Azure WebApp Access Restrictions Tidy Up

calendar May 31, 2024 · 1 min read · microsoft azure app-service powershell  ·
Share on: linkedin copy

Symptoms

You have a number of Azure WebApps and Function Apps and have set an Access Restriction rule on many of them which allows access from a specific IP address (or CIDR range). You now need to remove this access from all of them.

Solution

We can use PowerShell to make this change. The following code snippet will find all the Access Restriction Rules on all the App Services in the current context where the IP range matches the given CIDR string. It will then remove each of these rules.

 1#The IP Address or range that needs to be removed
 2$CIDR= "10.0.0.1/32"
 3
 4#Loop through all the WebApps in the current context
 5ForEach ($WebApp in Get-AzWebApp) {
 6    #Get the Main Site Access Restriction Rules which match the given IP range
 7    $AccessRestrictions=(Get-AzWebAppAccessRestrictionConfig `
 8        -ResourceGroupName $WebApp.ResourceGroup `
 9        -Name $WebApp.Name).MainSiteAccessRestrictions `
10        | Where-Object IpAddress -eq $CIDR;
11    #Remove the matched Access Restriction Rules
12    If ($AccessRestrictions){
13        Remove-AzWebAppAccessRestrictionRule -ResourceGroupName $WebApp.ResourceGroup `
14            -WebAppName $WebApp.Name `
15            -Name $AccessRestrictions.RuleName 
16    }
17}

In the example WebApp shown in this Azure Portal screenshot, rule (1) would be kept but rule (2) which matches the given CIDR value would be removed: