在 ARM 模板 IPRestriction 中包含 Front Door ID

Include Front Door ID in ARM template IPRestriction

在 Azure 门户中,当在 Azure Web 应用程序上设置访问限制时,现在可以使用服务标签并包含某些必须存在的 headers 以允许访问。我们配置了以下设置,将对 Web 应用程序的访问限制为仅来自我们特定的前门实例:

但是,当我试图在 ARM 中反映相同的配置时,我无法正常工作。似乎明显缺少此​​示例或文档,并且 Azure 门户中的导出模板不包括前门 ID header 检查。以下是我想出来的,部署成功后有访问限制,但没有设置前门ID。

{
            "type": "Microsoft.Web/sites/config",
            "apiVersion": "2020-12-01",
            "name": "[concat(variables('myApp'), '/web')]",
            "location": "[parameters('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.Web/sites', variables('myApp'))]"
            ],
            "properties": {
                "ipSecurityRestrictions": [
                    {
                        "ipAddress": "AzureFrontDoor.Backend",
                        "action": "Allow",
                        "tag": "ServiceTag",
                        "priority": 300,
                        "name": "Restrict-FrontDoor",
                        "headers": {"X-Azure-FDID": "[parameters('frontDoorID')]"}
                    }
                ]
            }
        }

每个 header 接受一个 object 的数组,类似的东西应该适合你:

{
  "type": "Microsoft.Web/sites/config",
  "apiVersion": "2020-12-01",
  "name": "[concat(variables('myApp'), '/web')]",
  "location": "[parameters('location')]",
  "dependsOn": [
    "[resourceId('Microsoft.Web/sites', variables('myApp'))]"
  ],
  "properties": {
    "ipSecurityRestrictions": [
      {
        "ipAddress": "AzureFrontDoor.Backend",
        "action": "Allow",
        "tag": "ServiceTag",
        "priority": 300,
        "name": "Restrict-FrontDoor",
        "headers": {
          "x-azure-fdid": [
            "[parameters('frontDoorID')]"
          ]
        }
      }
    ]
  }
}