Document Details
Firewall Sftp
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Detected Bias Types
powershell_heavy
windows_first
missing_linux_example
Summary
The documentation is heavily biased towards Windows by exclusively using Azure PowerShell for all deployment and configuration steps. There are no CLI (az), Bash, or Linux-native scripting examples. The only example for testing SFTP uses a generic 'command prompt' without clarifying cross-platform usage, and all setup instructions assume PowerShell, which is most commonly used on Windows.
Recommendations
- Provide equivalent examples using the Azure CLI (az) for all resource creation and configuration steps, as Azure CLI is cross-platform and widely used on Linux and macOS.
- Include Bash script snippets alongside PowerShell, especially for deployment and automation tasks.
- Clarify that the SFTP client example works on both Windows and Linux, and provide explicit Linux/Bash command-line examples (e.g., using the sftp command in a Linux terminal).
- Mention and link to installation instructions for Azure CLI and PowerShell Core on Linux/macOS, to support users on non-Windows platforms.
- Where possible, avoid language that assumes the user is on Windows (e.g., 'command prompt'), and instead use neutral terms like 'terminal' or 'shell'.
Create Pull Request
Scan History
| Date | Scan | Status | Result |
|---|---|---|---|
| 2025-07-12 23:44 | #41 | cancelled |
Biased
|
| 2025-07-12 00:58 | #8 | cancelled |
 Clean
|
| 2025-07-10 05:06 | #7 | processing |
Clean
|
Flagged Code Snippets
# Create a new firewall policy $policy = New-AzFirewallPolicy -Name "fw-pol" -ResourceGroupName "$rg" -Location $location # Define new rules to add $newrule1 = New-AzFirewallPolicyNatRule -Name "dnat-rule1" -Protocol "TCP", "UDP" -SourceAddress "*" -DestinationAddress $pip.ipaddress -DestinationPort "22" -TranslatedAddress $staticEP -TranslatedPort "22" # Add the new rules to the local rule collection object $natrulecollection = New-AzFirewallPolicyNatRuleCollection -Name "NATRuleCollection" -Priority 100 -ActionType "Dnat" -Rule $newrule1 # Create a new rule collection group $natrulecollectiongroup = New-AzFirewallPolicyRuleCollectionGroup -Name "rcg-01" -ResourceGroupName "$rg" -FirewallPolicyName "fw-pol" -Priority 100 # Add the new NAT rule collection to the rule collection group $natrulecollectiongroup.Properties.RuleCollection = $natrulecollection # Update the rule collection Set-AzFirewallPolicyRuleCollectionGroup -Name "rcg-01 " -FirewallPolicyObject $policy -Priority 200 -RuleCollection $natrulecollectiongroup.Properties.rulecollection
# Create the firewall
$firewall = New-AzFirewall `
-Name fw-01 `
-ResourceGroupName $rg `
-Location $location `
-VirtualNetwork $testvnet `
-PublicIpAddress $pip `
-FirewallPolicyId $policy.id
# Place the previously created storage account into a variable
$storage = Get-AzStorageAccount -ResourceGroupName $rg -Name $StorageAccountName
# Create the private endpoint connection
$pec = @{
Name = 'Connection01'
PrivateLinkServiceId = $storage.ID
GroupID = 'blob'
}
$privateEndpointConnection = New-AzPrivateLinkServiceConnection @pec
# Create the static IP configuration
$ip = @{
Name = 'myIPconfig'
GroupId = 'blob'
MemberName = 'blob'
PrivateIPAddress = $staticEP
}
$ipconfig = New-AzPrivateEndpointIpConfiguration @ip
# Create the private endpoint
$pe = @{
ResourceGroupName = $rg
Name = 'StorageEP'
Location = 'eastus'
Subnet = $testvnet.Subnets[1]
PrivateLinkServiceConnection = $privateEndpointConnection
IpConfiguration = $ipconfig
}
New-AzPrivateEndpoint @pe
$rg = "<resource-group-name>" $location = "<location>" $storageaccountname = "<storage-account-name>" $staticEP = "10.0.2.10" $SubscriptionName = "<your Azure subscription name>" $UserPrincipalName = "<your AD user principal name>" $ContainerName = "<container-name>"
# Create a new resource group
New-AzResourceGroup -Name $rg -Location $location
# Create new subnets for the firewall
$FWsub = New-AzVirtualNetworkSubnetConfig -Name AzureFirewallSubnet -AddressPrefix 10.0.1.0/26
$Worksub = New-AzVirtualNetworkSubnetConfig -Name Workload-SN -AddressPrefix 10.0.2.0/24
# Create a new VNet
$testVnet = New-AzVirtualNetwork -Name test-fw-vn -ResourceGroupName $rg -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $FWsub, $Worksub
# Create a public IP address for the firewall
$pip = New-AzPublicIpAddress `
-ResourceGroupName $rg `
-Location $location `
-AllocationMethod Static `
-Sku Standard `
-Name fw-pip
New-AzStorageAccount -ResourceGroupName $rg -Name $StorageAccountName -SkuName Standard_LRS -Location $location -EnableHierarchicalNamespace $true -PublicNetworkAccess enabled # Get the subscription and user information $subscriptionId = (Get-AzSubscription -SubscriptionName "$SubscriptionName").SubscriptionId $user = Get-AzADUser -UserPrincipalName $UserPrincipalName # Give the user contributor role New-AzRoleAssignment -ObjectId $user.id -RoleDefinitionName "Storage Blob Data Contributor" -Scope "/subscriptions/$subscriptionId/resourceGroups/$rg/providers/Microsoft.Storage/storageAccounts/$StorageAccountName" #Create the container and then disable public network access $ctx = New-AzStorageContext -StorageAccountName $StorageAccountName New-AzStorageContainer -Name $ContainerName -Context $ctx Set-AzStorageAccount -ResourceGroupName $rg -Name $StorageAccountName -PublicNetworkAccess disabled -Force
Set-AzStorageAccount `
-ResourceGroupName $rg `
-Name $StorageAccountName `
-EnableSftp $true
$permissionScopeBlob = New-AzStorageLocalUserPermissionScope `
-Permission rwdlc `
-Service blob `
-ResourceName $ContainerName
$localuser = Set-AzStorageLocalUser `
-ResourceGroupName $rg `
-AccountName $StorageAccountName `
-UserName testuser `
-PermissionScope $permissionScopeBlob
$localuserPassword = New-AzStorageLocalUserSshPassword `
-ResourceGroupName $rg `
-StorageAccountName $StorageAccountName `
-UserName testuser
# Examine and manually save the password
$localuserPassword
Remove-AzResourceGroup -Name $rg -Force