1. Packages
  2. Azure Classic
  3. API Docs
  4. cdn
  5. FrontdoorFirewallPolicy

We recommend using Azure Native.

Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi

azure.cdn.FrontdoorFirewallPolicy

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Manages a Front Door (standard/premium) Firewall Policy instance.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const example = new azure.core.ResourceGroup("example", {
        name: "example-cdn-frontdoor",
        location: "West Europe",
    });
    const exampleFrontdoorProfile = new azure.cdn.FrontdoorProfile("example", {
        name: "example-profile",
        resourceGroupName: example.name,
        skuName: "Premium_AzureFrontDoor",
    });
    const exampleFrontdoorFirewallPolicy = new azure.cdn.FrontdoorFirewallPolicy("example", {
        name: "examplecdnfdwafpolicy",
        resourceGroupName: example.name,
        skuName: exampleFrontdoorProfile.skuName,
        enabled: true,
        mode: "Prevention",
        redirectUrl: "https://www.contoso.com",
        customBlockResponseStatusCode: 403,
        customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
        customRules: [
            {
                name: "Rule1",
                enabled: true,
                priority: 1,
                rateLimitDurationInMinutes: 1,
                rateLimitThreshold: 10,
                type: "MatchRule",
                action: "Block",
                matchConditions: [{
                    matchVariable: "RemoteAddr",
                    operator: "IPMatch",
                    negationCondition: false,
                    matchValues: [
                        "10.0.1.0/24",
                        "10.0.0.0/24",
                    ],
                }],
            },
            {
                name: "Rule2",
                enabled: true,
                priority: 2,
                rateLimitDurationInMinutes: 1,
                rateLimitThreshold: 10,
                type: "MatchRule",
                action: "Block",
                matchConditions: [
                    {
                        matchVariable: "RemoteAddr",
                        operator: "IPMatch",
                        negationCondition: false,
                        matchValues: ["192.168.1.0/24"],
                    },
                    {
                        matchVariable: "RequestHeader",
                        selector: "UserAgent",
                        operator: "Contains",
                        negationCondition: false,
                        matchValues: ["windows"],
                        transforms: [
                            "Lowercase",
                            "Trim",
                        ],
                    },
                ],
            },
        ],
        managedRules: [
            {
                type: "DefaultRuleSet",
                version: "1.0",
                exclusions: [{
                    matchVariable: "QueryStringArgNames",
                    operator: "Equals",
                    selector: "not_suspicious",
                }],
                overrides: [
                    {
                        ruleGroupName: "PHP",
                        rules: [{
                            ruleId: "933100",
                            enabled: false,
                            action: "Block",
                        }],
                    },
                    {
                        ruleGroupName: "SQLI",
                        exclusions: [{
                            matchVariable: "QueryStringArgNames",
                            operator: "Equals",
                            selector: "really_not_suspicious",
                        }],
                        rules: [{
                            ruleId: "942200",
                            action: "Block",
                            exclusions: [{
                                matchVariable: "QueryStringArgNames",
                                operator: "Equals",
                                selector: "innocent",
                            }],
                        }],
                    },
                ],
            },
            {
                type: "Microsoft_BotManagerRuleSet",
                version: "1.0",
                action: "Log",
            },
        ],
    });
    
    import pulumi
    import pulumi_azure as azure
    
    example = azure.core.ResourceGroup("example",
        name="example-cdn-frontdoor",
        location="West Europe")
    example_frontdoor_profile = azure.cdn.FrontdoorProfile("example",
        name="example-profile",
        resource_group_name=example.name,
        sku_name="Premium_AzureFrontDoor")
    example_frontdoor_firewall_policy = azure.cdn.FrontdoorFirewallPolicy("example",
        name="examplecdnfdwafpolicy",
        resource_group_name=example.name,
        sku_name=example_frontdoor_profile.sku_name,
        enabled=True,
        mode="Prevention",
        redirect_url="https://www.contoso.com",
        custom_block_response_status_code=403,
        custom_block_response_body="PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
        custom_rules=[
            {
                "name": "Rule1",
                "enabled": True,
                "priority": 1,
                "rate_limit_duration_in_minutes": 1,
                "rate_limit_threshold": 10,
                "type": "MatchRule",
                "action": "Block",
                "match_conditions": [{
                    "match_variable": "RemoteAddr",
                    "operator": "IPMatch",
                    "negation_condition": False,
                    "match_values": [
                        "10.0.1.0/24",
                        "10.0.0.0/24",
                    ],
                }],
            },
            {
                "name": "Rule2",
                "enabled": True,
                "priority": 2,
                "rate_limit_duration_in_minutes": 1,
                "rate_limit_threshold": 10,
                "type": "MatchRule",
                "action": "Block",
                "match_conditions": [
                    {
                        "match_variable": "RemoteAddr",
                        "operator": "IPMatch",
                        "negation_condition": False,
                        "match_values": ["192.168.1.0/24"],
                    },
                    {
                        "match_variable": "RequestHeader",
                        "selector": "UserAgent",
                        "operator": "Contains",
                        "negation_condition": False,
                        "match_values": ["windows"],
                        "transforms": [
                            "Lowercase",
                            "Trim",
                        ],
                    },
                ],
            },
        ],
        managed_rules=[
            {
                "type": "DefaultRuleSet",
                "version": "1.0",
                "exclusions": [{
                    "match_variable": "QueryStringArgNames",
                    "operator": "Equals",
                    "selector": "not_suspicious",
                }],
                "overrides": [
                    {
                        "rule_group_name": "PHP",
                        "rules": [{
                            "rule_id": "933100",
                            "enabled": False,
                            "action": "Block",
                        }],
                    },
                    {
                        "rule_group_name": "SQLI",
                        "exclusions": [{
                            "match_variable": "QueryStringArgNames",
                            "operator": "Equals",
                            "selector": "really_not_suspicious",
                        }],
                        "rules": [{
                            "rule_id": "942200",
                            "action": "Block",
                            "exclusions": [{
                                "match_variable": "QueryStringArgNames",
                                "operator": "Equals",
                                "selector": "innocent",
                            }],
                        }],
                    },
                ],
            },
            {
                "type": "Microsoft_BotManagerRuleSet",
                "version": "1.0",
                "action": "Log",
            },
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/cdn"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("example-cdn-frontdoor"),
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleFrontdoorProfile, err := cdn.NewFrontdoorProfile(ctx, "example", &cdn.FrontdoorProfileArgs{
    			Name:              pulumi.String("example-profile"),
    			ResourceGroupName: example.Name,
    			SkuName:           pulumi.String("Premium_AzureFrontDoor"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = cdn.NewFrontdoorFirewallPolicy(ctx, "example", &cdn.FrontdoorFirewallPolicyArgs{
    			Name:                          pulumi.String("examplecdnfdwafpolicy"),
    			ResourceGroupName:             example.Name,
    			SkuName:                       exampleFrontdoorProfile.SkuName,
    			Enabled:                       pulumi.Bool(true),
    			Mode:                          pulumi.String("Prevention"),
    			RedirectUrl:                   pulumi.String("https://www.contoso.com"),
    			CustomBlockResponseStatusCode: pulumi.Int(403),
    			CustomBlockResponseBody:       pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
    			CustomRules: cdn.FrontdoorFirewallPolicyCustomRuleArray{
    				&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
    					Name:                       pulumi.String("Rule1"),
    					Enabled:                    pulumi.Bool(true),
    					Priority:                   pulumi.Int(1),
    					RateLimitDurationInMinutes: pulumi.Int(1),
    					RateLimitThreshold:         pulumi.Int(10),
    					Type:                       pulumi.String("MatchRule"),
    					Action:                     pulumi.String("Block"),
    					MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
    						&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
    							MatchVariable:     pulumi.String("RemoteAddr"),
    							Operator:          pulumi.String("IPMatch"),
    							NegationCondition: pulumi.Bool(false),
    							MatchValues: pulumi.StringArray{
    								pulumi.String("10.0.1.0/24"),
    								pulumi.String("10.0.0.0/24"),
    							},
    						},
    					},
    				},
    				&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
    					Name:                       pulumi.String("Rule2"),
    					Enabled:                    pulumi.Bool(true),
    					Priority:                   pulumi.Int(2),
    					RateLimitDurationInMinutes: pulumi.Int(1),
    					RateLimitThreshold:         pulumi.Int(10),
    					Type:                       pulumi.String("MatchRule"),
    					Action:                     pulumi.String("Block"),
    					MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
    						&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
    							MatchVariable:     pulumi.String("RemoteAddr"),
    							Operator:          pulumi.String("IPMatch"),
    							NegationCondition: pulumi.Bool(false),
    							MatchValues: pulumi.StringArray{
    								pulumi.String("192.168.1.0/24"),
    							},
    						},
    						&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
    							MatchVariable:     pulumi.String("RequestHeader"),
    							Selector:          pulumi.String("UserAgent"),
    							Operator:          pulumi.String("Contains"),
    							NegationCondition: pulumi.Bool(false),
    							MatchValues: pulumi.StringArray{
    								pulumi.String("windows"),
    							},
    							Transforms: pulumi.StringArray{
    								pulumi.String("Lowercase"),
    								pulumi.String("Trim"),
    							},
    						},
    					},
    				},
    			},
    			ManagedRules: cdn.FrontdoorFirewallPolicyManagedRuleArray{
    				&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
    					Type:    pulumi.String("DefaultRuleSet"),
    					Version: pulumi.String("1.0"),
    					Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleExclusionArray{
    						&cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs{
    							MatchVariable: pulumi.String("QueryStringArgNames"),
    							Operator:      pulumi.String("Equals"),
    							Selector:      pulumi.String("not_suspicious"),
    						},
    					},
    					Overrides: cdn.FrontdoorFirewallPolicyManagedRuleOverrideArray{
    						&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
    							RuleGroupName: pulumi.String("PHP"),
    							Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
    								&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
    									RuleId:  pulumi.String("933100"),
    									Enabled: pulumi.Bool(false),
    									Action:  pulumi.String("Block"),
    								},
    							},
    						},
    						&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
    							RuleGroupName: pulumi.String("SQLI"),
    							Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArray{
    								&cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs{
    									MatchVariable: pulumi.String("QueryStringArgNames"),
    									Operator:      pulumi.String("Equals"),
    									Selector:      pulumi.String("really_not_suspicious"),
    								},
    							},
    							Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
    								&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
    									RuleId: pulumi.String("942200"),
    									Action: pulumi.String("Block"),
    									Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArray{
    										&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs{
    											MatchVariable: pulumi.String("QueryStringArgNames"),
    											Operator:      pulumi.String("Equals"),
    											Selector:      pulumi.String("innocent"),
    										},
    									},
    								},
    							},
    						},
    					},
    				},
    				&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
    					Type:    pulumi.String("Microsoft_BotManagerRuleSet"),
    					Version: pulumi.String("1.0"),
    					Action:  pulumi.String("Log"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "example-cdn-frontdoor",
            Location = "West Europe",
        });
    
        var exampleFrontdoorProfile = new Azure.Cdn.FrontdoorProfile("example", new()
        {
            Name = "example-profile",
            ResourceGroupName = example.Name,
            SkuName = "Premium_AzureFrontDoor",
        });
    
        var exampleFrontdoorFirewallPolicy = new Azure.Cdn.FrontdoorFirewallPolicy("example", new()
        {
            Name = "examplecdnfdwafpolicy",
            ResourceGroupName = example.Name,
            SkuName = exampleFrontdoorProfile.SkuName,
            Enabled = true,
            Mode = "Prevention",
            RedirectUrl = "https://www.contoso.com",
            CustomBlockResponseStatusCode = 403,
            CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
            CustomRules = new[]
            {
                new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
                {
                    Name = "Rule1",
                    Enabled = true,
                    Priority = 1,
                    RateLimitDurationInMinutes = 1,
                    RateLimitThreshold = 10,
                    Type = "MatchRule",
                    Action = "Block",
                    MatchConditions = new[]
                    {
                        new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
                        {
                            MatchVariable = "RemoteAddr",
                            Operator = "IPMatch",
                            NegationCondition = false,
                            MatchValues = new[]
                            {
                                "10.0.1.0/24",
                                "10.0.0.0/24",
                            },
                        },
                    },
                },
                new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
                {
                    Name = "Rule2",
                    Enabled = true,
                    Priority = 2,
                    RateLimitDurationInMinutes = 1,
                    RateLimitThreshold = 10,
                    Type = "MatchRule",
                    Action = "Block",
                    MatchConditions = new[]
                    {
                        new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
                        {
                            MatchVariable = "RemoteAddr",
                            Operator = "IPMatch",
                            NegationCondition = false,
                            MatchValues = new[]
                            {
                                "192.168.1.0/24",
                            },
                        },
                        new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
                        {
                            MatchVariable = "RequestHeader",
                            Selector = "UserAgent",
                            Operator = "Contains",
                            NegationCondition = false,
                            MatchValues = new[]
                            {
                                "windows",
                            },
                            Transforms = new[]
                            {
                                "Lowercase",
                                "Trim",
                            },
                        },
                    },
                },
            },
            ManagedRules = new[]
            {
                new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
                {
                    Type = "DefaultRuleSet",
                    Version = "1.0",
                    Exclusions = new[]
                    {
                        new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleExclusionArgs
                        {
                            MatchVariable = "QueryStringArgNames",
                            Operator = "Equals",
                            Selector = "not_suspicious",
                        },
                    },
                    Overrides = new[]
                    {
                        new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
                        {
                            RuleGroupName = "PHP",
                            Rules = new[]
                            {
                                new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
                                {
                                    RuleId = "933100",
                                    Enabled = false,
                                    Action = "Block",
                                },
                            },
                        },
                        new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
                        {
                            RuleGroupName = "SQLI",
                            Exclusions = new[]
                            {
                                new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs
                                {
                                    MatchVariable = "QueryStringArgNames",
                                    Operator = "Equals",
                                    Selector = "really_not_suspicious",
                                },
                            },
                            Rules = new[]
                            {
                                new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
                                {
                                    RuleId = "942200",
                                    Action = "Block",
                                    Exclusions = new[]
                                    {
                                        new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs
                                        {
                                            MatchVariable = "QueryStringArgNames",
                                            Operator = "Equals",
                                            Selector = "innocent",
                                        },
                                    },
                                },
                            },
                        },
                    },
                },
                new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
                {
                    Type = "Microsoft_BotManagerRuleSet",
                    Version = "1.0",
                    Action = "Log",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.cdn.FrontdoorProfile;
    import com.pulumi.azure.cdn.FrontdoorProfileArgs;
    import com.pulumi.azure.cdn.FrontdoorFirewallPolicy;
    import com.pulumi.azure.cdn.FrontdoorFirewallPolicyArgs;
    import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyCustomRuleArgs;
    import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyManagedRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()
                .name("example-cdn-frontdoor")
                .location("West Europe")
                .build());
    
            var exampleFrontdoorProfile = new FrontdoorProfile("exampleFrontdoorProfile", FrontdoorProfileArgs.builder()
                .name("example-profile")
                .resourceGroupName(example.name())
                .skuName("Premium_AzureFrontDoor")
                .build());
    
