You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+22-1Lines changed: 22 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -112,7 +112,7 @@ per_site_scaling| Can Apps assigned to this App Service Plan be scaled independe
112
112
113
113
In App Service, app settings are variables passed as environment variables to the application code. For Linux apps and custom containers, App Service passes app settings to the container using the --env flag to set the environment variable in the container.
114
114
115
-
`app_settings` object key/value pair example:
115
+
`app_settings` object key-value pair examples:
116
116
117
117
| Name | Description
118
118
|--|--
@@ -167,6 +167,27 @@ Since App Service CORS lets you specify one set of accepted origins for all API
167
167
allowed_origins|A list of origins which should be able to make cross-origin calls. `*` can be used to allow all calls.
168
168
support_credentials|Are credentials supported?
169
169
170
+
### **`ip_restriction`** and **`scm_ip_restriction`** - App Service access restrictions
171
+
172
+
By setting up access restrictions, you can define a priority-ordered allow/deny list that controls network access to your app. The list can include IP addresses or Azure Virtual Network subnets. When there are one or more entries, an implicit deny all exists at the end of the list.
173
+
174
+
The access restriction capability is implemented in the App Service front-end roles, which are upstream of the worker hosts where your code runs. Therefore, access restrictions are effectively network access-control lists (ACLs).
175
+
176
+
The ability to restrict access to your web app from an Azure virtual network is enabled by service endpoints. With service endpoints, you can restrict access to a multi-tenant service from selected subnets. It doesn't work to restrict traffic to apps that are hosted in an App Service Environment. If you're in an App Service Environment, you can control access to your app by applying IP address rules.
177
+
178
+
A `ip_restriction` or `scm_ip_restriction` block supports the following and managed by `ips_allowed`, `subnet_ids_allowed`, `service_tags_allowed`, `scm_ips_allowed`, `scm_subnet_ids_allowed`, `scm_service_tags_allowed` variables. You can specify any of these variable with valid list of strings to manage the requird access.
179
+
180
+
> If enabled, one of either ip_address, service_tag or virtual_network_subnet_id must be specified.
181
+
182
+
| Name | Description
183
+
|--|--
184
+
ip_address|The IP Address used for this IP Restriction in `CIDR` notation.
185
+
service_tag|The `Service Tag` used for this IP Restriction.
186
+
virtual_network_subnet_id|The `Virtual Network Subnet ID` used for this IP Restriction.
187
+
name|The name for this IP Restriction.
188
+
priority|The priority for this IP Restriction. Restrictions are enforced in priority order. By default, priority is set to `65000` if not specified.
189
+
action|Does this restriction `Allow` or `Deny` access for this IP range. Defaults to `Allow`.
190
+
170
191
## **`auth_settings`** - Authentication and authorization in Azure App Service
171
192
172
193
Azure App Service provides built-in authentication and authorization capabilities (sometimes referred to as "Easy Auth"), so you can sign in users and access data by writing minimal or no code in your web app, RESTful API, and mobile back end, and also Azure Functions.
0 commit comments