We recommend using Azure Native.
azure.frontdoor.FirewallPolicy
Explore with Pulumi AI
!> IMPORTANT This deploys an Azure Front Door (classic) resource which has been deprecated and will receive security updates only. Please migrate your existing Azure Front Door (classic) deployments to the new Azure Front Door (standard/premium) resources. For your convenience, the service team has exposed a Front Door Classic
to Front Door Standard/Premium
migration tool to allow you to migrate your existing Front Door Classic
instances to the new Front Door Standard/Premium
product tiers.
Manages an Azure Front Door (classic) Web Application Firewall Policy instance.
!> Be Aware: Azure is rolling out a breaking change on Friday 9th April 2021 which may cause issues with the CDN/FrontDoor resources. More information is available in this GitHub issue - however unfortunately this may necessitate a breaking change to the CDN and Front Door resources, more information will be posted in the GitHub issue as the necessary changes are identified.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-rg",
location: "West Europe",
});
const exampleFirewallPolicy = new azure.frontdoor.FirewallPolicy("example", {
name: "examplefdwafpolicy",
resourceGroupName: example.name,
enabled: true,
mode: "Prevention",
redirectUrl: "https://www.contoso.com",
customBlockResponseStatusCode: 403,
customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
customRules: [
{
name: "Rule1",
enabled: true,
priority: 1,
rateLimitDurationInMinutes: 1,
rateLimitThreshold: 10,
type: "MatchRule",
action: "Block",
matchConditions: [{
matchVariable: "RemoteAddr",
operator: "IPMatch",
negationCondition: false,
matchValues: [
"192.168.1.0/24",
"10.0.0.0/24",
],
}],
},
{
name: "Rule2",
enabled: true,
priority: 2,
rateLimitDurationInMinutes: 1,
rateLimitThreshold: 10,
type: "MatchRule",
action: "Block",
matchConditions: [
{
matchVariable: "RemoteAddr",
operator: "IPMatch",
negationCondition: false,
matchValues: ["192.168.1.0/24"],
},
{
matchVariable: "RequestHeader",
selector: "UserAgent",
operator: "Contains",
negationCondition: false,
matchValues: ["windows"],
transforms: [
"Lowercase",
"Trim",
],
},
],
},
],
managedRules: [
{
type: "DefaultRuleSet",
version: "1.0",
exclusions: [{
matchVariable: "QueryStringArgNames",
operator: "Equals",
selector: "not_suspicious",
}],
overrides: [
{
ruleGroupName: "PHP",
rules: [{
ruleId: "933100",
enabled: false,
action: "Block",
}],
},
{
ruleGroupName: "SQLI",
exclusions: [{
matchVariable: "QueryStringArgNames",
operator: "Equals",
selector: "really_not_suspicious",
}],
rules: [{
ruleId: "942200",
action: "Block",
exclusions: [{
matchVariable: "QueryStringArgNames",
operator: "Equals",
selector: "innocent",
}],
}],
},
],
},
{
type: "Microsoft_BotManagerRuleSet",
version: "1.0",
},
],
});
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-rg",
location="West Europe")
example_firewall_policy = azure.frontdoor.FirewallPolicy("example",
name="examplefdwafpolicy",
resource_group_name=example.name,
enabled=True,
mode="Prevention",
redirect_url="https://www.contoso.com",
custom_block_response_status_code=403,
custom_block_response_body="PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
custom_rules=[
{
"name": "Rule1",
"enabled": True,
"priority": 1,
"rate_limit_duration_in_minutes": 1,
"rate_limit_threshold": 10,
"type": "MatchRule",
"action": "Block",
"match_conditions": [{
"match_variable": "RemoteAddr",
"operator": "IPMatch",
"negation_condition": False,
"match_values": [
"192.168.1.0/24",
"10.0.0.0/24",
],
}],
},
{
"name": "Rule2",
"enabled": True,
"priority": 2,
"rate_limit_duration_in_minutes": 1,
"rate_limit_threshold": 10,
"type": "MatchRule",
"action": "Block",
"match_conditions": [
{
"match_variable": "RemoteAddr",
"operator": "IPMatch",
"negation_condition": False,
"match_values": ["192.168.1.0/24"],
},
{
"match_variable": "RequestHeader",
"selector": "UserAgent",
"operator": "Contains",
"negation_condition": False,
"match_values": ["windows"],
"transforms": [
"Lowercase",
"Trim",
],
},
],
},
],
managed_rules=[
{
"type": "DefaultRuleSet",
"version": "1.0",
"exclusions": [{
"match_variable": "QueryStringArgNames",
"operator": "Equals",
"selector": "not_suspicious",
}],
"overrides": [
{
"rule_group_name": "PHP",
"rules": [{
"rule_id": "933100",
"enabled": False,
"action": "Block",
}],
},
{
"rule_group_name": "SQLI",
"exclusions": [{
"match_variable": "QueryStringArgNames",
"operator": "Equals",
"selector": "really_not_suspicious",
}],
"rules": [{
"rule_id": "942200",
"action": "Block",
"exclusions": [{
"match_variable": "QueryStringArgNames",
"operator": "Equals",
"selector": "innocent",
}],
}],
},
],
},
{
"type": "Microsoft_BotManagerRuleSet",
"version": "1.0",
},
])
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/frontdoor"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-rg"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
_, err = frontdoor.NewFirewallPolicy(ctx, "example", &frontdoor.FirewallPolicyArgs{
Name: pulumi.String("examplefdwafpolicy"),
ResourceGroupName: example.Name,
Enabled: pulumi.Bool(true),
Mode: pulumi.String("Prevention"),
RedirectUrl: pulumi.String("https://www.contoso.com"),
CustomBlockResponseStatusCode: pulumi.Int(403),
CustomBlockResponseBody: pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
CustomRules: frontdoor.FirewallPolicyCustomRuleArray{
&frontdoor.FirewallPolicyCustomRuleArgs{
Name: pulumi.String("Rule1"),
Enabled: pulumi.Bool(true),
Priority: pulumi.Int(1),
RateLimitDurationInMinutes: pulumi.Int(1),
RateLimitThreshold: pulumi.Int(10),
Type: pulumi.String("MatchRule"),
Action: pulumi.String("Block"),
MatchConditions: frontdoor.FirewallPolicyCustomRuleMatchConditionArray{
&frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RemoteAddr"),
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
pulumi.String("10.0.0.0/24"),
},
},
},
},
&frontdoor.FirewallPolicyCustomRuleArgs{
Name: pulumi.String("Rule2"),
Enabled: pulumi.Bool(true),
Priority: pulumi.Int(2),
RateLimitDurationInMinutes: pulumi.Int(1),
RateLimitThreshold: pulumi.Int(10),
Type: pulumi.String("MatchRule"),
Action: pulumi.String("Block"),
MatchConditions: frontdoor.FirewallPolicyCustomRuleMatchConditionArray{
&frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RemoteAddr"),
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
