-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy patharmtemplate.json
165 lines (152 loc) · 4.44 KB
/
armtemplate.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"name": "[parameters('functionAppName')]",
"location": "[parameters('location')]",
"kind": "functionapp",
"properties": {
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "powershell"
},
{
"name": "VIRUSTOTAL_API_KEY",
"value": "[parameters('virusTotalApiKey')]"
},
{
"name": "AZURE_SUBSCRIPTION_ID",
"value": "[parameters('azureSubscriptionId')]"
}
]
}
},
"resources": [
{
"type": "functions",
"apiVersion": "2018-11-01",
"name": "[parameters('functionName')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('functionAppName'))]"
],
"properties": {
"config": {
"bindings": [
{
"authLevel": "function",
"type": "httpTrigger",
"direction": "in",
"name": "req",
"methods": [
"get",
"post"
]
},
{
"type": "http",
"direction": "out",
"name": "res"
}
],
"script": "using namespace System.Net
param($Request, $TriggerMetadata)
# API Key for VirusTotal
$VirusTotalApiKey = $env:VIRUSTOTAL_API_KEY
# Azure Subscription ID
$SubscriptionId = $env:AZURE_SUBSCRIPTION_ID
# Azure Resource Group Name
$ResourceGroupName = 'sandbox'
# Azure Network Security Group Name
$NSGName = 'williamtest3NSG'
# Extract IP from the request
$RequestBody = $Request | ConvertFrom-Json
$ip = $RequestBody.ip
# Get IP Details from VirusTotal
$VTUrl = "https://www.virustotal.com/api/v3/ip_addresses/$ip"
$headers = @{
'x-apikey' = $VirusTotalApiKey
}
$response = Invoke-RestMethod -Uri $VTUrl -Headers $headers -Method Get
$country = $response.data.attributes.country
$ipRange = $response.data.attributes.network
if ($country -ne 'USA') {
# Connect to Azure Account
Connect-AzAccount -Identity
# Get NSG
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroupName -Name $NSGName
# Check if IP Range is already in NSG
$exists = $false
foreach ($rule in $nsg.SecurityRules) {
if ($rule.DestinationAddressPrefix -eq $ipRange) {
$exists = $true
break
}
}
if (-not $exists) {
# Find an available priority
$priorities = 100..4096 | Where-Object { $_ -notin $nsg.SecurityRules.Priority }
$priority = $priorities | Select-Object -First 1
# Add IP Range to NSG
$ruleName = "ip-blocklist" + (Get-Random)
$newRule = New-AzNetworkSecurityRuleConfig -Name $ruleName -Description "Block $ipRange" -Access Deny -Protocol * -Direction Inbound -Priority $priority -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix $ipRange -DestinationPortRange *
$nsg.SecurityRules.Add($newRule)
Set-AzNetworkSecurityGroup -NetworkSecurityGroup $nsg
}
}
# Return response
$body = @{
ipRange = $ipRange
country = $country
blocked = (-not $exists)
}
$Response = @{
StatusCode = [HttpStatusCode]::OK
ContentType = 'application/json'
Body = $body | ConvertTo-Json
}
$Response
"
}
}
}
]
}
],
"parameters": {
"functionAppName": {
"type": "string",
"metadata": {
"description": "The name of the function app."
}
},
"functionName": {
"type": "string",
"metadata": {
"description": "The name of the function."
}
},
"location": {
"type": "string",
"metadata": {
"description": "The Azure region where the resources will be deployed."
}
},
"virusTotalApiKey": {
"type": "string",
"metadata": {
"description": "The API key for VirusTotal."
}
},
"azureSubscriptionId": {
"type": "string",
"metadata": {
"description": "The subscription ID for Azure."
}
}
}
}