在 ARM 模板 IPRestriction 中包含 Front Door ID
Include Front Door ID in ARM template IPRestriction
在 Azure 门户中,当在 Azure Web 应用程序上设置访问限制时,现在可以使用服务标签并包含某些必须存在的 headers 以允许访问。我们配置了以下设置,将对 Web 应用程序的访问限制为仅来自我们特定的前门实例:
但是,当我试图在 ARM 中反映相同的配置时,我无法正常工作。似乎明显缺少此示例或文档,并且 Azure 门户中的导出模板不包括前门 ID header 检查。以下是我想出来的,部署成功后有访问限制,但没有设置前门ID。
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2020-12-01",
"name": "[concat(variables('myApp'), '/web')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('myApp'))]"
],
"properties": {
"ipSecurityRestrictions": [
{
"ipAddress": "AzureFrontDoor.Backend",
"action": "Allow",
"tag": "ServiceTag",
"priority": 300,
"name": "Restrict-FrontDoor",
"headers": {"X-Azure-FDID": "[parameters('frontDoorID')]"}
}
]
}
}
每个 header 接受一个 object 的数组,类似的东西应该适合你:
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2020-12-01",
"name": "[concat(variables('myApp'), '/web')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('myApp'))]"
],
"properties": {
"ipSecurityRestrictions": [
{
"ipAddress": "AzureFrontDoor.Backend",
"action": "Allow",
"tag": "ServiceTag",
"priority": 300,
"name": "Restrict-FrontDoor",
"headers": {
"x-azure-fdid": [
"[parameters('frontDoorID')]"
]
}
}
]
}
}
在 Azure 门户中,当在 Azure Web 应用程序上设置访问限制时,现在可以使用服务标签并包含某些必须存在的 headers 以允许访问。我们配置了以下设置,将对 Web 应用程序的访问限制为仅来自我们特定的前门实例:
但是,当我试图在 ARM 中反映相同的配置时,我无法正常工作。似乎明显缺少此示例或文档,并且 Azure 门户中的导出模板不包括前门 ID header 检查。以下是我想出来的,部署成功后有访问限制,但没有设置前门ID。
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2020-12-01",
"name": "[concat(variables('myApp'), '/web')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('myApp'))]"
],
"properties": {
"ipSecurityRestrictions": [
{
"ipAddress": "AzureFrontDoor.Backend",
"action": "Allow",
"tag": "ServiceTag",
"priority": 300,
"name": "Restrict-FrontDoor",
"headers": {"X-Azure-FDID": "[parameters('frontDoorID')]"}
}
]
}
}
每个 header 接受一个 object 的数组,类似的东西应该适合你:
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2020-12-01",
"name": "[concat(variables('myApp'), '/web')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('myApp'))]"
],
"properties": {
"ipSecurityRestrictions": [
{
"ipAddress": "AzureFrontDoor.Backend",
"action": "Allow",
"tag": "ServiceTag",
"priority": 300,
"name": "Restrict-FrontDoor",
"headers": {
"x-azure-fdid": [
"[parameters('frontDoorID')]"
]
}
}
]
}
}