azure - 在 ARM 模板 IPRestriction 中包含 Front Door ID
问题描述
在 Azure 门户中,当在 Azure Web 应用程序上设置访问限制时,现在可以使用服务标签并包含某些必须存在才能允许访问的标头。我们已经配置了以下设置,它将对 Web 应用程序的访问限制为仅来自我们特定的前门实例:
但是,当尝试在 ARM 中反映相同的配置时,我无法让事情正常工作。似乎明显缺乏此示例或文档,并且 azure 门户中的导出模板不包括前门 ID 标头检查。以下是我想出的,但成功部署后,访问限制存在但没有设置前门ID。
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2020-12-01",
"name": "[concat(variables('myApp'), '/web')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('myApp'))]"
],
"properties": {
"ipSecurityRestrictions": [
{
"ipAddress": "AzureFrontDoor.Backend",
"action": "Allow",
"tag": "ServiceTag",
"priority": 300,
"name": "Restrict-FrontDoor",
"headers": {"X-Azure-FDID": "[parameters('frontDoorID')]"}
}
]
}
}
解决方案
每个标头都接受一个对象数组,类似的东西应该适合您:
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2020-12-01",
"name": "[concat(variables('myApp'), '/web')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('myApp'))]"
],
"properties": {
"ipSecurityRestrictions": [
{
"ipAddress": "AzureFrontDoor.Backend",
"action": "Allow",
"tag": "ServiceTag",
"priority": 300,
"name": "Restrict-FrontDoor",
"headers": {
"x-azure-fdid": [
"[parameters('frontDoorID')]"
]
}
}
]
}
}
推荐阅读
- python-3.x - python中的正三角脉冲
- bash - Why is the assignment in a function ignored?
- xcode - 如何将工作区导入工作区?
- python - How to see the graph plotted using DataFrame in PyCharm Community Edition?
- java - Scrollbar disappear and the panel becomes bigger
- google-sheets - Reference a cell's content to act as a sheet name
- javascript - findIndex 方法在 ExpressJS 服务器更新方法中给出 undefined
- angular - Angular 7 : How to fix value overwriting during dynamic field addition?
- python - How to remove ' ' in a list in python?
- ansible - Ansible - using json imported from Consul