            var exampleFrontdoorFirewallPolicy = new FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy", FrontdoorFirewallPolicyArgs.builder()
                .name("examplecdnfdwafpolicy")
                .resourceGroupName(example.name())
                .skuName(exampleFrontdoorProfile.skuName())
                .enabled(true)
                .mode("Prevention")
                .redirectUrl("https://www.contoso.com")
                .customBlockResponseStatusCode(403)
                .customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
                .customRules(            
                    FrontdoorFirewallPolicyCustomRuleArgs.builder()
                        .name("Rule1")
                        .enabled(true)
                        .priority(1)
                        .rateLimitDurationInMinutes(1)
                        .rateLimitThreshold(10)
                        .type("MatchRule")
                        .action("Block")
                        .matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                            .matchVariable("RemoteAddr")
                            .operator("IPMatch")
                            .negationCondition(false)
                            .matchValues(                        
                                "10.0.1.0/24",
                                "10.0.0.0/24")
                            .build())
                        .build(),
                    FrontdoorFirewallPolicyCustomRuleArgs.builder()
                        .name("Rule2")
                        .enabled(true)
                        .priority(2)
                        .rateLimitDurationInMinutes(1)
                        .rateLimitThreshold(10)
                        .type("MatchRule")
                        .action("Block")
                        .matchConditions(                    
                            FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                                .matchVariable("RemoteAddr")
                                .operator("IPMatch")
                                .negationCondition(false)
                                .matchValues("192.168.1.0/24")
                                .build(),
                            FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                                .matchVariable("RequestHeader")
                                .selector("UserAgent")
                                .operator("Contains")
                                .negationCondition(false)
                                .matchValues("windows")
                                .transforms(                            
                                    "Lowercase",
                                    "Trim")
                                .build())
                        .build())
                .managedRules(            
                    FrontdoorFirewallPolicyManagedRuleArgs.builder()
                        .type("DefaultRuleSet")
                        .version("1.0")
                        .exclusions(FrontdoorFirewallPolicyManagedRuleExclusionArgs.builder()
                            .matchVariable("QueryStringArgNames")
                            .operator("Equals")
                            .selector("not_suspicious")
                            .build())
                        .overrides(                    
                            FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
                                .ruleGroupName("PHP")
                                .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
                                    .ruleId("933100")
                                    .enabled(false)
                                    .action("Block")
                                    .build())
                                .build(),
                            FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
                                .ruleGroupName("SQLI")
                                .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs.builder()
                                    .matchVariable("QueryStringArgNames")
                                    .operator("Equals")
                                    .selector("really_not_suspicious")
                                    .build())
                                .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
                                    .ruleId("942200")
                                    .action("Block")
                                    .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
                                        .matchVariable("QueryStringArgNames")
                                        .operator("Equals")
                                        .selector("innocent")
                                        .build())
                                    .build())
                                .build())
                        .build(),
                    FrontdoorFirewallPolicyManagedRuleArgs.builder()
                        .type("Microsoft_BotManagerRuleSet")
                        .version("1.0")
                        .action("Log")
                        .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: example-cdn-frontdoor
          location: West Europe
      exampleFrontdoorProfile:
        type: azure:cdn:FrontdoorProfile
        name: example
        properties:
          name: example-profile
          resourceGroupName: ${example.name}
          skuName: Premium_AzureFrontDoor
      exampleFrontdoorFirewallPolicy:
        type: azure:cdn:FrontdoorFirewallPolicy
        name: example
        properties:
          name: examplecdnfdwafpolicy
          resourceGroupName: ${example.name}
          skuName: ${exampleFrontdoorProfile.skuName}
          enabled: true
          mode: Prevention
          redirectUrl: https://www.contoso.com
          customBlockResponseStatusCode: 403
          customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
          customRules:
            - name: Rule1
              enabled: true
              priority: 1
              rateLimitDurationInMinutes: 1
              rateLimitThreshold: 10
              type: MatchRule
              action: Block
              matchConditions:
                - matchVariable: RemoteAddr
                  operator: IPMatch
                  negationCondition: false
                  matchValues:
                    - 10.0.1.0/24
                    - 10.0.0.0/24
            - name: Rule2
              enabled: true
              priority: 2
              rateLimitDurationInMinutes: 1
              rateLimitThreshold: 10
              type: MatchRule
              action: Block
              matchConditions:
                - matchVariable: RemoteAddr
                  operator: IPMatch
                  negationCondition: false
                  matchValues:
                    - 192.168.1.0/24
                - matchVariable: RequestHeader
                  selector: UserAgent
                  operator: Contains
                  negationCondition: false
                  matchValues:
                    - windows
                  transforms:
                    - Lowercase
                    - Trim
          managedRules:
            - type: DefaultRuleSet
              version: '1.0'
              exclusions:
                - matchVariable: QueryStringArgNames
                  operator: Equals
                  selector: not_suspicious
              overrides:
                - ruleGroupName: PHP
                  rules:
                    - ruleId: '933100'
                      enabled: false
                      action: Block
                - ruleGroupName: SQLI
                  exclusions:
                    - matchVariable: QueryStringArgNames
                      operator: Equals
                      selector: really_not_suspicious
                  rules:
                    - ruleId: '942200'
                      action: Block
                      exclusions:
                        - matchVariable: QueryStringArgNames
                          operator: Equals
                          selector: innocent
            - type: Microsoft_BotManagerRuleSet
              version: '1.0'
              action: Log
    

    Create FrontdoorFirewallPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FrontdoorFirewallPolicy(name: string, args: FrontdoorFirewallPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def FrontdoorFirewallPolicy(resource_name: str,
                                args: FrontdoorFirewallPolicyArgs,
                                opts: Optional[ResourceOptions] = None)
    
    @overload
    def FrontdoorFirewallPolicy(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                mode: Optional[str] = None,
                                resource_group_name: Optional[str] = None,
                                sku_name: Optional[str] = None,
                                custom_block_response_body: Optional[str] = None,
                                custom_block_response_status_code: Optional[int] = None,
                                custom_rules: Optional[Sequence[FrontdoorFirewallPolicyCustomRuleArgs]] = None,
                                enabled: Optional[bool] = None,
                                managed_rules: Optional[Sequence[FrontdoorFirewallPolicyManagedRuleArgs]] = None,
                                name: Optional[str] = None,
                                redirect_url: Optional[str] = None,
                                request_body_check_enabled: Optional[bool] = None,
                                tags: Optional[Mapping[str, str]] = None)
    func NewFrontdoorFirewallPolicy(ctx *Context, name string, args FrontdoorFirewallPolicyArgs, opts ...ResourceOption) (*FrontdoorFirewallPolicy, error)
    public FrontdoorFirewallPolicy(string name, FrontdoorFirewallPolicyArgs args, CustomResourceOptions? opts = null)
    public FrontdoorFirewallPolicy(String name, FrontdoorFirewallPolicyArgs args)
    public FrontdoorFirewallPolicy(String name, FrontdoorFirewallPolicyArgs args, CustomResourceOptions options)
    
    type: azure:cdn:FrontdoorFirewallPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FrontdoorFirewallPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FrontdoorFirewallPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FrontdoorFirewallPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FrontdoorFirewallPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FrontdoorFirewallPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var frontdoorFirewallPolicyResource = new Azure.Cdn.FrontdoorFirewallPolicy("frontdoorFirewallPolicyResource", new()
    {
        Mode = "string",
        ResourceGroupName = "string",
        SkuName = "string",
        CustomBlockResponseBody = "string",
        CustomBlockResponseStatusCode = 0,
        CustomRules = new[]
        {
            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
            {
                Action = "string",
                Name = "string",
                Type = "string",
                Enabled = false,
                MatchConditions = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
                    {
                        MatchValues = new[]
                        {
                            "string",
                        },
                        MatchVariable = "string",
                        Operator = "string",
                        NegationCondition = false,
                        Selector = "string",
                        Transforms = new[]
                        {
                            "string",
                        },
                    },
                },
                Priority = 0,
                RateLimitDurationInMinutes = 0,
                RateLimitThreshold = 0,
            },
        },
        Enabled = false,
        ManagedRules = new[]
        {
            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
            {
                Action = "string",
                Type = "string",
                Version = "string",
                Exclusions = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleExclusionArgs
                    {
                        MatchVariable = "string",
                        Operator = "string",
                        Selector = "string",
                    },
                },
                Overrides = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
                    {
                        RuleGroupName = "string",
                        Exclusions = new[]
                        {
                            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs
                            {
                                MatchVariable = "string",
                                Operator = "string",
                                Selector = "string",
                            },
                        },
                        Rules = new[]
                        {
                            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
                            {
                                Action = "string",
                                RuleId = "string",
                                Enabled = false,
                                Exclusions = new[]
                                {
                                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs
                                    {
                                        MatchVariable = "string",
                                        Operator = "string",
                                        Selector = "string",
                                    },
                                },
                            },
                        },
                    },
                },
            },
        },
        Name = "string",
        RedirectUrl = "string",
        RequestBodyCheckEnabled = false,
        Tags = 
        {
            { "string", "string" },
        },
    });
    
    example, err := cdn.NewFrontdoorFirewallPolicy(ctx, "frontdoorFirewallPolicyResource", &cdn.FrontdoorFirewallPolicyArgs{
    	Mode:                          pulumi.String("string"),
    	ResourceGroupName:             pulumi.String("string"),
    	SkuName:                       pulumi.String("string"),
    	CustomBlockResponseBody:       pulumi.String("string"),
    	CustomBlockResponseStatusCode: pulumi.Int(0),
    	CustomRules: cdn.FrontdoorFirewallPolicyCustomRuleArray{
    		&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
    			Action:  pulumi.String("string"),
    			Name:    pulumi.String("string"),
    			Type:    pulumi.String("string"),
    			Enabled: pulumi.Bool(false),
    			MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
    				&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
    					MatchValues: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					MatchVariable:     pulumi.String("string"),
    					Operator:          pulumi.String("string"),
    					NegationCondition: pulumi.Bool(false),
    					Selector:          pulumi.String("string"),
    					Transforms: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Priority:                   pulumi.Int(0),
    			RateLimitDurationInMinutes: pulumi.Int(0),
    			RateLimitThreshold:         pulumi.Int(0),
    		},
    	},
    	Enabled: pulumi.Bool(false),
    	ManagedRules: cdn.FrontdoorFirewallPolicyManagedRuleArray{
    		&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
    			Action:  pulumi.String("string"),
    			Type:    pulumi.String("string"),
    			Version: pulumi.String("string"),
    			Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleExclusionArray{
    				&cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs{
    					MatchVariable: pulumi.String("string"),
    					Operator:      pulumi.String("string"),
    					Selector:      pulumi.String("string"),
    				},
    			},
    			Overrides: cdn.FrontdoorFirewallPolicyManagedRuleOverrideArray{
    				&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
    					RuleGroupName: pulumi.String("string"),
    					Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArray{
    						&cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs{
    							MatchVariable: pulumi.String("string"),
    							Operator:      pulumi.String("string"),
    							Selector:      pulumi.String("string"),
    						},
    					},
    					Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
    						&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
    							Action:  pulumi.String("string"),
    							RuleId:  pulumi.String("string"),
    							Enabled: pulumi.Bool(false),
    							Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArray{
    								&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs{
    									MatchVariable: pulumi.String("string"),
    									Operator:      pulumi.String("string"),
    									Selector:      pulumi.String("string"),
    								},
    							},
    						},
    					},
    				},
    			},
    		},
    	},
    	Name:                    pulumi.String("string"),
    	RedirectUrl:             pulumi.String("string"),
    	RequestBodyCheckEnabled: pulumi.Bool(false),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    })
    
    var frontdoorFirewallPolicyResource = new FrontdoorFirewallPolicy("frontdoorFirewallPolicyResource", FrontdoorFirewallPolicyArgs.builder()
        .mode("string")
        .resourceGroupName("string")
        .skuName("string")
        .customBlockResponseBody("string")
        .customBlockResponseStatusCode(0)
        .customRules(FrontdoorFirewallPolicyCustomRuleArgs.builder()
            .action("string")
            .name("string")
            .type("string")
            .enabled(false)
            .matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                .matchValues("string")
                .matchVariable("string")
                .operator("string")
                .negationCondition(false)
                .selector("string")
                .transforms("string")
                .build())
            .priority(0)
            .rateLimitDurationInMinutes(0)
            .rateLimitThreshold(0)
            .build())
        .enabled(false)
        .managedRules(FrontdoorFirewallPolicyManagedRuleArgs.builder()
            .action("string")
            .type("string")
            .version("string")
            .exclusions(FrontdoorFirewallPolicyManagedRuleExclusionArgs.builder()
                .matchVariable("string")
                .operator("string")
                .selector("string")
                .build())
            .overrides(FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
                .ruleGroupName("string")
                .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs.builder()
                    .matchVariable("string")
                    .operator("string")
                    .selector("string")
                    .build())
                .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
                    .action("string")
                    .ruleId("string")
                    .enabled(false)
                    .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
                        .matchVariable("string")
                        .operator("string")
                        .selector("string")
                        .build())
                    .build())
                .build())
            .build())
        .name("string")
        .redirectUrl("string")
        .requestBodyCheckEnabled(false)
        .tags(Map.of("string", "string"))
        .build());
    
    frontdoor_firewall_policy_resource = azure.cdn.FrontdoorFirewallPolicy("frontdoorFirewallPolicyResource",
        mode="string",
        resource_group_name="string",
        sku_name="string",
        custom_block_response_body="string",
        custom_block_response_status_code=0,
        custom_rules=[{
            "action": "string",
            "name": "string",
            "type": "string",
            "enabled": False,
            "match_conditions": [{
                "match_values": ["string"],
                "match_variable": "string",
                "operator": "string",
                "negation_condition": False,
                "selector": "string",
                "transforms": ["string"],
            }],
            "priority": 0,
            "rate_limit_duration_in_minutes": 0,
            "rate_limit_threshold": 0,
        }],
        enabled=False,
        managed_rules=[{
            "action": "string",
            "type": "string",
            "version": "string",
            "exclusions": [{
                "match_variable": "string",
                "operator": "string",
                "selector": "string",
            }],
            "overrides": [{
                "rule_group_name": "string",
                "exclusions": [{
                    "match_variable": "string",
                    "operator": "string",
                    "selector": "string",
                }],
                "rules": [{
                    "action": "string",
                    "rule_id": "string",
                    "enabled": False,
                    "exclusions": [{
                        "match_variable": "string",
                        "operator": "string",
                        "selector": "string",
                    }],
                }],
            }],
        }],
        name="string",
        redirect_url="string",
        request_body_check_enabled=False,
        tags={
            "string": "string",
        })
    
    const frontdoorFirewallPolicyResource = new azure.cdn.FrontdoorFirewallPolicy("frontdoorFirewallPolicyResource", {
        mode: "string",
        resourceGroupName: "string",
        skuName: "string",
        customBlockResponseBody: "string",
        customBlockResponseStatusCode: 0,
        customRules: [{
            action: "string",
            name: "string",
            type: "string",
            enabled: false,
            matchConditions: [{
                matchValues: ["string"],
                matchVariable: "string",
                operator: "string",
                negationCondition: false,
                selector: "string",
                transforms: ["string"],
            }],
            priority: 0,
            rateLimitDurationInMinutes: 0,
            rateLimitThreshold: 0,
        }],
        enabled: false,
        managedRules: [{
            action: "string",
            type: "string",
            version: "string",
            exclusions: [{
                matchVariable: "string",
                operator: "string",
                selector: "string",
            }],
            overrides: [{
                ruleGroupName: "string",
                exclusions: [{
                    matchVariable: "string",
                    operator: "string",
                    selector: "string",
                }],
                rules: [{
                    action: "string",
                    ruleId: "string",
                    enabled: false,
                    exclusions: [{
                        matchVariable: "string",
                        operator: "string",
                        selector: "string",
                    }],
                }],
            }],
        }],
        name: "string",
        redirectUrl: "string",
        requestBodyCheckEnabled: false,
        tags: {
            string: "string",
        },
    });
    
    type: azure:cdn:FrontdoorFirewallPolicy
    properties:
        customBlockResponseBody: string
        customBlockResponseStatusCode: 0
        customRules:
            - action: string
              enabled: false
              matchConditions:
                - matchValues:
                    - string
                  matchVariable: string
                  negationCondition: false
                  operator: string
                  selector: string
                  transforms:
                    - string
              name: string
              priority: 0
              rateLimitDurationInMinutes: 0
              rateLimitThreshold: 0
              type: string
        enabled: false
        managedRules:
            - action: string
              exclusions:
                - matchVariable: string
                  operator: string
                  selector: string
              overrides:
                - exclusions:
                    - matchVariable: string
                      operator: string
                      selector: string
                  ruleGroupName: string
                  rules:
                    - action: string
                      enabled: false
                      exclusions:
                        - matchVariable: string
                          operator: string
                          selector: string
                      ruleId: string
              type: string
              version: string
        mode: string
        name: string
        redirectUrl: string
        requestBodyCheckEnabled: false
        resourceGroupName: string
        skuName: string
        tags:
            string: string
    

    FrontdoorFirewallPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The FrontdoorFirewallPolicy resource accepts the following input properties:

    Mode string
    The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
    ResourceGroupName string
    The name of the resource group. Changing this forces a new resource to be created.
    SkuName string

    The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

    NOTE: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy skus may contain both custom and managed rules.

    CustomBlockResponseBody string
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    CustomBlockResponseStatusCode int
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    CustomRules List<FrontdoorFirewallPolicyCustomRule>
    One or more custom_rule blocks as defined below.
    Enabled bool
    Is the Front Door Firewall Policy enabled? Defaults to true.
    ManagedRules List<FrontdoorFirewallPolicyManagedRule>
    One or more managed_rule blocks as defined below.
    Name string
    The name of the policy. Changing this forces a new resource to be created.
    RedirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    RequestBodyCheckEnabled bool

    Should policy managed rules inspect the request body content? Defaults to true.

    NOTE: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

    Tags Dictionary<string, string>
    A mapping of tags to assign to the Front Door Firewall Policy.
    Mode string
    The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
    ResourceGroupName string
    The name of the resource group. Changing this forces a new resource to be created.
    SkuName string

    The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

    NOTE: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy skus may contain both custom and managed rules.

    CustomBlockResponseBody string
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    CustomBlockResponseStatusCode int
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    CustomRules []FrontdoorFirewallPolicyCustomRuleArgs
    One or more custom_rule blocks as defined below.
    Enabled bool
    Is the Front Door Firewall Policy enabled? Defaults to true.
    ManagedRules []FrontdoorFirewallPolicyManagedRuleArgs
    One or more managed_rule blocks as defined below.
    Name string
    The name of the policy. Changing this forces a new resource to be created.
    RedirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    RequestBodyCheckEnabled bool

    Should policy managed rules inspect the request body content? Defaults to true.

    NOTE: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

    Tags map[string]string
    A mapping of tags to assign to the Front Door Firewall Policy.
    mode String
    The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
    resourceGroupName String
    The name of the resource group. Changing this forces a new resource to be created.
    skuName String

    The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

    NOTE: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy skus may contain both custom and managed rules.

    customBlockResponseBody String
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode Integer
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    customRules List<FrontdoorFirewallPolicyCustomRule>
    One or more custom_rule blocks as defined below.
    enabled Boolean
    Is the Front Door Firewall Policy enabled? Defaults to true.
    managedRules List<FrontdoorFirewallPolicyManagedRule>
    One or more managed_rule blocks as defined below.
    name String
    The name of the policy. Changing this forces a new resource to be created.
    redirectUrl String
    If action type is redirect, this field represents redirect URL for the client.
    requestBodyCheckEnabled Boolean

    Should policy managed rules inspect the request body content? Defaults to true.

    NOTE: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

    tags Map<String,String>
    A mapping of tags to assign to the Front Door Firewall Policy.
    mode string
    The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
    resourceGroupName string
    The name of the resource group. Changing this forces a new resource to be created.
    skuName string

    The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

    NOTE: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy skus may contain both custom and managed rules.

    customBlockResponseBody string
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode number
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    customRules FrontdoorFirewallPolicyCustomRule[]
    One or more custom_rule blocks as defined below.
    enabled boolean
    Is the Front Door Firewall Policy enabled? Defaults to true.
    managedRules FrontdoorFirewallPolicyManagedRule[]
    One or more managed_rule blocks as defined below.
    name string
    The name of the policy. Changing this forces a new resource to be created.
    redirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    requestBodyCheckEnabled boolean

    Should policy managed rules inspect the request body content? Defaults to true.

    NOTE: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

    tags {[key: string]: string}
    A mapping of tags to assign to the Front Door Firewall Policy.
    mode str
    The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
    resource_group_name str
    The name of the resource group. Changing this forces a new resource to be created.
    sku_name str

    The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

    NOTE: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy skus may contain both custom and managed rules.

    custom_block_response_body str
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    custom_block_response_status_code int
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    custom_rules Sequence[FrontdoorFirewallPolicyCustomRuleArgs]
    One or more custom_rule blocks as defined below.
    enabled bool
    Is the Front Door Firewall Policy enabled? Defaults to true.
    managed_rules Sequence[FrontdoorFirewallPolicyManagedRuleArgs]
    One or more managed_rule blocks as defined below.
    name str
    The name of the policy. Changing this forces a new resource to be created.
    redirect_url str
    If action type is redirect, this field represents redirect URL for the client.
    request_body_check_enabled bool

    Should policy managed rules inspect the request body content? Defaults to true.

    NOTE: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

    tags Mapping[str, str]
    A mapping of tags to assign to the Front Door Firewall Policy.
    mode String
    The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
    resourceGroupName String
    The name of the resource group. Changing this forces a new resource to be created.
    skuName String

    The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

    NOTE: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy skus may contain both custom and managed rules.

    customBlockResponseBody String
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode Number
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    customRules List<Property Map>
    One or more custom_rule blocks as defined below.
    enabled Boolean
    Is the Front Door Firewall Policy enabled? Defaults to true.
    managedRules List<Property Map>
    One or more managed_rule blocks as defined below.
    name String
    The name of the policy. Changing this forces a new resource to be created.
    redirectUrl String
    If action type is redirect, this field represents redirect URL for the client.
    requestBodyCheckEnabled Boolean

    Should policy managed rules inspect the request body content? Defaults to true.

    NOTE: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

    tags Map<String>
    A mapping of tags to assign to the Front Door Firewall Policy.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FrontdoorFirewallPolicy resource produces the following output properties:

    FrontendEndpointIds List<string>
    The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
    Id string
    The provider-assigned unique ID for this managed resource.
    FrontendEndpointIds []string
    The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
    Id string
    The provider-assigned unique ID for this managed resource.
    frontendEndpointIds List<String>
    The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
    id String
    The provider-assigned unique ID for this managed resource.
    frontendEndpointIds string[]
    The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
    id string
    The provider-assigned unique ID for this managed resource.
    frontend_endpoint_ids Sequence[str]
    The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
    id str
    The provider-assigned unique ID for this managed resource.
    frontendEndpointIds List<String>
    The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing FrontdoorFirewallPolicy Resource

    Get an existing FrontdoorFirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FrontdoorFirewallPolicyState, opts?: CustomResourceOptions): FrontdoorFirewallPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            custom_block_response_body: Optional[str] = None,
            custom_block_response_status_code: Optional[int] = None,
            custom_rules: Optional[Sequence[FrontdoorFirewallPolicyCustomRuleArgs]] = None,
            enabled: Optional[bool] = None,
            frontend_endpoint_ids: Optional[Sequence[str]] = None,
            managed_rules: Optional[Sequence[FrontdoorFirewallPolicyManagedRuleArgs]] = None,
            mode: Optional[str] = None,
            name: Optional[str] = None,
            redirect_url: Optional[str] = None,
            request_body_check_enabled: Optional[bool] = None,
            resource_group_name: Optional[str] = None,
            sku_name: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None) -> FrontdoorFirewallPolicy
    func GetFrontdoorFirewallPolicy(ctx *Context, name string, id IDInput, state *FrontdoorFirewallPolicyState, opts ...ResourceOption) (*FrontdoorFirewallPolicy, error)
    public static FrontdoorFirewallPolicy Get(string name, Input<string> id, FrontdoorFirewallPolicyState? state, CustomResourceOptions? opts = null)
    public static FrontdoorFirewallPolicy get(String name, Output<String> id, FrontdoorFirewallPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CustomBlockResponseBody string
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    CustomBlockResponseStatusCode int
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    CustomRules List<FrontdoorFirewallPolicyCustomRule>
    One or more custom_rule blocks as defined below.
    Enabled bool
    Is the Front Door Firewall Policy enabled? Defaults to true.
    FrontendEndpointIds List<string>
    The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
    ManagedRules List<FrontdoorFirewallPolicyManagedRule>
    One or more managed_rule blocks as defined below.
    Mode string
    The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
    Name string
    The name of the policy. Changing this forces a new resource to be created.
    RedirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    RequestBodyCheckEnabled bool

    Should policy managed rules inspect the request body content? Defaults to true.

    NOTE: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

    ResourceGroupName string
    The name of the resource group. Changing this forces a new resource to be created.
    SkuName string

    The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

    NOTE: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy skus may contain both custom and managed rules.

    Tags Dictionary<string, string>
    A mapping of tags to assign to the Front Door Firewall Policy.
    CustomBlockResponseBody string
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    CustomBlockResponseStatusCode int
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    CustomRules []FrontdoorFirewallPolicyCustomRuleArgs
    One or more custom_rule blocks as defined below.
    Enabled bool
    Is the Front Door Firewall Policy enabled? Defaults to true.
    FrontendEndpointIds []string
    The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
    ManagedRules []FrontdoorFirewallPolicyManagedRuleArgs
    One or more managed_rule blocks as defined below.
    Mode string
    The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
    Name string
    The name of the policy. Changing this forces a new resource to be created.
    RedirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    RequestBodyCheckEnabled bool

    Should policy managed rules inspect the request body content? Defaults to true.

    NOTE: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

    ResourceGroupName string
    The name of the resource group. Changing this forces a new resource to be created.
    SkuName string

    The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

    NOTE: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy skus may contain both custom and managed rules.

    Tags map[string]string
    A mapping of tags to assign to the Front Door Firewall Policy.
    customBlockResponseBody String
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode Integer
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    customRules List<FrontdoorFirewallPolicyCustomRule>
    One or more custom_rule blocks as defined below.
    enabled Boolean
    Is the Front Door Firewall Policy enabled? Defaults to true.
    frontendEndpointIds List<String>
    The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
    managedRules List<FrontdoorFirewallPolicyManagedRule>
    One or more managed_rule blocks as defined below.
    mode String
    The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
    name String
    The name of the policy. Changing this forces a new resource to be created.
    redirectUrl String
    If action type is redirect, this field represents redirect URL for the client.
    requestBodyCheckEnabled Boolean

    Should policy managed rules inspect the request body content? Defaults to true.

    NOTE: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

    resourceGroupName String
    The name of the resource group. Changing this forces a new resource to be created.
    skuName String

    The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

    NOTE: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy skus may contain both custom and managed rules.

    tags Map<String,String>
    A mapping of tags to assign to the Front Door Firewall Policy.
    customBlockResponseBody string
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode number
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    customRules FrontdoorFirewallPolicyCustomRule[]
    One or more custom_rule blocks as defined below.
    enabled boolean
    Is the Front Door Firewall Policy enabled? Defaults to true.
    frontendEndpointIds string[]
    The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
    managedRules FrontdoorFirewallPolicyManagedRule[]
    One or more managed_rule blocks as defined below.
    mode string
    The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
    name string
    The name of the policy. Changing this forces a new resource to be created.
    redirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    requestBodyCheckEnabled boolean

    Should policy managed rules inspect the request body content? Defaults to true.

    NOTE: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

    resourceGroupName string
    The name of the resource group. Changing this forces a new resource to be created.
    skuName string

    The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

    NOTE: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy skus may contain both custom and managed rules.

    tags {[key: string]: string}
    A mapping of tags to assign to the Front Door Firewall Policy.
    custom_block_response_body str
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    custom_block_response_status_code int
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    custom_rules Sequence[FrontdoorFirewallPolicyCustomRuleArgs]
    One or more custom_rule blocks as defined below.
    enabled bool
    Is the Front Door Firewall Policy enabled? Defaults to true.
    frontend_endpoint_ids Sequence[str]
    The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
    managed_rules Sequence[FrontdoorFirewallPolicyManagedRuleArgs]
    One or more managed_rule blocks as defined below.
    mode str
    The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
    name str
    The name of the policy. Changing this forces a new resource to be created.
    redirect_url str
    If action type is redirect, this field represents redirect URL for the client.
    request_body_check_enabled bool

    Should policy managed rules inspect the request body content? Defaults to true.

    NOTE: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

    resource_group_name str
    The name of the resource group. Changing this forces a new resource to be created.
    sku_name str

    The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

    NOTE: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy skus may contain both custom and managed rules.

    tags Mapping[str, str]
    A mapping of tags to assign to the Front Door Firewall Policy.
    customBlockResponseBody String
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode Number
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    customRules List<Property Map>
    One or more custom_rule blocks as defined below.
    enabled Boolean
    Is the Front Door Firewall Policy enabled? Defaults to true.
    frontendEndpointIds List<String>
    The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
    managedRules List<Property Map>
    One or more managed_rule blocks as defined below.
    mode String
    The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
    name String
    The name of the policy. Changing this forces a new resource to be created.
    redirectUrl String
    If action type is redirect, this field represents redirect URL for the client.
    requestBodyCheckEnabled Boolean

    Should policy managed rules inspect the request body content? Defaults to true.

    NOTE: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

    resourceGroupName String
    The name of the resource group. Changing this forces a new resource to be created.
    skuName String

    The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

    NOTE: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy skus may contain both custom and managed rules.

    tags Map<String>
    A mapping of tags to assign to the Front Door Firewall Policy.