},
},
&frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RequestHeader"),
Selector: pulumi.String("UserAgent"),
Operator: pulumi.String("Contains"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("windows"),
},
Transforms: pulumi.StringArray{
pulumi.String("Lowercase"),
pulumi.String("Trim"),
},
},
},
},
},
ManagedRules: frontdoor.FirewallPolicyManagedRuleArray{
&frontdoor.FirewallPolicyManagedRuleArgs{
Type: pulumi.String("DefaultRuleSet"),
Version: pulumi.String("1.0"),
Exclusions: frontdoor.FirewallPolicyManagedRuleExclusionArray{
&frontdoor.FirewallPolicyManagedRuleExclusionArgs{
MatchVariable: pulumi.String("QueryStringArgNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("not_suspicious"),
},
},
Overrides: frontdoor.FirewallPolicyManagedRuleOverrideArray{
&frontdoor.FirewallPolicyManagedRuleOverrideArgs{
RuleGroupName: pulumi.String("PHP"),
Rules: frontdoor.FirewallPolicyManagedRuleOverrideRuleArray{
&frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs{
RuleId: pulumi.String("933100"),
Enabled: pulumi.Bool(false),
Action: pulumi.String("Block"),
},
},
},
&frontdoor.FirewallPolicyManagedRuleOverrideArgs{
RuleGroupName: pulumi.String("SQLI"),
Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideExclusionArray{
&frontdoor.FirewallPolicyManagedRuleOverrideExclusionArgs{
MatchVariable: pulumi.String("QueryStringArgNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("really_not_suspicious"),
},
},
Rules: frontdoor.FirewallPolicyManagedRuleOverrideRuleArray{
&frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs{
RuleId: pulumi.String("942200"),
Action: pulumi.String("Block"),
Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArray{
&frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArgs{
MatchVariable: pulumi.String("QueryStringArgNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("innocent"),
},
},
},
},
},
},
},
&frontdoor.FirewallPolicyManagedRuleArgs{
Type: pulumi.String("Microsoft_BotManagerRuleSet"),
Version: pulumi.String("1.0"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-rg",
Location = "West Europe",
});
var exampleFirewallPolicy = new Azure.FrontDoor.FirewallPolicy("example", new()
{
Name = "examplefdwafpolicy",
ResourceGroupName = example.Name,
Enabled = true,
Mode = "Prevention",
RedirectUrl = "https://www.contoso.com",
CustomBlockResponseStatusCode = 403,
CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
CustomRules = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleArgs
{
Name = "Rule1",
Enabled = true,
Priority = 1,
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 10,
Type = "MatchRule",
Action = "Block",
MatchConditions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RemoteAddr",
Operator = "IPMatch",
NegationCondition = false,
MatchValues = new[]
{
"192.168.1.0/24",
"10.0.0.0/24",
},
},
},
},
new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleArgs
{
Name = "Rule2",
Enabled = true,
Priority = 2,
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 10,
Type = "MatchRule",
Action = "Block",
MatchConditions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RemoteAddr",
Operator = "IPMatch",
NegationCondition = false,
MatchValues = new[]
{
"192.168.1.0/24",
},
},
new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RequestHeader",
Selector = "UserAgent",
Operator = "Contains",
NegationCondition = false,
MatchValues = new[]
{
"windows",
},
Transforms = new[]
{
"Lowercase",
"Trim",
},
},
},
},
},
ManagedRules = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleArgs
{
Type = "DefaultRuleSet",
Version = "1.0",
Exclusions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleExclusionArgs
{
MatchVariable = "QueryStringArgNames",
Operator = "Equals",
Selector = "not_suspicious",
},
},
Overrides = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideArgs
{
RuleGroupName = "PHP",
Rules = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleArgs
{
RuleId = "933100",
Enabled = false,
Action = "Block",
},
},
},
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideArgs
{
RuleGroupName = "SQLI",
Exclusions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideExclusionArgs
{
MatchVariable = "QueryStringArgNames",
Operator = "Equals",
Selector = "really_not_suspicious",
},
},
Rules = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleArgs
{
RuleId = "942200",
Action = "Block",
Exclusions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleExclusionArgs
{
MatchVariable = "QueryStringArgNames",
Operator = "Equals",
Selector = "innocent",
},
},
},
},
},
},
},
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleArgs
{
Type = "Microsoft_BotManagerRuleSet",
Version = "1.0",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.frontdoor.FirewallPolicy;
import com.pulumi.azure.frontdoor.FirewallPolicyArgs;
import com.pulumi.azure.frontdoor.inputs.FirewallPolicyCustomRuleArgs;
import com.pulumi.azure.frontdoor.inputs.FirewallPolicyManagedRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-rg")
.location("West Europe")
.build());
var exampleFirewallPolicy = new FirewallPolicy("exampleFirewallPolicy", FirewallPolicyArgs.builder()
.name("examplefdwafpolicy")
.resourceGroupName(example.name())
.enabled(true)
.mode("Prevention")
.redirectUrl("https://www.contoso.com")
.customBlockResponseStatusCode(403)
.customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
.customRules(
FirewallPolicyCustomRuleArgs.builder()
.name("Rule1")
.enabled(true)
.priority(1)
.rateLimitDurationInMinutes(1)
.rateLimitThreshold(10)
.type("MatchRule")
.action("Block")
.matchConditions(FirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RemoteAddr")
.operator("IPMatch")
.negationCondition(false)
.matchValues(
"192.168.1.0/24",
"10.0.0.0/24")
.build())
.build(),
FirewallPolicyCustomRuleArgs.builder()
.name("Rule2")
.enabled(true)
.priority(2)
.rateLimitDurationInMinutes(1)
.rateLimitThreshold(10)
.type("MatchRule")
.action("Block")
.matchConditions(
FirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RemoteAddr")
.operator("IPMatch")
.negationCondition(false)
.matchValues("192.168.1.0/24")
.build(),
FirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RequestHeader")
.selector("UserAgent")
.operator("Contains")
.negationCondition(false)
.matchValues("windows")
.transforms(
"Lowercase",
"Trim")
.build())
.build())
.managedRules(
FirewallPolicyManagedRuleArgs.builder()
.type("DefaultRuleSet")
.version("1.0")
.exclusions(FirewallPolicyManagedRuleExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("not_suspicious")
.build())
.overrides(
FirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("PHP")
.rules(FirewallPolicyManagedRuleOverrideRuleArgs.builder()
.ruleId("933100")
.enabled(false)
.action("Block")
.build())
.build(),
FirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("SQLI")
.exclusions(FirewallPolicyManagedRuleOverrideExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("really_not_suspicious")
.build())
.rules(FirewallPolicyManagedRuleOverrideRuleArgs.builder()
.ruleId("942200")
.action("Block")
.exclusions(FirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("innocent")
.build())
.build())
.build())
.build(),
FirewallPolicyManagedRuleArgs.builder()
.type("Microsoft_BotManagerRuleSet")
.version("1.0")
.build())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-rg
location: West Europe
exampleFirewallPolicy:
type: azure:frontdoor:FirewallPolicy
name: example
properties:
name: examplefdwafpolicy
resourceGroupName: ${example.name}
enabled: true
mode: Prevention
redirectUrl: https://www.contoso.com
customBlockResponseStatusCode: 403
customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
customRules:
- name: Rule1
enabled: true
priority: 1
rateLimitDurationInMinutes: 1
rateLimitThreshold: 10
type: MatchRule
action: Block
matchConditions:
- matchVariable: RemoteAddr
operator: IPMatch
negationCondition: false
matchValues:
- 192.168.1.0/24
- 10.0.0.0/24
- name: Rule2
enabled: true
priority: 2
rateLimitDurationInMinutes: 1
rateLimitThreshold: 10
type: MatchRule
action: Block
matchConditions:
- matchVariable: RemoteAddr
operator: IPMatch
negationCondition: false
matchValues:
- 192.168.1.0/24
- matchVariable: RequestHeader
selector: UserAgent
operator: Contains
negationCondition: false
matchValues:
- windows
transforms:
- Lowercase
- Trim
managedRules:
- type: DefaultRuleSet
version: '1.0'
exclusions:
- matchVariable: QueryStringArgNames
operator: Equals
selector: not_suspicious
overrides:
- ruleGroupName: PHP
rules:
- ruleId: '933100'
enabled: false
action: Block
- ruleGroupName: SQLI
exclusions:
- matchVariable: QueryStringArgNames
operator: Equals
selector: really_not_suspicious
rules:
- ruleId: '942200'
action: Block
exclusions:
- matchVariable: QueryStringArgNames
operator: Equals
selector: innocent
- type: Microsoft_BotManagerRuleSet
version: '1.0'
Create FirewallPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);
@overload
def FirewallPolicy(resource_name: str,
args: FirewallPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FirewallPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_group_name: Optional[str] = None,
custom_block_response_body: Optional[str] = None,
custom_block_response_status_code: Optional[int] = None,
custom_rules: Optional[Sequence[FirewallPolicyCustomRuleArgs]] = None,
enabled: Optional[bool] = None,
managed_rules: Optional[Sequence[FirewallPolicyManagedRuleArgs]] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
redirect_url: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)
public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)
public FirewallPolicy(String name, FirewallPolicyArgs args)
public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)
type: azure:frontdoor:FirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallPolicyResource = new Azure.FrontDoor.FirewallPolicy("firewallPolicyResource", new()
{
ResourceGroupName = "string",
CustomBlockResponseBody = "string",
CustomBlockResponseStatusCode = 0,
CustomRules = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleArgs
{
Action = "string",
Name = "string",
Type = "string",
Enabled = false,
MatchConditions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
{
MatchValues = new[]
{
"string",
},
MatchVariable = "string",
Operator = "string",
NegationCondition = false,
Selector = "string",
Transforms = new[]
{
"string",
},
},
},
Priority = 0,
RateLimitDurationInMinutes = 0,
RateLimitThreshold = 0,
},
},
Enabled = false,
ManagedRules = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleArgs
{
Type = "string",
Version = "string",
Exclusions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleExclusionArgs
{
MatchVariable = "string",
Operator = "string",
Selector = "string",
},
},
Overrides = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideArgs
{
RuleGroupName = "string",
Exclusions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideExclusionArgs
{
MatchVariable = "string",
Operator = "string",
Selector = "string",
},
},
Rules = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleArgs
{
Action = "string",
RuleId = "string",
Enabled = false,
Exclusions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleExclusionArgs
{
MatchVariable = "string",
Operator = "string",
Selector = "string",
},
},
},
},
},
},
},
},
Mode = "string",
Name = "string",
RedirectUrl = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := frontdoor.NewFirewallPolicy(ctx, "firewallPolicyResource", &frontdoor.FirewallPolicyArgs{
ResourceGroupName: pulumi.String("string"),
CustomBlockResponseBody: pulumi.String("string"),
CustomBlockResponseStatusCode: pulumi.Int(0),
CustomRules: frontdoor.FirewallPolicyCustomRuleArray{
&frontdoor.FirewallPolicyCustomRuleArgs{
Action: pulumi.String("string"),
Name: pulumi.String("string"),
Type: pulumi.String("string"),
Enabled: pulumi.Bool(false),
MatchConditions: frontdoor.FirewallPolicyCustomRuleMatchConditionArray{
&frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
MatchValues: pulumi.StringArray{
pulumi.String("string"),
},
MatchVariable: pulumi.String("string"),
Operator: pulumi.String("string"),
NegationCondition: pulumi.Bool(false),
Selector: pulumi.String("string"),
Transforms: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Priority: pulumi.Int(0),
RateLimitDurationInMinutes: pulumi.Int(0),
RateLimitThreshold: pulumi.Int(0),
},
},
Enabled: pulumi.Bool(false),
ManagedRules: frontdoor.FirewallPolicyManagedRuleArray{
&frontdoor.FirewallPolicyManagedRuleArgs{
Type: pulumi.String("string"),
Version: pulumi.String("string"),
Exclusions: frontdoor.FirewallPolicyManagedRuleExclusionArray{
&frontdoor.FirewallPolicyManagedRuleExclusionArgs{
MatchVariable: pulumi.String("string"),
Operator: pulumi.String("string"),
Selector: pulumi.String("string"),
},
},
Overrides: frontdoor.FirewallPolicyManagedRuleOverrideArray{
&frontdoor.FirewallPolicyManagedRuleOverrideArgs{
RuleGroupName: pulumi.String("string"),
Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideExclusionArray{
&frontdoor.FirewallPolicyManagedRuleOverrideExclusionArgs{
MatchVariable: pulumi.String("string"),
Operator: pulumi.String("string"),
Selector: pulumi.String("string"),
},
},
Rules: frontdoor.FirewallPolicyManagedRuleOverrideRuleArray{
&frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs{
Action: pulumi.String("string"),
RuleId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArray{
&frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArgs{
MatchVariable: pulumi.String("string"),
Operator: pulumi.String("string"),
Selector: pulumi.String("string"),
},
},
},
},
},
},
},
},
Mode: pulumi.String("string"),
Name: pulumi.String("string"),
RedirectUrl: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var firewallPolicyResource = new FirewallPolicy("firewallPolicyResource", FirewallPolicyArgs.builder()
.resourceGroupName("string")
.customBlockResponseBody("string")
.customBlockResponseStatusCode(0)
.customRules(FirewallPolicyCustomRuleArgs.builder()
.action("string")
.name("string")
.type("string")
.enabled(false)
.matchConditions(FirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchValues("string")
.matchVariable("string")
.operator("string")
.negationCondition(false)
.selector("string")
.transforms("string")
.build())
.priority(0)
.rateLimitDurationInMinutes(0)
.rateLimitThreshold(0)
.build())
.enabled(false)
.managedRules(FirewallPolicyManagedRuleArgs.builder()
.type("string")
.version("string")
.exclusions(FirewallPolicyManagedRuleExclusionArgs.builder()
.matchVariable("string")
.operator("string")
.selector("string")
.build())
.overrides(FirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("string")
.exclusions(FirewallPolicyManagedRuleOverrideExclusionArgs.builder()
.matchVariable("string")
.operator("string")
.selector("string")
.build())
.rules(FirewallPolicyManagedRuleOverrideRuleArgs.builder()
.action("string")
.ruleId("string")
.enabled(false)
.exclusions(FirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
.matchVariable("string")
.operator("string")
.selector("string")
.build())
.build())
.build())
.build())
.mode("string")
.name("string")
.redirectUrl("string")
.tags(Map.of("string", "string"))
.build());
firewall_policy_resource = azure.frontdoor.FirewallPolicy("firewallPolicyResource",
resource_group_name="string",
custom_block_response_body="string",
custom_block_response_status_code=0,
custom_rules=[{
"action": "string",
"name": "string",
"type": "string",
"enabled": False,
"match_conditions": [{
"match_values": ["string"],
"match_variable": "string",
"operator": "string",
"negation_condition": False,
"selector": "string",
"transforms": ["string"],
}],
"priority": 0,
"rate_limit_duration_in_minutes": 0,
"rate_limit_threshold": 0,
}],
enabled=False,
managed_rules=[{
"type": "string",
"version": "string",
"exclusions": [{
"match_variable": "string",
"operator": "string",
"selector": "string",
}],
"overrides": [{
"rule_group_name": "string",
"exclusions": [{
"match_variable": "string",
"operator": "string",
"selector": "string",
}],
"rules": [{
"action": "string",
"rule_id": "string",
"enabled": False,
"exclusions": [{
"match_variable": "string",
"operator": "string",
"selector": "string",
}],
}],
}],
}],
mode="string",
name="string",
redirect_url="string",
tags={
"string": "string",
})
const firewallPolicyResource = new azure.frontdoor.FirewallPolicy("firewallPolicyResource", {
resourceGroupName: "string",
customBlockResponseBody: "string",
customBlockResponseStatusCode: 0,
customRules: [{
action: "string",
name: "string",
type: "string",
enabled: false,
matchConditions: [{
matchValues: ["string"],
matchVariable: "string",
operator: "string",
negationCondition: false,
selector: "string",
transforms: ["string"],
}],
priority: 0,
rateLimitDurationInMinutes: 0,
rateLimitThreshold: 0,
}],
enabled: false,
managedRules: [{
type: "string",
version: "string",
exclusions: [{
matchVariable: "string",
operator: "string",
selector: "string",
}],
overrides: [{
ruleGroupName: "string",
exclusions: [{
matchVariable: "string",
operator: "string",
selector: "string",
}],
rules: [{
action: "string",
ruleId: "string",
enabled: false,
exclusions: [{
matchVariable: "string",
operator: "string",
selector: "string",
}],
}],
}],
}],
mode: "string",
name: "string",
redirectUrl: "string",
tags: {
string: "string",
},
});
type: azure:frontdoor:FirewallPolicy
properties:
customBlockResponseBody: string
customBlockResponseStatusCode: 0
customRules:
- action: string
enabled: false
matchConditions:
- matchValues:
- string
matchVariable: string
negationCondition: false
operator: string
selector: string
transforms:
- string
name: string
priority: 0
rateLimitDurationInMinutes: 0
rateLimitThreshold: 0
type: string
enabled: false
managedRules:
- exclusions:
- matchVariable: string
operator: string
selector: string
overrides:
- exclusions:
- matchVariable: string
operator: string
selector: string
ruleGroupName: string
rules:
- action: string
enabled: false
exclusions:
- matchVariable: string
operator: string
selector: string
ruleId: string
type: string
version: string
mode: string
name: string
redirectUrl: string
resourceGroupName: string
tags:
string: string
FirewallPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FirewallPolicy resource accepts the following input properties:
- Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Custom
Block stringResponse Body - If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding. - Custom
Block intResponse Status Code - If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
. - Custom
Rules List<FirewallPolicy Custom Rule> - One or more
custom_rule
blocks as defined below. - Enabled bool
- Is the policy a enabled state or disabled state. Defaults to
true
. - Managed
Rules List<FirewallPolicy Managed Rule> - One or more
managed_rule
blocks as defined below. - Mode string
- The firewall policy mode. Possible values are
Detection
,Prevention
. Defaults toPrevention
. - Name string
- The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string - If action type is redirect, this field represents redirect URL for the client.
- Dictionary<string, string>
- A mapping of tags to assign to the Web Application Firewall Policy.
- Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Custom
Block stringResponse Body - If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding. - Custom
Block intResponse Status Code - If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
. - Custom
Rules []FirewallPolicy Custom Rule Args - One or more
custom_rule
blocks as defined below. - Enabled bool
- Is the policy a enabled state or disabled state. Defaults to
true
. - Managed
Rules []FirewallPolicy Managed Rule Args - One or more
managed_rule
blocks as defined below. - Mode string
- The firewall policy mode. Possible values are
Detection
,Prevention
. Defaults toPrevention
. - Name string
- The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string - If action type is redirect, this field represents redirect URL for the client.
- map[string]string
- A mapping of tags to assign to the Web Application Firewall Policy.
- resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- custom
Block StringResponse Body - If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding. - custom
Block IntegerResponse Status Code - If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
. - custom
Rules List<FirewallPolicy Custom Rule> - One or more
custom_rule
blocks as defined below. - enabled Boolean
- Is the policy a enabled state or disabled state. Defaults to
true
. - managed
Rules List<FirewallPolicy Managed Rule> - One or more
managed_rule
blocks as defined below. - mode String
- The firewall policy mode. Possible values are
Detection
,Prevention
. Defaults toPrevention
. - name String
- The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String - If action type is redirect, this field represents redirect URL for the client.
- Map<String,String>
- A mapping of tags to assign to the Web Application Firewall Policy.
- resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- custom
Block stringResponse Body - If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding. - custom
Block numberResponse Status Code - If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
. - custom
Rules FirewallPolicy Custom Rule[] - One or more
custom_rule
blocks as defined below. - enabled boolean
- Is the policy a enabled state or disabled state. Defaults to
true
. - managed
Rules FirewallPolicy Managed Rule[] - One or more
managed_rule
blocks as defined below. - mode string
- The firewall policy mode. Possible values are
Detection
,Prevention
. Defaults toPrevention
. - name string
- The name of the policy. Changing this forces a new resource to be created.
- redirect
Url string - If action type is redirect, this field represents redirect URL for the client.
- {[key: string]: string}
- A mapping of tags to assign to the Web Application Firewall Policy.
- resource_
group_ strname - The name of the resource group. Changing this forces a new resource to be created.
- custom_
block_ strresponse_ body - If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding. - custom_
block_ intresponse_ status_ code - If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
. - custom_
rules Sequence[FirewallPolicy Custom Rule Args] - One or more
custom_rule
blocks as defined below. - enabled bool
- Is the policy a enabled state or disabled state. Defaults to
true
. - managed_
rules Sequence[FirewallPolicy Managed Rule Args] - One or more
managed_rule
blocks as defined below. - mode str
- The firewall policy mode. Possible values are
Detection
,Prevention
. Defaults toPrevention
. - name str
- The name of the policy. Changing this forces a new resource to be created.
- redirect_
url str - If action type is redirect, this field represents redirect URL for the client.
- Mapping[str, str]
- A mapping of tags to assign to the Web Application Firewall Policy.
- resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- custom
Block StringResponse Body - If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding. - custom
Block NumberResponse Status Code - If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
. - custom
Rules List<Property Map> - One or more
custom_rule
blocks as defined below. - enabled Boolean
- Is the policy a enabled state or disabled state. Defaults to
true
. - managed
Rules List<Property Map> - One or more
managed_rule
blocks as defined below. - mode String
- The firewall policy mode. Possible values are
Detection
,Prevention
. Defaults toPrevention
. - name String
- The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String - If action type is redirect, this field represents redirect URL for the client.
- Map<String>
- A mapping of tags to assign to the Web Application Firewall Policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:
- Frontend
Endpoint List<string>Ids - The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Location string
- The Azure Region where this Front Door Firewall Policy exists.
- Frontend
Endpoint []stringIds - The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Location string
- The Azure Region where this Front Door Firewall Policy exists.
- frontend
Endpoint List<String>Ids - The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- id String
- The provider-assigned unique ID for this managed resource.
- location String
- The Azure Region where this Front Door Firewall Policy exists.
- frontend
Endpoint string[]Ids - The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- id string
- The provider-assigned unique ID for this managed resource.
- location string
- The Azure Region where this Front Door Firewall Policy exists.
- frontend_
endpoint_ Sequence[str]ids - The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- id str
- The provider-assigned unique ID for this managed resource.
- location str
- The Azure Region where this Front Door Firewall Policy exists.
- frontend
Endpoint List<String>Ids - The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- id String
- The provider-assigned unique ID for this managed resource.
- location String
- The Azure Region where this Front Door Firewall Policy exists.
Look up Existing FirewallPolicy Resource
Get an existing FirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallPolicyState, opts?: CustomResourceOptions): FirewallPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
custom_block_response_body: Optional[str] = None,
custom_block_response_status_code: Optional[int] = None,
custom_rules: Optional[Sequence[FirewallPolicyCustomRuleArgs]] = None,
enabled: Optional[bool] = None,
frontend_endpoint_ids: Optional[Sequence[str]] = None,
location: Optional[str] = None,
managed_rules: Optional[Sequence[FirewallPolicyManagedRuleArgs]] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
redirect_url: Optional[str] = None,
resource_group_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None) -> FirewallPolicy
func GetFirewallPolicy(ctx *Context, name string, id IDInput, state *FirewallPolicyState, opts ...ResourceOption) (*FirewallPolicy, error)
public static FirewallPolicy Get(string name, Input<string> id, FirewallPolicyState? state, CustomResourceOptions? opts = null)
public static FirewallPolicy get(String name, Output<String> id, FirewallPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Custom
Block stringResponse Body - If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding. - Custom
Block intResponse Status Code - If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
. - Custom
Rules List<FirewallPolicy Custom Rule> - One or more
custom_rule
blocks as defined below. - Enabled bool
- Is the policy a enabled state or disabled state. Defaults to
true
. - Frontend
Endpoint List<string>Ids - The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- Location string
- The Azure Region where this Front Door Firewall Policy exists.
- Managed
Rules List<FirewallPolicy Managed Rule> - One or more
managed_rule
blocks as defined below. - Mode string
- The firewall policy mode. Possible values are
Detection
,Prevention
. Defaults toPrevention
. - Name string
- The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string - If action type is redirect, this field represents redirect URL for the client.
- Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Dictionary<string, string>
- A mapping of tags to assign to the Web Application Firewall Policy.
- Custom
Block stringResponse Body - If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding. - Custom
Block intResponse Status Code - If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
. - Custom
Rules []FirewallPolicy Custom Rule Args - One or more
custom_rule
blocks as defined below. - Enabled bool
- Is the policy a enabled state or disabled state. Defaults to
true
. - Frontend
Endpoint []stringIds - The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- Location string
- The Azure Region where this Front Door Firewall Policy exists.
- Managed
Rules []FirewallPolicy Managed Rule Args - One or more
managed_rule
blocks as defined below. - Mode string
- The firewall policy mode. Possible values are
Detection
,Prevention
. Defaults toPrevention
. - Name string
- The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string - If action type is redirect, this field represents redirect URL for the client.
- Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- map[string]string
- A mapping of tags to assign to the Web Application Firewall Policy.
- custom
Block StringResponse Body - If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding. - custom
Block IntegerResponse Status Code - If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
. - custom
Rules List<FirewallPolicy Custom Rule> - One or more
custom_rule
blocks as defined below. - enabled Boolean
- Is the policy a enabled state or disabled state. Defaults to
true
. - frontend
Endpoint List<String>Ids - The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- location String
- The Azure Region where this Front Door Firewall Policy exists.
- managed
Rules List<FirewallPolicy Managed Rule> - One or more
managed_rule
blocks as defined below. - mode String
- The firewall policy mode. Possible values are
Detection
,Prevention
. Defaults toPrevention
. - name String
- The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String - If action type is redirect, this field represents redirect URL for the client.
- resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- Map<String,String>
- A mapping of tags to assign to the Web Application Firewall Policy.
- custom
Block stringResponse Body - If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding. - custom
Block numberResponse Status Code - If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
. - custom
Rules FirewallPolicy Custom Rule[] - One or more
custom_rule
blocks as defined below. - enabled boolean
- Is the policy a enabled state or disabled state. Defaults to
true
. - frontend
Endpoint string[]Ids - The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- location string
- The Azure Region where this Front Door Firewall Policy exists.
- managed
Rules FirewallPolicy Managed Rule[] - One or more
managed_rule
blocks as defined below. - mode string
- The firewall policy mode. Possible values are
Detection
,Prevention
. Defaults toPrevention
. - name string
- The name of the policy. Changing this forces a new resource to be created.
- redirect
Url string - If action type is redirect, this field represents redirect URL for the client.
- resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- {[key: string]: string}
- A mapping of tags to assign to the Web Application Firewall Policy.
- custom_
block_ strresponse_ body - If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding. - custom_
block_ intresponse_ status_ code - If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
. - custom_
rules Sequence[FirewallPolicy Custom Rule Args] - One or more
custom_rule
blocks as defined below. - enabled bool
- Is the policy a enabled state or disabled state. Defaults to
true
. - frontend_
endpoint_ Sequence[str]ids - The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- location str
- The Azure Region where this Front Door Firewall Policy exists.
- managed_
rules Sequence[FirewallPolicy Managed Rule Args] - One or more
managed_rule
blocks as defined below. - mode str
- The firewall policy mode. Possible values are
Detection
,Prevention
. Defaults toPrevention
. - name str
- The name of the policy. Changing this forces a new resource to be created.
- redirect_
url str - If action type is redirect, this field represents redirect URL for the client.
- resource_
group_ strname - The name of the resource group. Changing this forces a new resource to be created.
- Mapping[str, str]
- A mapping of tags to assign to the Web Application Firewall Policy.
- custom
Block StringResponse Body - If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding. - custom
Block NumberResponse Status Code - If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
. - custom
Rules List<Property Map> - One or more
custom_rule
blocks as defined below. - enabled Boolean
- Is the policy a enabled state or disabled state. Defaults to
true
. - frontend
Endpoint List<String>Ids - The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- location String
- The Azure Region where this Front Door Firewall Policy exists.
- managed
Rules List<Property Map> - One or more
managed_rule
blocks as defined below. - mode String
- The firewall policy mode. Possible values are
Detection
,Prevention
. Defaults toPrevention
. - name String
- The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String - If action type is redirect, this field represents redirect URL for the client.
- resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- Map<String>
- A mapping of tags to assign to the Web Application Firewall Policy.
Supporting Types
FirewallPolicyCustomRule, FirewallPolicyCustomRuleArgs
- Action string
- The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
. - Name string
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- Type string
- The type of rule. Possible values are
MatchRule
orRateLimitRule
. - Enabled bool
- Is the rule is enabled or disabled? Defaults to
true
. - Match
Conditions List<FirewallPolicy Custom Rule Match Condition> - One or more
match_condition
block defined below. Can support up to10
match_condition
blocks. - Priority int
- The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
. - Rate
Limit intDuration In Minutes - The rate limit duration in minutes. Defaults to
1
. - Rate
Limit intThreshold - The rate limit threshold. Defaults to
10
.
- Action string
- The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
. - Name string
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- Type string
- The type of rule. Possible values are
MatchRule
orRateLimitRule
. - Enabled bool
- Is the rule is enabled or disabled? Defaults to
true
. - Match
Conditions []FirewallPolicy Custom Rule Match Condition - One or more
match_condition
block defined below. Can support up to10
match_condition
blocks. - Priority int
- The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
. - Rate
Limit intDuration In Minutes - The rate limit duration in minutes. Defaults to
1
. - Rate
Limit intThreshold - The rate limit threshold. Defaults to
10
.
- action String
- The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
. - name String
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type String
- The type of rule. Possible values are
MatchRule
orRateLimitRule
. - enabled Boolean
- Is the rule is enabled or disabled? Defaults to
true
. - match
Conditions List<FirewallPolicy Custom Rule Match Condition> - One or more
match_condition
block defined below. Can support up to10
match_condition
blocks. - priority Integer
- The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
. - rate
Limit IntegerDuration In Minutes - The rate limit duration in minutes. Defaults to
1
. - rate
Limit IntegerThreshold - The rate limit threshold. Defaults to
10
.
- action string
- The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
. - name string
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type string
- The type of rule. Possible values are
MatchRule
orRateLimitRule
. - enabled boolean
- Is the rule is enabled or disabled? Defaults to
true
. - match
Conditions FirewallPolicy Custom Rule Match Condition[] - One or more
match_condition
block defined below. Can support up to10
match_condition
blocks. - priority number
- The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
. - rate
Limit numberDuration In Minutes - The rate limit duration in minutes. Defaults to
1
. - rate
Limit numberThreshold - The rate limit threshold. Defaults to
10
.
- action str
- The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
. - name str
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type str
- The type of rule. Possible values are
MatchRule
orRateLimitRule
. - enabled bool
- Is the rule is enabled or disabled? Defaults to
true
. - match_
conditions Sequence[FirewallPolicy Custom Rule Match Condition] - One or more
match_condition
block defined below. Can support up to10
match_condition
blocks. - priority int
- The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
. - rate_
limit_ intduration_ in_ minutes - The rate limit duration in minutes. Defaults to
1
. - rate_
limit_ intthreshold - The rate limit threshold. Defaults to
10
.
- action String
- The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
. - name String
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type String
- The type of rule. Possible values are
MatchRule
orRateLimitRule
. - enabled Boolean
- Is the rule is enabled or disabled? Defaults to
true
. - match
Conditions List<Property Map> - One or more
match_condition
block defined below. Can support up to10
match_condition
blocks. - priority Number
- The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
. - rate
Limit NumberDuration In Minutes - The rate limit duration in minutes. Defaults to
1
. - rate
Limit NumberThreshold - The rate limit threshold. Defaults to
10
.
FirewallPolicyCustomRuleMatchCondition, FirewallPolicyCustomRuleMatchConditionArgs
- Match
Values List<string> - Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters long. - Match
Variable string - The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
. - Operator string
- Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
. - Negation
Condition bool - Should the result of the condition be negated.
- Selector string
- Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
. - Transforms List<string>
- Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- Match
Values []string - Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters long. - Match
Variable string - The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
. - Operator string
- Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
. - Negation
Condition bool - Should the result of the condition be negated.
- Selector string
- Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
. - Transforms []string
- Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- match
Values List<String> - Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters long. - match
Variable String - The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
. - operator String
- Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
. - negation
Condition Boolean - Should the result of the condition be negated.
- selector String
- Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
. - transforms List<String>
- Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- match
Values string[] - Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters long. - match
Variable string - The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
. - operator string
- Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
. - negation
Condition boolean - Should the result of the condition be negated.
- selector string
- Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
. - transforms string[]
- Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- match_
values Sequence[str] - Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters long. - match_
variable str - The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
. - operator str
- Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
. - negation_
condition bool - Should the result of the condition be negated.
- selector str
- Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
. - transforms Sequence[str]
- Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- match
Values List<String> - Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters long. - match
Variable String - The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
. - operator String
- Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
. - negation
Condition Boolean - Should the result of the condition be negated.
- selector String
- Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
. - transforms List<String>
- Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
FirewallPolicyManagedRule, FirewallPolicyManagedRuleArgs
- Type string
- The name of the managed rule to use with this resource.
- Version string
- The version on the managed rule to use with this resource.
- Exclusions
List<Firewall
Policy Managed Rule Exclusion> - One or more
exclusion
blocks as defined below. - Overrides
List<Firewall
Policy Managed Rule Override> - One or more
override
blocks as defined below.
- Type string
- The name of the managed rule to use with this resource.
- Version string
- The version on the managed rule to use with this resource.
- Exclusions
[]Firewall
Policy Managed Rule Exclusion - One or more
exclusion
blocks as defined below. - Overrides
[]Firewall
Policy Managed Rule Override - One or more
override
blocks as defined below.
- type String
- The name of the managed rule to use with this resource.
- version String
- The version on the managed rule to use with this resource.
- exclusions
List<Firewall
Policy Managed Rule Exclusion> - One or more
exclusion
blocks as defined below. - overrides
List<Firewall
Policy Managed Rule Override> - One or more
override
blocks as defined below.
- type string
- The name of the managed rule to use with this resource.
- version string
- The version on the managed rule to use with this resource.
- exclusions
Firewall
Policy Managed Rule Exclusion[] - One or more
exclusion
blocks as defined below. - overrides
Firewall
Policy Managed Rule Override[] - One or more
override
blocks as defined below.
- type str
- The name of the managed rule to use with this resource.
- version str
- The version on the managed rule to use with this resource.
- exclusions
Sequence[Firewall
Policy Managed Rule Exclusion] - One or more
exclusion
blocks as defined below. - overrides
Sequence[Firewall
Policy Managed Rule Override] - One or more
override
blocks as defined below.
- type String
- The name of the managed rule to use with this resource.
- version String
- The version on the managed rule to use with this resource.
- exclusions List<Property Map>
- One or more
exclusion
blocks as defined below. - overrides List<Property Map>
- One or more
override
blocks as defined below.
FirewallPolicyManagedRuleExclusion, FirewallPolicyManagedRuleExclusionArgs
- Match
Variable string - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - Operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - Selector string
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- Match
Variable string - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - Operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - Selector string
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable String - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - operator String
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - selector String
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable string - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - selector string
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- match_
variable str - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - operator str
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - selector str
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable String - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - operator String
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - selector String
- Selector for the value in the
match_variable
attribute this exclusion applies to.
FirewallPolicyManagedRuleOverride, FirewallPolicyManagedRuleOverrideArgs
- Rule
Group stringName - The managed rule group to override.
- Exclusions
List<Firewall
Policy Managed Rule Override Exclusion> - One or more
exclusion
blocks as defined below. - Rules
List<Firewall
Policy Managed Rule Override Rule> - One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- Rule
Group stringName - The managed rule group to override.
- Exclusions
[]Firewall
Policy Managed Rule Override Exclusion - One or more
exclusion
blocks as defined below. - Rules
[]Firewall
Policy Managed Rule Override Rule - One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule
Group StringName - The managed rule group to override.
- exclusions
List<Firewall
Policy Managed Rule Override Exclusion> - One or more
exclusion
blocks as defined below. - rules
List<Firewall
Policy Managed Rule Override Rule> - One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule
Group stringName - The managed rule group to override.
- exclusions
Firewall
Policy Managed Rule Override Exclusion[] - One or more
exclusion
blocks as defined below. - rules
Firewall
Policy Managed Rule Override Rule[] - One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule_
group_ strname - The managed rule group to override.
- exclusions
Sequence[Firewall
Policy Managed Rule Override Exclusion] - One or more
exclusion
blocks as defined below. - rules
Sequence[Firewall
Policy Managed Rule Override Rule] - One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule
Group StringName - The managed rule group to override.
- exclusions List<Property Map>
- One or more
exclusion
blocks as defined below. - rules List<Property Map>
- One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
FirewallPolicyManagedRuleOverrideExclusion, FirewallPolicyManagedRuleOverrideExclusionArgs
- Match
Variable string - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - Operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - Selector string
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- Match
Variable string - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - Operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - Selector string
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable String - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - operator String
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - selector String
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable string - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - selector string
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- match_
variable str - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - operator str
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - selector str
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable String - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - operator String
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - selector String
- Selector for the value in the
match_variable
attribute this exclusion applies to.
FirewallPolicyManagedRuleOverrideRule, FirewallPolicyManagedRuleOverrideRuleArgs
- Action string
- The action to be applied when the rule matches. Possible values are
Allow
,Block
,Log
, orRedirect
. - Rule
Id string - Identifier for the managed rule.
- Enabled bool
- Is the managed rule override enabled or disabled. Defaults to
false
- Exclusions
List<Firewall
Policy Managed Rule Override Rule Exclusion> - One or more
exclusion
blocks as defined below.
- Action string
- The action to be applied when the rule matches. Possible values are
Allow
,Block
,Log
, orRedirect
. - Rule
Id string - Identifier for the managed rule.
- Enabled bool
- Is the managed rule override enabled or disabled. Defaults to
false
- Exclusions
[]Firewall
Policy Managed Rule Override Rule Exclusion - One or more
exclusion
blocks as defined below.
- action String
- The action to be applied when the rule matches. Possible values are
Allow
,Block
,Log
, orRedirect
. - rule
Id String - Identifier for the managed rule.
- enabled Boolean
- Is the managed rule override enabled or disabled. Defaults to
false
- exclusions
List<Firewall
Policy Managed Rule Override Rule Exclusion> - One or more
exclusion
blocks as defined below.
- action string
- The action to be applied when the rule matches. Possible values are
Allow
,Block
,Log
, orRedirect
. - rule
Id string - Identifier for the managed rule.
- enabled boolean
- Is the managed rule override enabled or disabled. Defaults to
false
- exclusions
Firewall
Policy Managed Rule Override Rule Exclusion[] - One or more
exclusion
blocks as defined below.
- action str
- The action to be applied when the rule matches. Possible values are
Allow
,Block
,Log
, orRedirect
. - rule_
id str - Identifier for the managed rule.
- enabled bool
- Is the managed rule override enabled or disabled. Defaults to
false
- exclusions
Sequence[Firewall
Policy Managed Rule Override Rule Exclusion] - One or more
exclusion
blocks as defined below.
- action String
- The action to be applied when the rule matches. Possible values are
Allow
,Block
,Log
, orRedirect
. - rule
Id String - Identifier for the managed rule.
- enabled Boolean
- Is the managed rule override enabled or disabled. Defaults to
false
- exclusions List<Property Map>
- One or more
exclusion
blocks as defined below.
FirewallPolicyManagedRuleOverrideRuleExclusion, FirewallPolicyManagedRuleOverrideRuleExclusionArgs
- Match
Variable string - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - Operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - Selector string
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- Match
Variable string - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - Operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - Selector string
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable String - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - operator String
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - selector String
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable string - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - selector string
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- match_
variable str - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - operator str
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - selector str
- Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable String - The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
. - operator String
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
. - selector String
- Selector for the value in the
match_variable
attribute this exclusion applies to.
Import
FrontDoor Web Application Firewall Policy can be imported using the resource id
, e.g.
$ pulumi import azure:frontdoor/firewallPolicy:FirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/examplefdwafpolicy
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.