如何解决策略应拒绝任何允许端口22的网络安全规则
我正在尝试创建一个拒绝允许端口22的NSG规则的策略。预期结果是,天蓝色将拒绝允许端口22的任何NSG安全规则。这是我到目前为止所拥有的,但是在测试时,它是仍然允许我创建它。
{
"policyRule": {
"if": {
"anyOf": [
{
"allOf": [
{
"field": "type","equals": "Microsoft.Network/networkSecurityGroups/securityRules"
},{
"allOf": [
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/direction","equals": "Inbound"
},{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/access","equals": "Allow"
},{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges","contains": "22"
}
]
}
]
},{
"allOf": [
{
"field": "type","equals": "Microsoft.Network/networkSecurityGroups"
},{
"allOf": [
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules[*].direction",{
"field": "Microsoft.Network/networkSecurityGroups/securityRules[*].access",{
"field": "Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange","contains": "22"
}
]
}
]
}
]
},"then": {
"effect": "deny"
}
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
