Azure Resource Manager IP Security Restrictions using Powershell
ipSecurityRestrictions
should be object array. Please have a try to change code as following. It works correctly for me.
$r = Get-AzureRmResource -ResourceGroupName "Resoucegroup name" -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01$p = $r.Properties$p.ipSecurityRestrictions = @()$restriction = @{}$restriction.Add("ipAddress","0.0.0.0")$restriction.Add("subnetMask","0.0.0.0")$p.ipSecurityRestrictions+= $restrictionSet-AzureRmResource -ResourceGroupName "Resoucegroup name" -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01 -PropertyObject $p
After that we can get the result from the resources azure (https://resources.azure.com).
We also can get powershell cmd from the resource azure.
Here is a convenience function to add a rule:
function Add-AzureIpRestrictionRule{ [CmdletBinding()] Param ( # Name of the resource group that contains the App Service. [Parameter(Mandatory=$true, Position=0)] $ResourceGroupName, # Name of your Web or API App. [Parameter(Mandatory=$true, Position=1)] $AppServiceName, # rule to add. [Parameter(Mandatory=$true, Position=2)] [PSCustomObject]$rule ) $ApiVersions = Get-AzureRmResourceProvider -ProviderNamespace Microsoft.Web | Select-Object -ExpandProperty ResourceTypes | Where-Object ResourceTypeName -eq 'sites' | Select-Object -ExpandProperty ApiVersions $LatestApiVersion = $ApiVersions[0] $WebAppConfig = Get-AzureRmResource -ResourceType 'Microsoft.Web/sites/config' -ResourceName $AppServiceName -ResourceGroupName $ResourceGroupName -ApiVersion $LatestApiVersion $WebAppConfig.Properties.ipSecurityRestrictions = $WebAppConfig.Properties.ipSecurityRestrictions + @($rule) | Group-Object name | ForEach-Object { $_.Group | Select-Object -Last 1 } Set-AzureRmResource -ResourceId $WebAppConfig.ResourceId -Properties $WebAppConfig.Properties -ApiVersion $LatestApiVersion -Force }
Usage example:
Login-AzureRmAccount# determine current ip$clientIp = Invoke-WebRequest 'https://api.ipify.org' | Select-Object -ExpandProperty Content$rule = [PSCustomObject]@{ ipAddress = "$($clientIp)/32" action = "Allow" priority = 123 name = '{0}_{1}' -f $env:computername, $env:USERNAME description = "Automatically added ip restriction"}Add-AzureIpRestrictionRule -ResourceGroupName "myResourceGroup" -AppServiceName "myAppServiceName" -rule $rule
Source: Configure Azure App Service IP Restrictions using PowerShell