通过

你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

IpSecurityRestriction Class

IP security restriction on an app.

Constructor

IpSecurityRestriction(*, ip_address: str | None = None, subnet_mask: str | None = None, vnet_subnet_resource_id: str | None = None, vnet_traffic_tag: int | None = None, subnet_traffic_tag: int | None = None, action: str | None = None, tag: str | _models.IpFilterTag | None = None, priority: int | None = None, name: str | None = None, description: str | None = None, headers: Dict[str, List[str]] | None = None, **kwargs: Any)

Keyword-Only Parameters

Name Description
ip_address
str

IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified.

Default value: None
subnet_mask
str

Subnet mask for the range of IP addresses the restriction is valid for.

Default value: None
vnet_subnet_resource_id
str

Virtual network resource id.

Default value: None
vnet_traffic_tag
int

(internal) Vnet traffic tag.

Default value: None
subnet_traffic_tag
int

(internal) Subnet traffic tag.

Default value: None
action
str

Allow or Deny access for this IP range.

Default value: None
tag
str or IpFilterTag

Defines what this IP filter will be used for. This is to support IP filtering on proxies. Known values are: "Default", "XffProxy", and "ServiceTag".

Default value: None
priority
int

Priority of IP restriction rule.

Default value: None
name
str

IP restriction rule name.

Default value: None
description
str

IP restriction rule description.

Default value: None
headers
dict[str, list[str]]

IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is ..

  • If the property is null or empty (default), all hosts(or lack of) are allowed.

  • A value is compared using ordinal-ignore-case (excluding port number).

  • Subdomain wildcards are permitted but don't match the root ___domain. For example,

*<<.contoso.com matches the subdomain foo.contoso.com but not the root ___domain contoso.com or multi-level foo.bar.contoso.com

  • Unicode host names are allowed but are converted to Punycode for matching.

X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is ..

  • If the property is null or empty (default), any forwarded-for chains (or lack of) are

allowed.

  • If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property.

X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match.

Default value: None

Variables

Name Description
ip_address
str

IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified.
subnet_mask
str

Subnet mask for the range of IP addresses the restriction is valid for.
vnet_subnet_resource_id
str

Virtual network resource id.
vnet_traffic_tag
int

(internal) Vnet traffic tag.
subnet_traffic_tag
int

(internal) Subnet traffic tag.
action
str

Allow or Deny access for this IP range.
tag
str or IpFilterTag

Defines what this IP filter will be used for. This is to support IP filtering on proxies. Known values are: "Default", "XffProxy", and "ServiceTag".
priority
int

Priority of IP restriction rule.
name
str

IP restriction rule name.
description
str

IP restriction rule description.
headers
dict[str, list[str]]

IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is ..

  • If the property is null or empty (default), all hosts(or lack of) are allowed.

  • A value is compared using ordinal-ignore-case (excluding port number).

  • Subdomain wildcards are permitted but don't match the root ___domain. For example,

*<<.contoso.com matches the subdomain foo.contoso.com but not the root ___domain contoso.com or multi-level foo.bar.contoso.com

  • Unicode host names are allowed but are converted to Punycode for matching.

X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is ..

  • If the property is null or empty (default), any forwarded-for chains (or lack of) are

allowed.

  • If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property.

X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match.