    Supporting Types

    FrontdoorFirewallPolicyCustomRule, FrontdoorFirewallPolicyCustomRuleArgs

    Action string
    The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
    Name string
    Gets name of the resource that is unique within a policy. This name can be used to access the resource.
    Type string
    The type of rule. Possible values are MatchRule or RateLimitRule.
    Enabled bool
    Is the rule is enabled or disabled? Defaults to true.
    MatchConditions List<FrontdoorFirewallPolicyCustomRuleMatchCondition>
    One or more match_condition block defined below. Can support up to 10 match_condition blocks.
    Priority int
    The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
    RateLimitDurationInMinutes int
    The rate limit duration in minutes. Defaults to 1.
    RateLimitThreshold int
    The rate limit threshold. Defaults to 10.
    Action string
    The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
    Name string
    Gets name of the resource that is unique within a policy. This name can be used to access the resource.
    Type string
    The type of rule. Possible values are MatchRule or RateLimitRule.
    Enabled bool
    Is the rule is enabled or disabled? Defaults to true.
    MatchConditions []FrontdoorFirewallPolicyCustomRuleMatchCondition
    One or more match_condition block defined below. Can support up to 10 match_condition blocks.
    Priority int
    The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
    RateLimitDurationInMinutes int
    The rate limit duration in minutes. Defaults to 1.
    RateLimitThreshold int
    The rate limit threshold. Defaults to 10.
    action String
    The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
    name String
    Gets name of the resource that is unique within a policy. This name can be used to access the resource.
    type String
    The type of rule. Possible values are MatchRule or RateLimitRule.
    enabled Boolean
    Is the rule is enabled or disabled? Defaults to true.
    matchConditions List<FrontdoorFirewallPolicyCustomRuleMatchCondition>
    One or more match_condition block defined below. Can support up to 10 match_condition blocks.
    priority Integer
    The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
    rateLimitDurationInMinutes Integer
    The rate limit duration in minutes. Defaults to 1.
    rateLimitThreshold Integer
    The rate limit threshold. Defaults to 10.
    action string
    The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
    name string
    Gets name of the resource that is unique within a policy. This name can be used to access the resource.
    type string
    The type of rule. Possible values are MatchRule or RateLimitRule.
    enabled boolean
    Is the rule is enabled or disabled? Defaults to true.
    matchConditions FrontdoorFirewallPolicyCustomRuleMatchCondition[]
    One or more match_condition block defined below. Can support up to 10 match_condition blocks.
    priority number
    The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
    rateLimitDurationInMinutes number
    The rate limit duration in minutes. Defaults to 1.
    rateLimitThreshold number
    The rate limit threshold. Defaults to 10.
    action str
    The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
    name str
    Gets name of the resource that is unique within a policy. This name can be used to access the resource.
    type str
    The type of rule. Possible values are MatchRule or RateLimitRule.
    enabled bool
    Is the rule is enabled or disabled? Defaults to true.
    match_conditions Sequence[FrontdoorFirewallPolicyCustomRuleMatchCondition]
    One or more match_condition block defined below. Can support up to 10 match_condition blocks.
    priority int
    The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
    rate_limit_duration_in_minutes int
    The rate limit duration in minutes. Defaults to 1.
    rate_limit_threshold int
    The rate limit threshold. Defaults to 10.
    action String
    The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
    name String
    Gets name of the resource that is unique within a policy. This name can be used to access the resource.
    type String
    The type of rule. Possible values are MatchRule or RateLimitRule.
    enabled Boolean
    Is the rule is enabled or disabled? Defaults to true.
    matchConditions List<Property Map>
    One or more match_condition block defined below. Can support up to 10 match_condition blocks.
    priority Number
    The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
    rateLimitDurationInMinutes Number
    The rate limit duration in minutes. Defaults to 1.
    rateLimitThreshold Number
    The rate limit threshold. Defaults to 10.

    FrontdoorFirewallPolicyCustomRuleMatchCondition, FrontdoorFirewallPolicyCustomRuleMatchConditionArgs

    MatchValues List<string>
    Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.
    MatchVariable string
    The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
    Operator string
    Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
    NegationCondition bool
    Should the result of the condition be negated.
    Selector string
    Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
    Transforms List<string>
    Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode or URLEncode.
    MatchValues []string
    Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.
    MatchVariable string
    The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
    Operator string
    Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
    NegationCondition bool
    Should the result of the condition be negated.
    Selector string
    Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
    Transforms []string
    Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode or URLEncode.
    matchValues List<String>
    Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.
    matchVariable String
    The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
    operator String
    Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
    negationCondition Boolean
    Should the result of the condition be negated.
    selector String
    Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
    transforms List<String>
    Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode or URLEncode.
    matchValues string[]
    Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.
    matchVariable string
    The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
    operator string
    Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
    negationCondition boolean
    Should the result of the condition be negated.
    selector string
    Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
    transforms string[]
    Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode or URLEncode.
    match_values Sequence[str]
    Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.
    match_variable str
    The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
    operator str
    Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
    negation_condition bool
    Should the result of the condition be negated.
    selector str
    Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
    transforms Sequence[str]
    Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode or URLEncode.
    matchValues List<String>
    Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.
    matchVariable String
    The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
    operator String
    Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
    negationCondition Boolean
    Should the result of the condition be negated.
    selector String
    Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
    transforms List<String>
    Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode or URLEncode.

    FrontdoorFirewallPolicyManagedRule, FrontdoorFirewallPolicyManagedRuleArgs

    Action string
    The action to perform for all DRS rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the DRS you are using. Possible values include Allow, Log, Block, and Redirect.
    Type string
    The name of the managed rule to use with this resource. Possible values include DefaultRuleSet, Microsoft_DefaultRuleSet, BotProtection or Microsoft_BotManagerRuleSet.
    Version string
    The version of the managed rule to use with this resource. Possible values depends on which DRS type you are using, for the DefaultRuleSet type the possible values include 1.0 or preview-0.1. For Microsoft_DefaultRuleSet the possible values include 1.1, 2.0 or 2.1. For BotProtection the value must be preview-0.1 and for Microsoft_BotManagerRuleSet the value must be 1.0.
    Exclusions List<FrontdoorFirewallPolicyManagedRuleExclusion>
    One or more exclusion blocks as defined below.
    Overrides List<FrontdoorFirewallPolicyManagedRuleOverride>
    One or more override blocks as defined below.
    Action string
    The action to perform for all DRS rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the DRS you are using. Possible values include Allow, Log, Block, and Redirect.
    Type string
    The name of the managed rule to use with this resource. Possible values include DefaultRuleSet, Microsoft_DefaultRuleSet, BotProtection or Microsoft_BotManagerRuleSet.
    Version string
    The version of the managed rule to use with this resource. Possible values depends on which DRS type you are using, for the DefaultRuleSet type the possible values include 1.0 or preview-0.1. For Microsoft_DefaultRuleSet the possible values include 1.1, 2.0 or 2.1. For BotProtection the value must be preview-0.1 and for Microsoft_BotManagerRuleSet the value must be 1.0.
    Exclusions []FrontdoorFirewallPolicyManagedRuleExclusion
    One or more exclusion blocks as defined below.
    Overrides []FrontdoorFirewallPolicyManagedRuleOverride
    One or more override blocks as defined below.
    action String
    The action to perform for all DRS rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the DRS you are using. Possible values include Allow, Log, Block, and Redirect.
    type String
    The name of the managed rule to use with this resource. Possible values include DefaultRuleSet, Microsoft_DefaultRuleSet, BotProtection or Microsoft_BotManagerRuleSet.
    version String
    The version of the managed rule to use with this resource. Possible values depends on which DRS type you are using, for the DefaultRuleSet type the possible values include 1.0 or preview-0.1. For Microsoft_DefaultRuleSet the possible values include 1.1, 2.0 or 2.1. For BotProtection the value must be preview-0.1 and for Microsoft_BotManagerRuleSet the value must be 1.0.
    exclusions List<FrontdoorFirewallPolicyManagedRuleExclusion>
    One or more exclusion blocks as defined below.
    overrides List<FrontdoorFirewallPolicyManagedRuleOverride>
    One or more override blocks as defined below.
    action string
    The action to perform for all DRS rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the DRS you are using. Possible values include Allow, Log, Block, and Redirect.
    type string
    The name of the managed rule to use with this resource. Possible values include DefaultRuleSet, Microsoft_DefaultRuleSet, BotProtection or Microsoft_BotManagerRuleSet.
    version string
    The version of the managed rule to use with this resource. Possible values depends on which DRS type you are using, for the DefaultRuleSet type the possible values include 1.0 or preview-0.1. For Microsoft_DefaultRuleSet the possible values include 1.1, 2.0 or 2.1. For BotProtection the value must be preview-0.1 and for Microsoft_BotManagerRuleSet the value must be 1.0.
    exclusions FrontdoorFirewallPolicyManagedRuleExclusion[]
    One or more exclusion blocks as defined below.
    overrides FrontdoorFirewallPolicyManagedRuleOverride[]
    One or more override blocks as defined below.
    action str
    The action to perform for all DRS rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the DRS you are using. Possible values include Allow, Log, Block, and Redirect.
    type str
    The name of the managed rule to use with this resource. Possible values include DefaultRuleSet, Microsoft_DefaultRuleSet, BotProtection or Microsoft_BotManagerRuleSet.
    version str
    The version of the managed rule to use with this resource. Possible values depends on which DRS type you are using, for the DefaultRuleSet type the possible values include 1.0 or preview-0.1. For Microsoft_DefaultRuleSet the possible values include 1.1, 2.0 or 2.1. For BotProtection the value must be preview-0.1 and for Microsoft_BotManagerRuleSet the value must be 1.0.
    exclusions Sequence[FrontdoorFirewallPolicyManagedRuleExclusion]
    One or more exclusion blocks as defined below.
    overrides Sequence[FrontdoorFirewallPolicyManagedRuleOverride]
    One or more override blocks as defined below.
    action String
    The action to perform for all DRS rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the DRS you are using. Possible values include Allow, Log, Block, and Redirect.
    type String
    The name of the managed rule to use with this resource. Possible values include DefaultRuleSet, Microsoft_DefaultRuleSet, BotProtection or Microsoft_BotManagerRuleSet.
    version String
    The version of the managed rule to use with this resource. Possible values depends on which DRS type you are using, for the DefaultRuleSet type the possible values include 1.0 or preview-0.1. For Microsoft_DefaultRuleSet the possible values include 1.1, 2.0 or 2.1. For BotProtection the value must be preview-0.1 and for Microsoft_BotManagerRuleSet the value must be 1.0.
    exclusions List<Property Map>
    One or more exclusion blocks as defined below.
    overrides List<Property Map>
    One or more override blocks as defined below.

