{
"properties": {
"displayName": "Web App default IP restrictions",
"mode": "indexed",
"description": "Configures Web App IP restriction to allow access from specified public IP addresses",
"metadata": {
"category": "Security v5"
},
"parameters": {},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Web/sites"
},
"then": {
"effect": "DeployIfNotExists",
"details": {
"type": "Microsoft.Web/sites/config",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772"
],
"existenceCondition": {
"not": {
"field": "Microsoft.Web/sites/config/web.ipSecurityRestrictions[*].action",
"Equals": "Allow"
}
},
"deployment": {
"properties": {
"mode": "incremental",
"parameters": {
"name": {
"value": "[field('name')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string"
}
},
"resources": [
{
"name": "[concat(parameters('name'), '/web')]",
"type": "Microsoft.Web/sites/config",
"apiVersion": "2018-11-01",
"properties": {
"scmIpSecurityRestrictionsUseMain": true,
"ipSecurityRestrictions": [
{
"ipAddress": "[IP Address CIDR format]",
"action": "Allow",
"priority": 3000,
"name": "[Your name]"
},
{
"ipAddress": "[IP Address CIDR format]",
"action": "Allow",
"priority": 3001,
"name": "[Your name]"
}
]
}
}
]
}
}
}
}
}
}
}
}