceGroupName] <String>
[-WebAppName] <String>
-Priority <UInt32>
-SubnetName <String>
-VirtualNetworkName <String>
[-Name <String>]
[-Description <String>]
[-Action <String>]
[-SlotName <String>]
[-TargetScmSite]
[-IgnoreMissingServiceEndpoint]
[-PassThru]
[-HttpHeader <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-AcquirePolicyToken]
[-ChangeReference <String>]
[<CommonParameters>]
SubnetIdParameterSet
Add-AzWebAppAccessRestrictionRule
[-ResourceGroupName] <String>
[-WebAppName] <String>
-Priority <UInt32>
-SubnetId <String>
[-Name <String>]
[-Description <String>]
[-Action <String>]
[-SlotName <String>]
[-TargetScmSite]
[-IgnoreMissingServiceEndpoint]
[-PassThru]
[-HttpHeader <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-AcquirePolicyToken]
[-ChangeReference <String>]
[<CommonParameters>]
Description
The Add-AzWebAppAccessRestrictionRule cmdlet adds an Access Restriction rule to an Azure Web App.
Examples
Example 1: Add IpAddress Access Restriction rule to a Web App
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" `
-Name IpRule -Priority 200 -Action Allow -IpAddress 10.10.0.0/8
This command adds an access restriction rule with priority 200 and ip range to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.
Example 2: Add Subnet Service Endpoint Access Restriction rule to a Web App
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" `
-Name SubnetRule -Priority 300 -Action Allow -SubnetName appgw-subnet -VirtualNetworkName corp-vnet
This command adds an access restriction rule with priority 300 and with subnet appgw-subnet in corp-vnet to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.
Example 3: Add ServiceTag Access Restriction rule to a Web App
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" `
-Name ServiceTagRule -Priority 200 -Action Allow -ServiceTag AzureFrontDoor.Backend
This command adds an access restriction rule with priority 200 and a Service Tag representing the ip scope of Azure Front Door to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.
Example 4: Add multi-address Access Restriction rule to a Web App
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" `
-Name MultipleIpRule -Priority 200 -Action Allow -IpAddress "10.10.0.0/8,192.168.0.0/16"
This command adds an access restriction rule with priority 200 and two ip ranges to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.
Example 5: Add Access Restriction rule with http header to a Web App
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "Default-Web-WestUS" -WebAppName "ContosoSite" `
-Name MultipleIpRule -Priority 400 -Action Allow -ServiceTag AzureFrontDoor.Backend `
-HttpHeader @{'x-forwarded-host' = 'www.contoso.com', 'app.contoso.com'; 'x-azure-fdid' = '355deb06-47c4-4ba4-9641-c7d7a98b913e'}
This command adds an access restriction rule with priority 400 for Service Tag AzureFrontDoor.Backend and further restricts access only to http headers of certain values to a Web App named ContosoSite that belongs to the resource group Default-Web-WestUS.
Parameters
-AcquirePolicyToken
Acquire an Azure Policy token automatically for this resource operation.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Action
Allow or Deny rule.
Parameter properties
| Type: | String |
| Default value: | Allow |
| Accepted values: | Allow, Deny |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ChangeReference
The change reference resource ID for this resource operation.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
Parameter sets
-Description
Access Restriction description.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-HttpHeader
Http header restrictions. Example: -HttpHeader @{'x-azure-fdid' = '7acacb02-47ea-4cd4-b568-5e880e72582e'; 'x-forwarded-host' = 'www.contoso.com', 'app.contoso.com'}
Parameter properties
| Type: | Hashtable |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-IgnoreMissingServiceEndpoint
Specify if Service Endpoint registration at Subnet should be validated.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-IpAddress
Ip Address v4 or v6 CIDR range. E.g.: 192.168.0.0/24
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Name
Rule Name
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PassThru
Return the access restriction config object.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Priority
Access Restriction priority. E.g.: 500.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ResourceGroupName
Resource Group Name
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ServiceTag
Name of Service Tag
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-SlotName
Deployment Slot name.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-SubnetId
ResourceId of Subnet.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-SubnetName
Name of Subnet.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-TargetScmSite
Rule is aimed for Main site or Scm site.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-VirtualNetworkName
Name of Virtual Network.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-WebAppName
The name of the web app.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
String
Outputs
PSAccessRestrictionConfig
Related Links
Azure PowerShell
Feedback
Was this page helpful?