在 Azure 门户中,当在 Azure Web 应用程序上设置访问限制时,现在可以使用服务标记并包含必须存在才能允许访问的某些 header 。我们配置了以下设置,限制对 Web 应用程序的访问仅来 self 们的特定前门实例:
但是,当尝试在 ARM 中反射(reflect)相同的配置时,我无法让事情正常工作。似乎明显缺乏此示例或文档,并且 azure 门户中的导出模板不包括前门 ID header 检查。以下是我的想法,但是部署成功后,存在访问限制,但没有设置前门 ID。
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2020-12-01",
"name": "[concat(variables('myApp'), '/web')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('myApp'))]"
],
"properties": {
"ipSecurityRestrictions": [
{
"ipAddress": "AzureFrontDoor.Backend",
"action": "Allow",
"tag": "ServiceTag",
"priority": 300,
"name": "Restrict-FrontDoor",
"headers": {"X-Azure-FDID": "[parameters('frontDoorID')]"}
}
]
}
}
最佳答案
每个 header 都接受一个对象数组,类似的东西应该适合您:
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2020-12-01",
"name": "[concat(variables('myApp'), '/web')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('myApp'))]"
],
"properties": {
"ipSecurityRestrictions": [
{
"ipAddress": "AzureFrontDoor.Backend",
"action": "Allow",
"tag": "ServiceTag",
"priority": 300,
"name": "Restrict-FrontDoor",
"headers": {
"x-azure-fdid": [
"[parameters('frontDoorID')]"
]
}
}
]
}
}
关于azure - 在 ARM 模板 IPRestriction 中包含前门 ID,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67668065/