-
-
Save Swimburger/b2d58bff38156b73a5417b7f818fc5be to your computer and use it in GitHub Desktop.
| Param( | |
| [Parameter(Mandatory = $true)] | |
| [string] $ResourceGroupName, | |
| [Parameter(Mandatory = $true)] | |
| [string] $AppServiceName, | |
| [Parameter(Mandatory = $true)] | |
| [string] $SubscriptionId, | |
| [Parameter(Mandatory = $true)] | |
| [string] $RulePriority | |
| ) | |
| $ErrorActionPreference = "Stop" | |
| $AvailabilityTestIpsFile = Get-Content "$PSScriptRoot/AvailabilityTestIps.txt" | |
| $AvailabilityTestIpsLines = $AvailabilityTestIpsFile -split '\r?\n|\r' | |
| $IsHeader = $True | |
| $CurrentGroup = $Null; | |
| $NewIpRestrictions = @(); | |
| ForEach($Line in $AvailabilityTestIpsLines){ | |
| if($IsHeader){ | |
| $CurrentGroup = $Line; | |
| $IsHeader = $False | |
| continue | |
| } | |
| if([System.String]::IsNullOrEmpty($Line)){ | |
| $IsHeader = $True #next line will be header | |
| continue | |
| } | |
| $Ip = $Null | |
| if($Line.Contains("/")){ | |
| $Ip = $Line; | |
| }else{ | |
| $Ip = "$Line/32"; | |
| } | |
| $NewIpRestrictions += @{ | |
| ipAddress = $Ip; | |
| action = "Allow"; | |
| priority = $RulePriority; | |
| name = "Av IP $CurrentGroup"; | |
| description = "Availability Test IP $CurrentGroup"; | |
| tag = "Default"; | |
| } | |
| } | |
| & "$PSScriptRoot\AddRestrictedIPAzureAppService.ps1" -ResourceGroupName $ResourceGroupName -AppServiceName $AppServiceName -SubscriptionId $SubscriptionId -NewIpRules $NewIpRestrictions |
| Param( | |
| [Parameter(Mandatory = $true)] | |
| [string] $ResourceGroupName, | |
| [Parameter(Mandatory = $true)] | |
| [string] $AppServiceName, | |
| [Parameter(Mandatory = $true)] | |
| [string] $SubscriptionId, | |
| [Parameter(Mandatory = $true)] | |
| [string] $RulePriority | |
| ) | |
| $ErrorActionPreference = "Stop" | |
| $IPv4s = (Invoke-WebRequest -Uri "https://www.cloudflare.com/ips-v4").Content -split '\r?\n|\r'; | |
| $IPv6s = (Invoke-WebRequest -Uri "https://www.cloudflare.com/ips-v6").Content -split '\r?\n|\r'; | |
| $NewIpRestrictions = @(); | |
| foreach($IPv4 in $IPv4s){ | |
| $NewIpRestrictions += @{ | |
| ipAddress = $IPv4; | |
| action = "Allow"; | |
| priority = $RulePriority; | |
| name = "Cloudflare IPv4"; | |
| description = "Cloudflare IPv4"; | |
| tag = "Default"; | |
| } | |
| } | |
| foreach($IPv6 in $IPv6s){ | |
| $NewIpRestrictions += @{ | |
| ipAddress = $IPv6; | |
| action = "Allow"; | |
| priority = $RulePriority; | |
| name = "Cloudflare IPv6"; | |
| description = "Cloudflare IPv6"; | |
| tag = "Default"; | |
| } | |
| } | |
| & "$PSScriptRoot\AddRestrictedIPAzureAppService.ps1" -ResourceGroupName $ResourceGroupName -AppServiceName $AppServiceName -SubscriptionId $SubscriptionId -NewIpRules $NewIpRestrictions |
| Param( | |
| [Parameter(Mandatory = $true)] | |
| [string] $ResourceGroupName, | |
| [Parameter(Mandatory = $true)] | |
| [string] $AppServiceName, | |
| [Parameter(Mandatory = $true)] | |
| [string] $SubscriptionId, | |
| [Parameter(Mandatory = $true)] | |
| [Hashtable[]] $NewIpRules | |
| ) | |
| $ErrorActionPreference = "Stop" | |
| Import-Module Az | |
| if($Null -eq (Get-AzContext)){ | |
| Login-AzAccount | |
| } | |
| Select-AzSubscription -SubscriptionId $SubscriptionId | |
| $APIVersion = ((Get-AzResourceProvider -ProviderNamespace Microsoft.Web).ResourceTypes | Where-Object ResourceTypeName -eq sites).ApiVersions[0] | |
| $WebAppConfig = Get-AzResource -ResourceName $AppServiceName -ResourceType Microsoft.Web/sites/config -ResourceGroupName $ResourceGroupName -ApiVersion $APIVersion | |
| foreach ($NewIpRule in $NewIpRules) { | |
| $WebAppConfig.Properties.ipSecurityRestrictions += $NewIpRule | |
| } | |
| Set-AzResource -ResourceId $WebAppConfig.ResourceId -Properties $WebAppConfig.Properties -ApiVersion $APIVersion |
| Australia East | |
| 20.40.124.176/28 | |
| 20.40.124.240/28 | |
| 20.40.125.80/28 | |
| Brazil South | |
| 191.233.26.176/28 | |
| 191.233.26.128/28 | |
| 191.233.26.64/28 | |
| France Central - South | |
| 20.40.129.96/28 | |
| 20.40.129.112/28 | |
| 20.40.129.128/28 | |
| 20.40.129.144/28 | |
| France Central | |
| 20.40.129.32/28 | |
| 20.40.129.48/28 | |
| 20.40.129.64/28 | |
| 20.40.129.80/28 | |
| East Asia | |
| 52.229.216.48/28 | |
| 52.229.216.64/28 | |
| 52.229.216.80/28 | |
| North Europe | |
| 52.158.28.64/28 | |
| 52.158.28.80/28 | |
| 52.158.28.96/28 | |
| 52.158.28.112/28 | |
| Japan East | |
| 52.140.232.160/28 | |
| 52.140.232.176/28 | |
| 52.140.232.192/28 | |
| West Europe | |
| 51.144.56.96/28 | |
| 51.144.56.112/28 | |
| 51.144.56.128/28 | |
| 51.144.56.144/28 | |
| 51.144.56.160/28 | |
| 51.144.56.176/28 | |
| UK South | |
| 51.105.9.128/28 | |
| 51.105.9.144/28 | |
| 51.105.9.160/28 | |
| UK West | |
| 20.40.104.96/28 | |
| 20.40.104.112/28 | |
| 20.40.104.128/28 | |
| 20.40.104.144/28 | |
| Southeast Asia | |
| 52.139.250.96/28 | |
| 52.139.250.112/28 | |
| 52.139.250.128/28 | |
| 52.139.250.144/28 | |
| West US | |
| 40.91.82.48/28 | |
| 40.91.82.64/28 | |
| 40.91.82.80/28 | |
| 40.91.82.96/28 | |
| 40.91.82.112/28 | |
| 40.91.82.128/28 | |
| Central US | |
| 13.86.97.224/28 | |
| 13.86.97.240/28 | |
| 13.86.98.48/28 | |
| 13.86.98.0/28 | |
| 13.86.98.16/28 | |
| 13.86.98.64/28 | |
| North Central US | |
| 23.100.224.16/28 | |
| 23.100.224.32/28 | |
| 23.100.224.48/28 | |
| 23.100.224.64/28 | |
| 23.100.224.80/28 | |
| 23.100.224.96/28 | |
| 23.100.224.112/28 | |
| 23.100.225.0/28 | |
| South Central US | |
| 20.45.5.160/28 | |
| 20.45.5.176/28 | |
| 20.45.5.192/28 | |
| 20.45.5.208/28 | |
| 20.45.5.224/28 | |
| 20.45.5.240/28 | |
| East US | |
| 20.42.35.32/28 | |
| 20.42.35.64/28 | |
| 20.42.35.80/28 | |
| 20.42.35.96/28 | |
| 20.42.35.112/28 | |
| 20.42.35.128/28 |
Are the parentheses illegal characters or something, is that why you had to rename it?
