![](/img/trans.png)
[英]Azure Resource Manager Network Security Group Configuration using Powershell
[英]Azure Resource Manager IP Security Restrictions using Powershell
我正在嘗試使用Powershell來設置IP安全限制。 我的語法沒有返回任何錯誤,但設置沒有改變。 “ipSecurityRestrictions”屬性是一個哈希表。
$r = Get-AzureRmResource -ResourceGroupName *resource-group-name* -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01
$p = $r.Properties
$p.ipSecurityRestrictions = @{ ipAddress = "0.0.0.0"; subnetMask = "0.0.0.0" }
Set-AzureRmResource -ResourceGroupName *resource-group-name* -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01 -PropertyObject $p
這不是權限問題,並且沒有返回錯誤。 要更改不是哈希表的屬性,例如phpVersion,以下代碼正常工作:
$p.phpVersion = "7.0"
有沒有人使用這種方法成功設置ipSecurityRestrictions?
ipSecurityRestrictions
應該是對象數組。 請嘗試更改代碼,如下所示。 它適用於我。
$r = Get-AzureRmResource -ResourceGroupName "Resoucegroup name" -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01
$p = $r.Properties
$p.ipSecurityRestrictions = @()
$restriction = @{}
$restriction.Add("ipAddress","0.0.0.0")
$restriction.Add("subnetMask","0.0.0.0")
$p.ipSecurityRestrictions+= $restriction
Set-AzureRmResource -ResourceGroupName "Resoucegroup name" -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01 -PropertyObject $p
之后我們可以從資源azure( https://resources.azure.com )獲得結果。
我們也可以從資源azure中獲取powershell cmd。
這是一個添加規則的便利功能:
function Add-AzureIpRestrictionRule
{
[CmdletBinding()]
Param
(
# Name of the resource group that contains the App Service.
[Parameter(Mandatory=$true, Position=0)]
$ResourceGroupName,
# Name of your Web or API App.
[Parameter(Mandatory=$true, Position=1)]
$AppServiceName,
# rule to add.
[Parameter(Mandatory=$true, Position=2)]
[PSCustomObject]$rule
)
$ApiVersions = Get-AzureRmResourceProvider -ProviderNamespace Microsoft.Web |
Select-Object -ExpandProperty ResourceTypes |
Where-Object ResourceTypeName -eq 'sites' |
Select-Object -ExpandProperty ApiVersions
$LatestApiVersion = $ApiVersions[0]
$WebAppConfig = Get-AzureRmResource -ResourceType 'Microsoft.Web/sites/config' -ResourceName $AppServiceName -ResourceGroupName $ResourceGroupName -ApiVersion $LatestApiVersion
$WebAppConfig.Properties.ipSecurityRestrictions = $WebAppConfig.Properties.ipSecurityRestrictions + @($rule) |
Group-Object name |
ForEach-Object { $_.Group | Select-Object -Last 1 }
Set-AzureRmResource -ResourceId $WebAppConfig.ResourceId -Properties $WebAppConfig.Properties -ApiVersion $LatestApiVersion -Force
}
用法示例:
Login-AzureRmAccount
# determine current ip
$clientIp = Invoke-WebRequest 'https://api.ipify.org' | Select-Object -ExpandProperty Content
$rule = [PSCustomObject]@{
ipAddress = "$($clientIp)/32"
action = "Allow"
priority = 123
name = '{0}_{1}' -f $env:computername, $env:USERNAME
description = "Automatically added ip restriction"
}
Add-AzureIpRestrictionRule -ResourceGroupName "myResourceGroup" -AppServiceName "myAppServiceName" -rule $rule
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.