IpSecurityRestriction interface
IP security restriction on an app.
Properties
| action | Allow or Deny access for this IP range. |
| description | IP restriction rule description. |
| headers | IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is ..
X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is ..
X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match. |
| ip |
IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified. |
| name | IP restriction rule name. |
| priority | Priority of IP restriction rule. |
| subnet |
Subnet mask for the range of IP addresses the restriction is valid for. |
| subnet |
(internal) Subnet traffic tag |
| tag | Defines what this IP filter will be used for. This is to support IP filtering on proxies. |
| vnet |
Virtual network resource id |
| vnet |
(internal) Vnet traffic tag |
Property Details
action
Allow or Deny access for this IP range.
action?: stringProperty Value
string
description
IP restriction rule description.
description?: stringProperty Value
string
headers
IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is ..
- If the property is null or empty (default), all hosts(or lack of) are allowed.
- A value is compared using ordinal-ignore-case (excluding port number).
- Subdomain wildcards are permitted but don't match the root domain. For example, *.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com
- Unicode host names are allowed but are converted to Punycode for matching.
X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is ..
- If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed.
- If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property.
X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match.
headers?: {[propertyName: string]: string[]}Property Value
{[propertyName: string]: string[]}
ipAddress
IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified.
ipAddress?: stringProperty Value
string
name
IP restriction rule name.
name?: stringProperty Value
string
priority
Priority of IP restriction rule.
priority?: numberProperty Value
number
subnetMask
Subnet mask for the range of IP addresses the restriction is valid for.
subnetMask?: stringProperty Value
string
subnetTrafficTag
(internal) Subnet traffic tag
subnetTrafficTag?: numberProperty Value
number
tag
Defines what this IP filter will be used for. This is to support IP filtering on proxies.
tag?: stringProperty Value
string
vnetSubnetResourceId
Virtual network resource id
vnetSubnetResourceId?: stringProperty Value
string
vnetTrafficTag
(internal) Vnet traffic tag
vnetTrafficTag?: numberProperty Value
number