Apologies, I meant to state that!
It exceeds the 32 character name limit.
Thank you for letting me know. Glad it was helpful.
I updated the name in the gist, but if folks get it from the source (Azure Docs), it'll still have the 30+ character name, so follow @madshaun1984 's advice 👍
Great scripts, thank you! I am just getting this error with the AddCloudflareRestrictedIPApp one, something to do with the newlines perhaps?
{"Code":"BadRequest","Message":"IpSecurityRestriction.IpAddress is invalid.
| '173.245.48.0/20\n103.21.244.0/22\n103.22.200.0/22\n103.31.4.0/22\n141.101.64.0/18\n108.162.192.0/18\n190.93.240.0/20\n188.114.96.0/20\n197.234.240.0/22\n198.41.128.0/17\n162.158.0.0/15\n104.16.0.0/13\n104.24.0.0/14\n172.64.0.0/13\n131.0.72.0/22' is an invalid CIDR!","Target":null,"Details":[{"Message":"IpSecurityRestriction.IpAddress is invalid. '173.245.48.0/20\n103.21.244.0/22\n103.22.200.0/22\n103.31.4.0/22\n141.101.64.0/18\n108.162.192.0/18\n190.93.240.0/20\n188.114.96.0/20\n197.234.240.0/22\n198.41.128.0/17\n162.158.0.0/15\n104.16.0.0/13\n104.24.0.0/14\n172.64.0.0/13\n131.0.72.0/22' is an invalid CIDR!"},{"Code":"BadRequest"},{"ErrorEntity":{"ExtendedCode":"51021","MessageTemplate":"{0} is invalid. {1}","Parameters":["IpSecurityRestriction.IpAddress","'173.245.48.0/20\n103.21.244.0/22\n103.22.200.0/22\n103.31.4.0/22\n141.101.64.0/18\n108.162.192.0/18\n190.93.240.0/20\n188.114.96.0/20\n197.234.240.0/22\n198.41.128.0/17\n162.158.0.0/15\n104.16.0.0/13\n104.24.0.0/14\n172.64.0.0/13\n131.0.72.0/22' is an invalid CIDR!"],"Code":"BadRequest","Message":"IpSecurityRestriction.IpAddress is invalid. '173.245.48.0/20\n103.21.244.0/22\n103.22.200.0/22\n103.31.4.0/22\n141.101.64.0/18\n108.162.192.0/18\n190.93.240.0/20\n188.114.96.0/20\n197.234.240.0/22\n198.41.128.0/17\n162.158.0.0/15\n104.16.0.0/13\n104.24.0.0/14\n172.64.0.0/13\n131.0.72.0/22' is an invalid CIDR!"}}],"Innererror":null}
@Marko-TRG , the script uses the newline character to split the CIDR's.
$IPv4s = (Invoke-WebRequest -Uri "https://www.cloudflare.com/ips-v4").Content.TrimEnd([Environment]::NewLine).Split([Environment]::NewLine);I'm not having this issue when I run it.
What OS do you use? What version of PowerShell?
Ah, PS version was the issue. I was using 7.2.5 on Win11. I ran it on the same computer using PowerShell 5.1 and it worked perfectly! Thank you! 🧠
@Marko-TRG, strange. It worked for me on 7.2.5 on macOS.
@Swimburger yes, strange. I tried with 7.2.5 in a Debian 10 shell on the same machine and it works. I guess then just my PowerShell installation is b0rked. Sorry to waste your time.
@Marko-TRG It's all good, no waste of time! Glad it's working for you!
Line 11 of "AvailabilityTestIps.txt" breaks naming rules.
Renaming this group to "France Central - South" works.
Once this was resolved this script saved me from at least an hour manually adding these IP's to Web App 2 instances! Cheers