Cleanup Redis cache firewall rules#
Security · Azure Cache for Redis · 2022_09
Determine if there is an excessive number of firewall rules for the Redis cache.
Description#
Azure Cache for Redis provides the functionality to create firewall rules, limiting the IP addresses that can access the resources. Normally, you want to limit the number of firewall rules.
Recommendation#
The Redis cache has more than ten (10) firewall rules. Some rules may not be needed.
Examples#
Configure with Azure template#
To deploy caches that pass this rule:
- Set the
properties.startIPproperty to the start of the IP address range. - Set the
properties.endIPproperty to the end of the IP address range.
Azure Template snippet
{
"type": "Microsoft.Cache/redis/firewallRules",
"apiVersion": "2022-06-01",
"name": "string",
"properties": {
"startIP": "string",
"endIP": "string"
}
}
Configure with Bicep#
To deploy caches that pass this rule:
- Set the
properties.startIPproperty to the start of the IP address range. - Set the
properties.endIPproperty to the end of the IP address range.
Azure Bicep snippet
resource symbolicname 'Microsoft.Cache/redis/firewallRules@2022-06-01' = {
name: 'string'
parent: resourceSymbolicName
properties: {
startIP: 'string'
endIP: 'string'
}
}
Notes#
This rule is not applicable when Redis is configured to allow private connectivity by setting properties.publicNetworkAccess to Disabled.
Firewall rules can be used with VNet injected caches, but not private endpoints.
Links#
- How to configure Azure Cache for Redis - Firewall
- Limitations of firewall rules
- Azure deployment reference
Last update:
2023-04-29