    FrontdoorFirewallPolicyManagedRuleExclusion, FrontdoorFirewallPolicyManagedRuleExclusionArgs

    MatchVariable string

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    Operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    Selector string

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    MatchVariable string

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    Operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    Selector string

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    matchVariable String

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    operator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector String

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    matchVariable string

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector string

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    match_variable str

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    operator str
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector str

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    matchVariable String

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    operator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector String

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    FrontdoorFirewallPolicyManagedRuleOverride, FrontdoorFirewallPolicyManagedRuleOverrideArgs

    RuleGroupName string
    The managed rule group to override.
    Exclusions List<FrontdoorFirewallPolicyManagedRuleOverrideExclusion>
    One or more exclusion blocks as defined below.
    Rules List<FrontdoorFirewallPolicyManagedRuleOverrideRule>
    One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
    RuleGroupName string
    The managed rule group to override.
    Exclusions []FrontdoorFirewallPolicyManagedRuleOverrideExclusion
    One or more exclusion blocks as defined below.
    Rules []FrontdoorFirewallPolicyManagedRuleOverrideRule
    One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
    ruleGroupName String
    The managed rule group to override.
    exclusions List<FrontdoorFirewallPolicyManagedRuleOverrideExclusion>
    One or more exclusion blocks as defined below.
    rules List<FrontdoorFirewallPolicyManagedRuleOverrideRule>
    One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
    ruleGroupName string
    The managed rule group to override.
    exclusions FrontdoorFirewallPolicyManagedRuleOverrideExclusion[]
    One or more exclusion blocks as defined below.
    rules FrontdoorFirewallPolicyManagedRuleOverrideRule[]
    One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
    rule_group_name str
    The managed rule group to override.
    exclusions Sequence[FrontdoorFirewallPolicyManagedRuleOverrideExclusion]
    One or more exclusion blocks as defined below.
    rules Sequence[FrontdoorFirewallPolicyManagedRuleOverrideRule]
    One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
    ruleGroupName String
    The managed rule group to override.
    exclusions List<Property Map>
    One or more exclusion blocks as defined below.
    rules List<Property Map>
    One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

    FrontdoorFirewallPolicyManagedRuleOverrideExclusion, FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs

    MatchVariable string

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    Operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    Selector string

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    MatchVariable string

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    Operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    Selector string

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    matchVariable String

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    operator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector String

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    matchVariable string

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector string

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    match_variable str

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    operator str
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector str

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    matchVariable String

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    operator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector String

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    FrontdoorFirewallPolicyManagedRuleOverrideRule, FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs

    Action string

    The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DRS 1.1 and below are Allow, Log, Block, and Redirect. For DRS 2.0 and above the possible values are Log or AnomalyScoring.

    ->NOTE: Please see the DRS product documentation for more information.

    RuleId string
    Identifier for the managed rule.
    Enabled bool
    Is the managed rule override enabled or disabled. Defaults to false
    Exclusions List<FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion>
    One or more exclusion blocks as defined below.
    Action string

    The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DRS 1.1 and below are Allow, Log, Block, and Redirect. For DRS 2.0 and above the possible values are Log or AnomalyScoring.

    ->NOTE: Please see the DRS product documentation for more information.

    RuleId string
    Identifier for the managed rule.
    Enabled bool
    Is the managed rule override enabled or disabled. Defaults to false
    Exclusions []FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion
    One or more exclusion blocks as defined below.
    action String

    The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DRS 1.1 and below are Allow, Log, Block, and Redirect. For DRS 2.0 and above the possible values are Log or AnomalyScoring.

    ->NOTE: Please see the DRS product documentation for more information.

    ruleId String
    Identifier for the managed rule.
    enabled Boolean
    Is the managed rule override enabled or disabled. Defaults to false
    exclusions List<FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion>
    One or more exclusion blocks as defined below.
    action string

    The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DRS 1.1 and below are Allow, Log, Block, and Redirect. For DRS 2.0 and above the possible values are Log or AnomalyScoring.

    ->NOTE: Please see the DRS product documentation for more information.

    ruleId string
    Identifier for the managed rule.
    enabled boolean
    Is the managed rule override enabled or disabled. Defaults to false
    exclusions FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion[]
    One or more exclusion blocks as defined below.
    action str

    The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DRS 1.1 and below are Allow, Log, Block, and Redirect. For DRS 2.0 and above the possible values are Log or AnomalyScoring.

    ->NOTE: Please see the DRS product documentation for more information.

    rule_id str
    Identifier for the managed rule.
    enabled bool
    Is the managed rule override enabled or disabled. Defaults to false
    exclusions Sequence[FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion]
    One or more exclusion blocks as defined below.
    action String

    The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DRS 1.1 and below are Allow, Log, Block, and Redirect. For DRS 2.0 and above the possible values are Log or AnomalyScoring.

    ->NOTE: Please see the DRS product documentation for more information.

    ruleId String
    Identifier for the managed rule.
    enabled Boolean
    Is the managed rule override enabled or disabled. Defaults to false
    exclusions List<Property Map>
    One or more exclusion blocks as defined below.

    FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion, FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs

    MatchVariable string

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    Operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    Selector string

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    MatchVariable string

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    Operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    Selector string

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    matchVariable String

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    operator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector String

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    matchVariable string

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector string

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    match_variable str

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    operator str
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector str

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    matchVariable String

    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

    NOTE: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

    operator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector String

    Selector for the value in the match_variable attribute this exclusion applies to.

    NOTE: selector must be set to * if operator is set to EqualsAny.

    Import

    Front Door Firewall Policies can be imported using the resource id, e.g.

    $ pulumi import azure:cdn/frontdoorFirewallPolicy:FrontdoorFirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/firewallPolicy1
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi