Forked from Swimburger/AddAvailabilityRestrictedIPApp.ps1
Created
January 13, 2021 16:48
-
-
Save kodekracker/e6648a76539344bc5652fc51d3ac9f5b to your computer and use it in GitHub Desktop.
PowerShell scripts to bulk add IP ranges to Restricted Access feature of Azure App Service, learn more at https://swimburger.net/blog/azure/bulk-add-application-insights-availability-test-ips-to-azure-app-service-access-restrictions-using-az-powershell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param( | |
| [Parameter(Mandatory = $true)] | |
| [string] $ResourceGroupName, | |
| [Parameter(Mandatory = $true)] | |
| [string] $AppServiceName, | |
| [Parameter(Mandatory = $true)] | |
| [string] $SubscriptionId, | |
| [Parameter(Mandatory = $true)] | |
| [string] $RulePriority | |
| ) | |
| $ErrorActionPreference = "Stop" | |
| $AvailabilityTestIpsFile = Get-Content "$PSScriptRoot/AvailabilityTestIps.txt" | |
| $AvailabilityTestIpsLines = $AvailabilityTestIpsFile.Split([Environment]::NewLine) | |
| $IsHeader = $True | |
| $CurrentGroup = $Null; | |
| $NewIpRestrictions = @(); | |
| ForEach($Line in $AvailabilityTestIpsLines){ | |
| if($IsHeader){ | |
| $CurrentGroup = $Line; | |
| $IsHeader = $False | |
| continue | |
| } | |
| if([System.String]::IsNullOrEmpty($Line)){ | |
| $IsHeader = $True #next line will be header | |
| continue | |
| } | |
| $Ip = $Null | |
| if($Line.Contains("/")){ | |
| $Ip = $Line; | |
| }else{ | |
| $Ip = "$Line/32"; | |
| } | |
| $NewIpRestrictions += @{ | |
| ipAddress = $Ip; | |
| action = "Allow"; | |
| priority = $RulePriority; | |
| name = "Av IP $CurrentGroup"; | |
| description = "Availability Test IP $CurrentGroup"; | |
| tag = "Default"; | |
| } | |
| } | |
| & "$PSScriptRoot\AddRestrictedIPAzureAppService.ps1" -ResourceGroupName $ResourceGroupName -AppServiceName $AppServiceName -SubscriptionId $SubscriptionId -NewIpRules $NewIpRestrictions |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param( | |
| [Parameter(Mandatory = $true)] | |
| [string] $ResourceGroupName, | |
| [Parameter(Mandatory = $true)] | |
| [string] $AppServiceName, | |
| [Parameter(Mandatory = $true)] | |
| [string] $SubscriptionId, | |
| [Parameter(Mandatory = $true)] | |
| [string] $RulePriority | |
| ) | |
| $ErrorActionPreference = "Stop" | |
| $IPv4s = (Invoke-WebRequest -Uri "https://www.cloudflare.com/ips-v4").Content.TrimEnd([Environment]::NewLine).Split([Environment]::NewLine); | |
| $IPv6s = (Invoke-WebRequest -Uri "https://www.cloudflare.com/ips-v6").Content.TrimEnd([Environment]::NewLine).Split([Environment]::NewLine); | |
| $NewIpRestrictions = @(); | |
| foreach($IPv4 in $IPv4s){ | |
| $NewIpRestrictions += @{ | |
| ipAddress = $IPv4; | |
| action = "Allow"; | |
| priority = $RulePriority; | |
| name = "Cloudflare IPv4"; | |
| description = "Cloudflare IPv4"; | |
| tag = "Default"; | |
| } | |
| } | |
| foreach($IPv6 in $IPv6s){ | |
| $NewIpRestrictions += @{ | |
| ipAddress = $IPv6; | |
| action = "Allow"; | |
| priority = $RulePriority; | |
| name = "Cloudflare IPv6"; | |
| description = "Cloudflare IPv6"; | |
| tag = "Default"; | |
| } | |
| } | |
| & "$PSScriptRoot\AddRestrictedIPAzureAppService.ps1" -ResourceGroupName $ResourceGroupName -AppServiceName $AppServiceName -SubscriptionId $SubscriptionId -NewIpRules $NewIpRestrictions |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param( | |
| [Parameter(Mandatory = $true)] | |
| [string] $ResourceGroupName, | |
| [Parameter(Mandatory = $true)] | |
| [string] $AppServiceName, | |
| [Parameter(Mandatory = $true)] | |
| [string] $SubscriptionId, | |
| [Parameter(Mandatory = $true)] | |
| [Hashtable[]] $NewIpRules | |
| ) | |
| $ErrorActionPreference = "Stop" | |
| Import-Module Az | |
| if($Null -eq (Get-AzContext)){ | |
| Login-AzAccount | |
| } | |
| Select-AzSubscription -SubscriptionId $SubscriptionId | |
| $APIVersion = ((Get-AzResourceProvider -ProviderNamespace Microsoft.Web).ResourceTypes | Where-Object ResourceTypeName -eq sites).ApiVersions[0] | |
| $WebAppConfig = Get-AzResource -ResourceName $AppServiceName -ResourceType Microsoft.Web/sites/config -ResourceGroupName $ResourceGroupName -ApiVersion $APIVersion | |
| foreach ($NewIpRule in $NewIpRules) { | |
| $WebAppConfig.Properties.ipSecurityRestrictions += $NewIpRule | |
| } | |
| Set-AzResource -ResourceId $WebAppConfig.ResourceId -Properties $WebAppConfig.Properties -ApiVersion $APIVersion |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Australia East | |
| 20.40.124.176/28 | |
| 20.40.124.240/28 | |
| 20.40.125.80/28 | |
| Brazil South | |
| 191.233.26.176/28 | |
| 191.233.26.128/28 | |
| 191.233.26.64/28 | |
| France Central (Formerly France South) | |
| 20.40.129.96/28 | |
| 20.40.129.112/28 | |
| 20.40.129.128/28 | |
| 20.40.129.144/28 | |
| France Central | |
| 20.40.129.32/28 | |
| 20.40.129.48/28 | |
| 20.40.129.64/28 | |
| 20.40.129.80/28 | |
| East Asia | |
| 52.229.216.48/28 | |
| 52.229.216.64/28 | |
| 52.229.216.80/28 | |
| North Europe | |
| 52.158.28.64/28 | |
| 52.158.28.80/28 | |
| 52.158.28.96/28 | |
| 52.158.28.112/28 | |
| Japan East | |
| 52.140.232.160/28 | |
| 52.140.232.176/28 | |
| 52.140.232.192/28 | |
| West Europe | |
| 51.144.56.96/28 | |
| 51.144.56.112/28 | |
| 51.144.56.128/28 | |
| 51.144.56.144/28 | |
| 51.144.56.160/28 | |
| 51.144.56.176/28 | |
| UK South | |
| 51.105.9.128/28 | |
| 51.105.9.144/28 | |
| 51.105.9.160/28 | |
| UK West | |
| 20.40.104.96/28 | |
| 20.40.104.112/28 | |
| 20.40.104.128/28 | |
| 20.40.104.144/28 | |
| Southeast Asia | |
| 52.139.250.96/28 | |
| 52.139.250.112/28 | |
| 52.139.250.128/28 | |
| 52.139.250.144/28 | |
| West US | |
| 40.91.82.48/28 | |
| 40.91.82.64/28 | |
| 40.91.82.80/28 | |
| 40.91.82.96/28 | |
| 40.91.82.112/28 | |
| 40.91.82.128/28 | |
| Central US | |
| 13.86.97.224/28 | |
| 13.86.97.240/28 | |
| 13.86.98.48/28 | |
| 13.86.98.0/28 | |
| 13.86.98.16/28 | |
| 13.86.98.64/28 | |
| North Central US | |
| 23.100.224.16/28 | |
| 23.100.224.32/28 | |
| 23.100.224.48/28 | |
| 23.100.224.64/28 | |
| 23.100.224.80/28 | |
| 23.100.224.96/28 | |
| 23.100.224.112/28 | |
| 23.100.225.0/28 | |
| South Central US | |
| 20.45.5.160/28 | |
| 20.45.5.176/28 | |
| 20.45.5.192/28 | |
| 20.45.5.208/28 | |
| 20.45.5.224/28 | |
| 20.45.5.240/28 | |
| East US | |
| 20.42.35.32/28 | |
| 20.42.35.64/28 | |
| 20.42.35.80/28 | |
| 20.42.35.96/28 | |
| 20.42.35.112/28 | |
| 20.42.35.128/28 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment