We recommend using Azure Native.
azure.waf.Policy
Explore with Pulumi AI
Manages a Azure Web Application Firewall Policy instance.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-rg",
location: "West Europe",
});
const examplePolicy = new azure.waf.Policy("example", {
name: "example-wafpolicy",
resourceGroupName: example.name,
location: example.location,
customRules: [
{
name: "Rule1",
priority: 1,
ruleType: "MatchRule",
matchConditions: [{
matchVariables: [{
variableName: "RemoteAddr",
}],
operator: "IPMatch",
negationCondition: false,
matchValues: [
"192.168.1.0/24",
"10.0.0.0/24",
],
}],
action: "Block",
},
{
name: "Rule2",
priority: 2,
ruleType: "MatchRule",
matchConditions: [
{
matchVariables: [{
variableName: "RemoteAddr",
}],
operator: "IPMatch",
negationCondition: false,
matchValues: ["192.168.1.0/24"],
},
{
matchVariables: [{
variableName: "RequestHeaders",
selector: "UserAgent",
}],
operator: "Contains",
negationCondition: false,
matchValues: ["Windows"],
},
],
action: "Block",
},
],
policySettings: {
enabled: true,
mode: "Prevention",
requestBodyCheck: true,
fileUploadLimitInMb: 100,
maxRequestBodySizeInKb: 128,
},
managedRules: {
exclusions: [
{
matchVariable: "RequestHeaderNames",
selector: "x-company-secret-header",
selectorMatchOperator: "Equals",
},
{
matchVariable: "RequestCookieNames",
selector: "too-tasty",
selectorMatchOperator: "EndsWith",
},
],
managedRuleSets: [{
type: "OWASP",
version: "3.2",
ruleGroupOverrides: [{
ruleGroupName: "REQUEST-920-PROTOCOL-ENFORCEMENT",
rules: [
{
id: "920300",
enabled: true,
action: "Log",
},
{
id: "920440",
enabled: true,
action: "Block",
},
],
}],
}],
},
});
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-rg",
location="West Europe")
example_policy = azure.waf.Policy("example",
name="example-wafpolicy",
resource_group_name=example.name,
location=example.location,
custom_rules=[
{
"name": "Rule1",
"priority": 1,
"rule_type": "MatchRule",
"match_conditions": [{
"match_variables": [{
"variable_name": "RemoteAddr",
}],
"operator": "IPMatch",
"negation_condition": False,
"match_values": [
"192.168.1.0/24",
"10.0.0.0/24",
],
}],
"action": "Block",
},
{
"name": "Rule2",
"priority": 2,
"rule_type": "MatchRule",
"match_conditions": [
{
"match_variables": [{
"variable_name": "RemoteAddr",
}],
"operator": "IPMatch",
"negation_condition": False,
"match_values": ["192.168.1.0/24"],
},
{
"match_variables": [{
"variable_name": "RequestHeaders",
"selector": "UserAgent",
}],
"operator": "Contains",
"negation_condition": False,
"match_values": ["Windows"],
},
],
"action": "Block",
},
],
policy_settings={
"enabled": True,
"mode": "Prevention",
"request_body_check": True,
"file_upload_limit_in_mb": 100,
"max_request_body_size_in_kb": 128,
},
managed_rules={
"exclusions": [
{
"match_variable": "RequestHeaderNames",
"selector": "x-company-secret-header",
"selector_match_operator": "Equals",
},
{
"match_variable": "RequestCookieNames",
"selector": "too-tasty",
"selector_match_operator": "EndsWith",
},
],
"managed_rule_sets": [{
"type": "OWASP",
"version": "3.2",
"rule_group_overrides": [{
"rule_group_name": "REQUEST-920-PROTOCOL-ENFORCEMENT",
"rules": [
{
"id": "920300",
"enabled": True,
"action": "Log",
},
{
"id": "920440",
"enabled": True,
"action": "Block",
},
],
}],
}],
})
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/waf"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-rg"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
_, err = waf.NewPolicy(ctx, "example", &waf.PolicyArgs{
Name: pulumi.String("example-wafpolicy"),
ResourceGroupName: example.Name,
Location: example.Location,
CustomRules: waf.PolicyCustomRuleArray{
&waf.PolicyCustomRuleArgs{
Name: pulumi.String("Rule1"),
Priority: pulumi.Int(1),
RuleType: pulumi.String("MatchRule"),
MatchConditions: waf.PolicyCustomRuleMatchConditionArray{
&waf.PolicyCustomRuleMatchConditionArgs{
MatchVariables: waf.PolicyCustomRuleMatchConditionMatchVariableArray{
&waf.PolicyCustomRuleMatchConditionMatchVariableArgs{
VariableName: pulumi.String("RemoteAddr"),
},
},
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
pulumi.String("10.0.0.0/24"),
},
},
},
Action: pulumi.String("Block"),
},
&waf.PolicyCustomRuleArgs{
Name: pulumi.String("Rule2"),
Priority: pulumi.Int(2),
RuleType: pulumi.String("MatchRule"),
MatchConditions: waf.PolicyCustomRuleMatchConditionArray{
&waf.PolicyCustomRuleMatchConditionArgs{
MatchVariables: waf.PolicyCustomRuleMatchConditionMatchVariableArray{
&waf.PolicyCustomRuleMatchConditionMatchVariableArgs{
VariableName: pulumi.String("RemoteAddr"),
},
},
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
},
},
&waf.PolicyCustomRuleMatchConditionArgs{
MatchVariables: waf.PolicyCustomRuleMatchConditionMatchVariableArray{
&waf.PolicyCustomRuleMatchConditionMatchVariableArgs{
VariableName: pulumi.String("RequestHeaders"),
Selector: pulumi.String("UserAgent"),
},
},
Operator: pulumi.String("Contains"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("Windows"),
},
},
},
Action: pulumi.String("Block"),
},
},
PolicySettings: &waf.PolicyPolicySettingsArgs{
Enabled: pulumi.Bool(true),
Mode: pulumi.String("Prevention"),
RequestBodyCheck: pulumi.Bool(true),
FileUploadLimitInMb: pulumi.Int(100),
MaxRequestBodySizeInKb: pulumi.Int(128),
},
ManagedRules: &waf.PolicyManagedRulesArgs{
Exclusions: waf.PolicyManagedRulesExclusionArray{
&waf.PolicyManagedRulesExclusionArgs{
MatchVariable: pulumi.String("RequestHeaderNames"),
Selector: pulumi.String("x-company-secret-header"),
SelectorMatchOperator: pulumi.String("Equals"),
},
&waf.PolicyManagedRulesExclusionArgs{
MatchVariable: pulumi.String("RequestCookieNames"),
Selector: pulumi.String("too-tasty"),
SelectorMatchOperator: pulumi.String("EndsWith"),
},
},
ManagedRuleSets: waf.PolicyManagedRulesManagedRuleSetArray{
&waf.PolicyManagedRulesManagedRuleSetArgs{
Type: pulumi.String("OWASP"),
Version: pulumi.String("3.2"),
RuleGroupOverrides: waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArray{
&waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs{
RuleGroupName: pulumi.String("REQUEST-920-PROTOCOL-ENFORCEMENT"),
Rules: waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArray{
&waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs{
Id: pulumi.String("920300"),
Enabled: pulumi.Bool(true),
Action: pulumi.String("Log"),
},
&waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs{
Id: pulumi.String("920440"),
Enabled: pulumi.Bool(true),
Action: pulumi.String("Block"),
},
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-rg",
Location = "West Europe",
});
var examplePolicy = new Azure.Waf.Policy("example", new()
{
Name = "example-wafpolicy",
ResourceGroupName = example.Name,
Location = example.Location,
CustomRules = new[]
{
new Azure.Waf.Inputs.PolicyCustomRuleArgs
{
Name = "Rule1",
Priority = 1,
RuleType = "MatchRule",
MatchConditions = new[]
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionArgs
{
MatchVariables = new[]
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionMatchVariableArgs
{
VariableName = "RemoteAddr",
},
},
Operator = "IPMatch",
NegationCondition = false,
MatchValues = new[]
{
"192.168.1.0/24",
"10.0.0.0/24",
},
},
},
Action = "Block",
},
new Azure.Waf.Inputs.PolicyCustomRuleArgs
{
Name = "Rule2",
Priority = 2,
RuleType = "MatchRule",
MatchConditions = new[]
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionArgs
{
MatchVariables = new[]
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionMatchVariableArgs
{
VariableName = "RemoteAddr",
},
},
Operator = "IPMatch",
NegationCondition = false,
MatchValues = new[]
{
"192.168.1.0/24",
},
},
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionArgs
{
MatchVariables = new[]
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionMatchVariableArgs
{
VariableName = "RequestHeaders",
Selector = "UserAgent",
},
},
Operator = "Contains",
NegationCondition = false,
MatchValues = new[]
{
"Windows",
},
},
},
Action = "Block",
},
},
PolicySettings = new Azure.Waf.Inputs.PolicyPolicySettingsArgs
{
Enabled = true,
Mode = "Prevention",
RequestBodyCheck = true,
FileUploadLimitInMb = 100,
MaxRequestBodySizeInKb = 128,
},
ManagedRules = new Azure.Waf.Inputs.PolicyManagedRulesArgs
{
Exclusions = new[]
{
new Azure.Waf.Inputs.PolicyManagedRulesExclusionArgs
{
MatchVariable = "RequestHeaderNames",
Selector = "x-company-secret-header",
SelectorMatchOperator = "Equals",
},
new Azure.Waf.Inputs.PolicyManagedRulesExclusionArgs
{
MatchVariable = "RequestCookieNames",
Selector = "too-tasty",
SelectorMatchOperator = "EndsWith",
},
},
ManagedRuleSets = new[]
{
new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetArgs
{
Type = "OWASP",
Version = "3.2",
RuleGroupOverrides = new[]
{
new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs
{
RuleGroupName = "REQUEST-920-PROTOCOL-ENFORCEMENT",
Rules = new[]
{
new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs
{
Id = "920300",
Enabled = true,
Action = "Log",
},
new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs
{
Id = "920440",
Enabled = true,
Action = "Block",
},
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.waf.Policy;
import com.pulumi.azure.waf.PolicyArgs;
import com.pulumi.azure.waf.inputs.PolicyCustomRuleArgs;
import com.pulumi.azure.waf.inputs.PolicyPolicySettingsArgs;
import com.pulumi.azure.waf.inputs.PolicyManagedRulesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-rg")
.location("West Europe")
.build());
var examplePolicy = new Policy("examplePolicy", PolicyArgs.builder()
.name("example-wafpolicy")
.resourceGroupName(example.name())
.location(example.location())
.customRules(
PolicyCustomRuleArgs.builder()
.name("Rule1")
.priority(1)
.ruleType("MatchRule")
.matchConditions(PolicyCustomRuleMatchConditionArgs.builder()
.matchVariables(PolicyCustomRuleMatchConditionMatchVariableArgs.builder()
.variableName("RemoteAddr")
.build())
.operator("IPMatch")
.negationCondition(false)
.matchValues(
"192.168.1.0/24",
"10.0.0.0/24")
.build())
.action("Block")
.build(),
PolicyCustomRuleArgs.builder()
.name("Rule2")
.priority(2)
.ruleType("MatchRule")
.matchConditions(
PolicyCustomRuleMatchConditionArgs.builder()
.matchVariables(PolicyCustomRuleMatchConditionMatchVariableArgs.builder()
.variableName("RemoteAddr")
.build())
.operator("IPMatch")
.negationCondition(false)
.matchValues("192.168.1.0/24")
.build(),
PolicyCustomRuleMatchConditionArgs.builder()
.matchVariables(PolicyCustomRuleMatchConditionMatchVariableArgs.builder()
.variableName("RequestHeaders")
.selector("UserAgent")
.build())
.operator("Contains")
.negationCondition(false)
.matchValues("Windows")
.build())
.action("Block")
.build())
.policySettings(PolicyPolicySettingsArgs.builder()
.enabled(true)
.mode("Prevention")
.requestBodyCheck(true)
.fileUploadLimitInMb(100)
.maxRequestBodySizeInKb(128)
.build())
.managedRules(PolicyManagedRulesArgs.builder()
.exclusions(
PolicyManagedRulesExclusionArgs.builder()
.matchVariable("RequestHeaderNames")
.selector("x-company-secret-header")
.selectorMatchOperator("Equals")
.build(),
PolicyManagedRulesExclusionArgs.builder()
.matchVariable("RequestCookieNames")
.selector("too-tasty")
.selectorMatchOperator("EndsWith")
.build())
.managedRuleSets(PolicyManagedRulesManagedRuleSetArgs.builder()
.type("OWASP")
.version("3.2")
.ruleGroupOverrides(PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs.builder()
.ruleGroupName("REQUEST-920-PROTOCOL-ENFORCEMENT")
.rules(
PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs.builder()
.id("920300")
.enabled(true)
.action("Log")
.build(),
PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs.builder()
.id("920440")
.enabled(true)
.action("Block")
.build())
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-rg
location: West Europe
examplePolicy:
type: azure:waf:Policy
name: example
properties:
name: example-wafpolicy
resourceGroupName: ${example.name}
location: ${example.location}
customRules:
- name: Rule1
priority: 1
ruleType: MatchRule
matchConditions:
- matchVariables:
- variableName: RemoteAddr
operator: IPMatch
negationCondition: false
matchValues:
- 192.168.1.0/24
- 10.0.0.0/24
action: Block
- name: Rule2
priority: 2
ruleType: MatchRule
matchConditions:
- matchVariables:
- variableName: RemoteAddr
operator: IPMatch
negationCondition: false
matchValues:
- 192.168.1.0/24
- matchVariables:
- variableName: RequestHeaders
selector: UserAgent
operator: Contains
negationCondition: false
matchValues:
- Windows
action: Block
policySettings:
enabled: true
mode: Prevention
requestBodyCheck: true
fileUploadLimitInMb: 100
maxRequestBodySizeInKb: 128
managedRules:
exclusions:
- matchVariable: RequestHeaderNames
selector: x-company-secret-header
selectorMatchOperator: Equals
- matchVariable: RequestCookieNames
selector: too-tasty
selectorMatchOperator: EndsWith
managedRuleSets:
- type: OWASP
version: '3.2'
ruleGroupOverrides:
- ruleGroupName: REQUEST-920-PROTOCOL-ENFORCEMENT
rules:
- id: '920300'
enabled: true
action: Log
- id: '920440'
enabled: true
action: Block
Create Policy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);
@overload
def Policy(resource_name: str,
args: PolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Policy(resource_name: str,
opts: Optional[ResourceOptions] = None,
managed_rules: Optional[PolicyManagedRulesArgs] = None,
resource_group_name: Optional[str] = None,
custom_rules: Optional[Sequence[PolicyCustomRuleArgs]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
policy_settings: Optional[PolicyPolicySettingsArgs] = None,
tags: Optional[Mapping[str, str]] = None)
func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)
public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)
type: azure:waf:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplepolicyResourceResourceFromWafpolicy = new Azure.Waf.Policy("examplepolicyResourceResourceFromWafpolicy", new()
{
ManagedRules = new Azure.Waf.Inputs.PolicyManagedRulesArgs
{
ManagedRuleSets = new[]
{
new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetArgs
{
Version = "string",
RuleGroupOverrides = new[]
{
new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs
{
RuleGroupName = "string",
Rules = new[]
{
new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs
{
Id = "string",
Action = "string",
Enabled = false,
},
},
},
},
Type = "string",
},
},
Exclusions = new[]
{
new Azure.Waf.Inputs.PolicyManagedRulesExclusionArgs
{
MatchVariable = "string",
Selector = "string",
SelectorMatchOperator = "string",
ExcludedRuleSet = new Azure.Waf.Inputs.PolicyManagedRulesExclusionExcludedRuleSetArgs
{
RuleGroups = new[]
{
new Azure.Waf.Inputs.PolicyManagedRulesExclusionExcludedRuleSetRuleGroupArgs
{
RuleGroupName = "string",
ExcludedRules = new[]
{
"string",
},
},
},
Type = "string",
Version = "string",
},
},
},
},
ResourceGroupName = "string",
CustomRules = new[]
{
new Azure.Waf.Inputs.PolicyCustomRuleArgs
{
Action = "string",
MatchConditions = new[]
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionArgs
{
MatchVariables = new[]
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionMatchVariableArgs
{
VariableName = "string",
Selector = "string",
},
},
Operator = "string",
MatchValues = new[]
{
"string",
},
NegationCondition = false,
Transforms = new[]
{
"string",
},
},
},
Priority = 0,
RuleType = "string",
Enabled = false,
GroupRateLimitBy = "string",
Name = "string",
RateLimitDuration = "string",
RateLimitThreshold = 0,
},
},
Location = "string",
Name = "string",
PolicySettings = new Azure.Waf.Inputs.PolicyPolicySettingsArgs
{
Enabled = false,
FileUploadEnforcement = false,
FileUploadLimitInMb = 0,
JsChallengeCookieExpirationInMinutes = 0,
LogScrubbing = new Azure.Waf.Inputs.PolicyPolicySettingsLogScrubbingArgs
{
Enabled = false,
Rules = new[]
{
new Azure.Waf.Inputs.PolicyPolicySettingsLogScrubbingRuleArgs
{
MatchVariable = "string",
Enabled = false,
Selector = "string",
SelectorMatchOperator = "string",
},
},
},
MaxRequestBodySizeInKb = 0,
Mode = "string",
RequestBodyCheck = false,
RequestBodyEnforcement = false,
RequestBodyInspectLimitInKb = 0,
},
Tags =
{
{ "string", "string" },
},
});
example, err := waf.NewPolicy(ctx, "examplepolicyResourceResourceFromWafpolicy", &waf.PolicyArgs{
ManagedRules: &waf.PolicyManagedRulesArgs{
ManagedRuleSets: waf.PolicyManagedRulesManagedRuleSetArray{
&waf.PolicyManagedRulesManagedRuleSetArgs{
Version: pulumi.String("string"),
RuleGroupOverrides: waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArray{
&waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs{
RuleGroupName: pulumi.String("string"),
Rules: waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArray{
&waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs{
Id: pulumi.String("string"),
Action: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
},
},
},
Type: pulumi.String("string"),
},
},
Exclusions: waf.PolicyManagedRulesExclusionArray{
&waf.PolicyManagedRulesExclusionArgs{
MatchVariable: pulumi.String("string"),
Selector: pulumi.String("string"),
SelectorMatchOperator: pulumi.String("string"),
ExcludedRuleSet: &waf.PolicyManagedRulesExclusionExcludedRuleSetArgs{
RuleGroups: waf.PolicyManagedRulesExclusionExcludedRuleSetRuleGroupArray{
&waf.PolicyManagedRulesExclusionExcludedRuleSetRuleGroupArgs{
RuleGroupName: pulumi.String("string"),
ExcludedRules: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Type: pulumi.String("string"),
Version: pulumi.String("string"),
},
},
},
},
ResourceGroupName: pulumi.String("string"),
CustomRules: waf.PolicyCustomRuleArray{
&waf.PolicyCustomRuleArgs{
Action: pulumi.String("string"),
MatchConditions: waf.PolicyCustomRuleMatchConditionArray{
&waf.PolicyCustomRuleMatchConditionArgs{
MatchVariables: waf.PolicyCustomRuleMatchConditionMatchVariableArray{
&waf.PolicyCustomRuleMatchConditionMatchVariableArgs{
VariableName: pulumi.String("string"),
Selector: pulumi.String("string"),
},
},
Operator: pulumi.String("string"),
MatchValues: pulumi.StringArray{
pulumi.String("string"),
},
NegationCondition: pulumi.Bool(false),
Transforms: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Priority: pulumi.Int(0),
RuleType: pulumi.String("string"),
Enabled: pulumi.Bool(false),
GroupRateLimitBy: pulumi.String("string"),
Name: pulumi.String("string"),
RateLimitDuration: pulumi.String("string"),
RateLimitThreshold: pulumi.Int(0),
},
},
Location: pulumi.String("string"),
Name: pulumi.String("string"),
PolicySettings: &waf.PolicyPolicySettingsArgs{
Enabled: pulumi.Bool(false),
FileUploadEnforcement: pulumi.Bool(false),
FileUploadLimitInMb: pulumi.Int(0),
JsChallengeCookieExpirationInMinutes: pulumi.Int(0),
LogScrubbing: &waf.PolicyPolicySettingsLogScrubbingArgs{
Enabled: pulumi.Bool(false),
Rules: waf.PolicyPolicySettingsLogScrubbingRuleArray{
&waf.PolicyPolicySettingsLogScrubbingRuleArgs{
MatchVariable: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Selector: pulumi.String("string"),
SelectorMatchOperator: pulumi.String("string"),
},
},
},
MaxRequestBodySizeInKb: pulumi.Int(0),
Mode: pulumi.String("string"),
RequestBodyCheck: pulumi.Bool(false),
RequestBodyEnforcement: pulumi.Bool(false),
RequestBodyInspectLimitInKb: pulumi.Int(0),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var examplepolicyResourceResourceFromWafpolicy = new Policy("examplepolicyResourceResourceFromWafpolicy", PolicyArgs.builder()
.managedRules(PolicyManagedRulesArgs.builder()
.managedRuleSets(PolicyManagedRulesManagedRuleSetArgs.builder()
.version("string")
.ruleGroupOverrides(PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs.builder()
.ruleGroupName("string")
.rules(PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs.builder()
.id("string")
.action("string")
.enabled(false)
.build())
.build())
.type("string")
.build())
.exclusions(PolicyManagedRulesExclusionArgs.builder()
.matchVariable("string")
.selector("string")
.selectorMatchOperator("string")
.excludedRuleSet(PolicyManagedRulesExclusionExcludedRuleSetArgs.builder()
.ruleGroups(PolicyManagedRulesExclusionExcludedRuleSetRuleGroupArgs.builder()
.ruleGroupName("string")
.excludedRules("string")
.build())
.type("string")
.version("string")
.build())
.build())
.build())
.resourceGroupName("string")
.customRules(PolicyCustomRuleArgs.builder()
.action("string")
.matchConditions(PolicyCustomRuleMatchConditionArgs.builder()
.matchVariables(PolicyCustomRuleMatchConditionMatchVariableArgs.builder()
.variableName("string")
.selector("string")
.build())
.operator("string")
.matchValues("string")
.negationCondition(false)
.transforms("string")
.build())
.priority(0)
.ruleType("string")
.enabled(false)
.groupRateLimitBy("string")
.name("string")
.rateLimitDuration("string")
.rateLimitThreshold(0)
.build())
.location("string")
.name("string")
.policySettings(PolicyPolicySettingsArgs.builder()
.enabled(false)
.fileUploadEnforcement(false)
.fileUploadLimitInMb(0)
.jsChallengeCookieExpirationInMinutes(0)
.logScrubbing(PolicyPolicySettingsLogScrubbingArgs.builder()
.enabled(false)
.rules(PolicyPolicySettingsLogScrubbingRuleArgs.builder()
.matchVariable("string")
.enabled(false)
.selector("string")
.selectorMatchOperator("string")
.build())
.build())
.maxRequestBodySizeInKb(0)
.mode("string")
.requestBodyCheck(false)
.requestBodyEnforcement(false)
.requestBodyInspectLimitInKb(0)
.build())
.tags(Map.of("string", "string"))
.build());
examplepolicy_resource_resource_from_wafpolicy = azure.waf.Policy("examplepolicyResourceResourceFromWafpolicy",
managed_rules={
"managed_rule_sets": [{
"version": "string",
"rule_group_overrides": [{
"rule_group_name": "string",
"rules": [{
"id": "string",
"action": "string",
"enabled": False,
}],
}],
"type": "string",
}],
"exclusions": [{
"match_variable": "string",
"selector": "string",
"selector_match_operator": "string",
"excluded_rule_set": {
"rule_groups": [{
"rule_group_name": "string",
"excluded_rules": ["string"],
}],
"type": "string",
"version": "string",
},
}],
},
resource_group_name="string",
custom_rules=[{
"action": "string",
"match_conditions": [{
"match_variables": [{
"variable_name": "string",
"selector": "string",
}],
"operator": "string",
"match_values": ["string"],
"negation_condition": False,
"transforms": ["string"],
}],
"priority": 0,
"rule_type": "string",
"enabled": False,
"group_rate_limit_by": "string",
"name": "string",
"rate_limit_duration": "string",
"rate_limit_threshold": 0,
}],
location="string",
name="string",
policy_settings={
"enabled": False,
"file_upload_enforcement": False,
"file_upload_limit_in_mb": 0,
"js_challenge_cookie_expiration_in_minutes": 0,
"log_scrubbing": {
"enabled": False,
"rules": [{
"match_variable": "string",
"enabled": False,
"selector": "string",
"selector_match_operator": "string",
}],
},
"max_request_body_size_in_kb": 0,
"mode": "string",
"request_body_check": False,
"request_body_enforcement": False,
"request_body_inspect_limit_in_kb": 0,
},
tags={
"string": "string",
})
const examplepolicyResourceResourceFromWafpolicy = new azure.waf.Policy("examplepolicyResourceResourceFromWafpolicy", {
managedRules: {
managedRuleSets: [{
version: "string",
ruleGroupOverrides: [{
ruleGroupName: "string",
rules: [{
id: "string",
action: "string",
enabled: false,
}],
}],
type: "string",
}],
exclusions: [{
matchVariable: "string",
selector: "string",
selectorMatchOperator: "string",
excludedRuleSet: {
ruleGroups: [{
ruleGroupName: "string",
excludedRules: ["string"],
}],
type: "string",
version: "string",
},
}],
},
resourceGroupName: "string",
customRules: [{
action: "string",
matchConditions: [{
matchVariables: [{
variableName: "string",
selector: "string",
}],
operator: "string",
matchValues: ["string"],
negationCondition: false,
transforms: ["string"],
}],
priority: 0,
ruleType: "string",
enabled: false,
groupRateLimitBy: "string",
name: "string",
rateLimitDuration: "string",
rateLimitThreshold: 0,
}],
location: "string",
name: "string",
policySettings: {
enabled: false,
fileUploadEnforcement: false,
fileUploadLimitInMb: 0,
jsChallengeCookieExpirationInMinutes: 0,
logScrubbing: {
enabled: false,
rules: [{
matchVariable: "string",
enabled: false,
selector: "string",
selectorMatchOperator: "string",
}],
},
maxRequestBodySizeInKb: 0,
mode: "string",
requestBodyCheck: false,
requestBodyEnforcement: false,
requestBodyInspectLimitInKb: 0,
},
tags: {
string: "string",
},
});
type: azure:waf:Policy
properties:
customRules:
- action: string
enabled: false
groupRateLimitBy: string
matchConditions:
- matchValues:
- string
matchVariables:
- selector: string
variableName: string
negationCondition: false
operator: string
transforms:
- string
name: string
priority: 0
rateLimitDuration: string
rateLimitThreshold: 0
ruleType: string
location: string
managedRules:
exclusions:
- excludedRuleSet:
ruleGroups:
- excludedRules:
- string
ruleGroupName: string
type: string
version: string
matchVariable: string
selector: string
selectorMatchOperator: string
managedRuleSets:
- ruleGroupOverrides:
- ruleGroupName: string
rules:
- action: string
enabled: false
id: string
type: string
version: string
name: string
policySettings:
enabled: false
fileUploadEnforcement: false
fileUploadLimitInMb: 0
jsChallengeCookieExpirationInMinutes: 0
logScrubbing:
enabled: false
rules:
- enabled: false
matchVariable: string
selector: string
selectorMatchOperator: string
maxRequestBodySizeInKb: 0
mode: string
requestBodyCheck: false
requestBodyEnforcement: false
requestBodyInspectLimitInKb: 0
resourceGroupName: string
tags:
string: string
Policy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Policy resource accepts the following input properties:
- Managed
Rules PolicyManaged Rules - A
managed_rules
blocks as defined below. - Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Custom
Rules List<PolicyCustom Rule> - One or more
custom_rules
blocks as defined below. - Location string
- Resource location. Changing this forces a new resource to be created.
- Name string
- The name of the policy. Changing this forces a new resource to be created.
- Policy
Settings PolicyPolicy Settings - A
policy_settings
block as defined below. - Dictionary<string, string>
- A mapping of tags to assign to the Web Application Firewall Policy.
- Managed
Rules PolicyManaged Rules Args - A
managed_rules
blocks as defined below. - Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Custom
Rules []PolicyCustom Rule Args - One or more
custom_rules
blocks as defined below. - Location string
- Resource location. Changing this forces a new resource to be created.
- Name string
- The name of the policy. Changing this forces a new resource to be created.
- Policy
Settings PolicyPolicy Settings Args - A
policy_settings
block as defined below. - map[string]string
- A mapping of tags to assign to the Web Application Firewall Policy.
- managed
Rules PolicyManaged Rules - A
managed_rules
blocks as defined below. - resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- custom
Rules List<PolicyCustom Rule> - One or more
custom_rules
blocks as defined below. - location String
- Resource location. Changing this forces a new resource to be created.
- name String
- The name of the policy. Changing this forces a new resource to be created.
- policy
Settings PolicyPolicy Settings - A
policy_settings
block as defined below. - Map<String,String>
- A mapping of tags to assign to the Web Application Firewall Policy.
- managed
Rules PolicyManaged Rules - A
managed_rules
blocks as defined below. - resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- custom
Rules PolicyCustom Rule[] - One or more
custom_rules
blocks as defined below. - location string
- Resource location. Changing this forces a new resource to be created.
- name string
- The name of the policy. Changing this forces a new resource to be created.
- policy
Settings PolicyPolicy Settings - A
policy_settings
block as defined below. - {[key: string]: string}
- A mapping of tags to assign to the Web Application Firewall Policy.
- managed_
rules PolicyManaged Rules Args - A
managed_rules
blocks as defined below. - resource_
group_ strname - The name of the resource group. Changing this forces a new resource to be created.
- custom_
rules Sequence[PolicyCustom Rule Args] - One or more
custom_rules
blocks as defined below. - location str
- Resource location. Changing this forces a new resource to be created.
- name str
- The name of the policy. Changing this forces a new resource to be created.
- policy_
settings PolicyPolicy Settings Args - A
policy_settings
block as defined below. - Mapping[str, str]
- A mapping of tags to assign to the Web Application Firewall Policy.
- managed
Rules Property Map - A
managed_rules
blocks as defined below. - resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- custom
Rules List<Property Map> - One or more
custom_rules
blocks as defined below. - location String
- Resource location. Changing this forces a new resource to be created.
- name String
- The name of the policy. Changing this forces a new resource to be created.
- policy
Settings Property Map - A
policy_settings
block as defined below. - Map<String>
- A mapping of tags to assign to the Web Application Firewall Policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:
- Http
Listener List<string>Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway
. - Id string
- The provider-assigned unique ID for this managed resource.
- Path
Based List<string>Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway
.
- Http
Listener []stringIds - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway
. - Id string
- The provider-assigned unique ID for this managed resource.
- Path
Based []stringRule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway
.
- http
Listener List<String>Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway
. - id String
- The provider-assigned unique ID for this managed resource.
- path
Based List<String>Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway
.
- http
Listener string[]Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway
. - id string
- The provider-assigned unique ID for this managed resource.
- path
Based string[]Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway
.
- http_
listener_ Sequence[str]ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway
. - id str
- The provider-assigned unique ID for this managed resource.
- path_
based_ Sequence[str]rule_ ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway
.
- http
Listener List<String>Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway
. - id String
- The provider-assigned unique ID for this managed resource.
- path
Based List<String>Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway
.
Look up Existing Policy Resource
Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
custom_rules: Optional[Sequence[PolicyCustomRuleArgs]] = None,
http_listener_ids: Optional[Sequence[str]] = None,
location: Optional[str] = None,
managed_rules: Optional[PolicyManagedRulesArgs] = None,
name: Optional[str] = None,
path_based_rule_ids: Optional[Sequence[str]] = None,
policy_settings: Optional[PolicyPolicySettingsArgs] = None,
resource_group_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None) -> Policy
func GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)
public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)
public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Custom
Rules List<PolicyCustom Rule> - One or more
custom_rules
blocks as defined below. - Http
Listener List<string>Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway
. - Location string
- Resource location. Changing this forces a new resource to be created.
- Managed
Rules PolicyManaged Rules - A
managed_rules
blocks as defined below. - Name string
- The name of the policy. Changing this forces a new resource to be created.
- Path
Based List<string>Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway
. - Policy
Settings PolicyPolicy Settings - A
policy_settings
block as defined below. - Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Dictionary<string, string>
- A mapping of tags to assign to the Web Application Firewall Policy.
- Custom
Rules []PolicyCustom Rule Args - One or more
custom_rules
blocks as defined below. - Http
Listener []stringIds - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway
. - Location string
- Resource location. Changing this forces a new resource to be created.
- Managed
Rules PolicyManaged Rules Args - A
managed_rules
blocks as defined below. - Name string
- The name of the policy. Changing this forces a new resource to be created.
- Path
Based []stringRule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway
. - Policy
Settings PolicyPolicy Settings Args - A
policy_settings
block as defined below. - Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- map[string]string
- A mapping of tags to assign to the Web Application Firewall Policy.
- custom
Rules List<PolicyCustom Rule> - One or more
custom_rules
blocks as defined below. - http
Listener List<String>Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway
. - location String
- Resource location. Changing this forces a new resource to be created.
- managed
Rules PolicyManaged Rules - A
managed_rules
blocks as defined below. - name String
- The name of the policy. Changing this forces a new resource to be created.
- path
Based List<String>Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway
. - policy
Settings PolicyPolicy Settings - A
policy_settings
block as defined below. - resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- Map<String,String>
- A mapping of tags to assign to the Web Application Firewall Policy.
- custom
Rules PolicyCustom Rule[] - One or more
custom_rules
blocks as defined below. - http
Listener string[]Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway
. - location string
- Resource location. Changing this forces a new resource to be created.
- managed
Rules PolicyManaged Rules - A
managed_rules
blocks as defined below. - name string
- The name of the policy. Changing this forces a new resource to be created.
- path
Based string[]Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway
. - policy
Settings PolicyPolicy Settings - A
policy_settings
block as defined below. - resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- {[key: string]: string}
- A mapping of tags to assign to the Web Application Firewall Policy.
- custom_
rules Sequence[PolicyCustom Rule Args] - One or more
custom_rules
blocks as defined below. - http_
listener_ Sequence[str]ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway
. - location str
- Resource location. Changing this forces a new resource to be created.
- managed_
rules PolicyManaged Rules Args - A
managed_rules
blocks as defined below. - name str
- The name of the policy. Changing this forces a new resource to be created.
- path_
based_ Sequence[str]rule_ ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway
. - policy_
settings PolicyPolicy Settings Args - A
policy_settings
block as defined below. - resource_
group_ strname - The name of the resource group. Changing this forces a new resource to be created.
- Mapping[str, str]
- A mapping of tags to assign to the Web Application Firewall Policy.
- custom
Rules List<Property Map> - One or more
custom_rules
blocks as defined below. - http
Listener List<String>Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway
. - location String
- Resource location. Changing this forces a new resource to be created.
- managed
Rules Property Map - A
managed_rules
blocks as defined below. - name String
- The name of the policy. Changing this forces a new resource to be created.
- path
Based List<String>Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway
. - policy
Settings Property Map - A
policy_settings
block as defined below. - resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- Map<String>
- A mapping of tags to assign to the Web Application Firewall Policy.
Supporting Types
PolicyCustomRule, PolicyCustomRuleArgs
- Action string
- Type of action. Possible values are
Allow
,Block
andLog
. - Match
Conditions List<PolicyCustom Rule Match Condition> - One or more
match_conditions
blocks as defined below. - Priority int
- Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
- Rule
Type string - Describes the type of rule. Possible values are
MatchRule
,RateLimitRule
andInvalid
. - Enabled bool
- Describes if the policy is in enabled state or disabled state. Defaults to
true
. - Group
Rate stringLimit By - Specifies what grouping the rate limit will count requests by. Possible values are
GeoLocation
,ClientAddr
andNone
. - Name string
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- Rate
Limit stringDuration - Specifies the duration at which the rate limit policy will be applied. Should be used with
RateLimitRule
rule type. Possible values areFiveMins
andOneMin
. - Rate
Limit intThreshold - Specifies the threshold value for the rate limit policy. Must be greater than or equal to 1 if provided.
- Action string
- Type of action. Possible values are
Allow
,Block
andLog
. - Match
Conditions []PolicyCustom Rule Match Condition - One or more
match_conditions
blocks as defined below. - Priority int
- Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
- Rule
Type string - Describes the type of rule. Possible values are
MatchRule
,RateLimitRule
andInvalid
. - Enabled bool
- Describes if the policy is in enabled state or disabled state. Defaults to
true
. - Group
Rate stringLimit By - Specifies what grouping the rate limit will count requests by. Possible values are
GeoLocation
,ClientAddr
andNone
. - Name string
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- Rate
Limit stringDuration - Specifies the duration at which the rate limit policy will be applied. Should be used with
RateLimitRule
rule type. Possible values areFiveMins
andOneMin
. - Rate
Limit intThreshold - Specifies the threshold value for the rate limit policy. Must be greater than or equal to 1 if provided.
- action String
- Type of action. Possible values are
Allow
,Block
andLog
. - match
Conditions List<PolicyCustom Rule Match Condition> - One or more
match_conditions
blocks as defined below. - priority Integer
- Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
- rule
Type String - Describes the type of rule. Possible values are
MatchRule
,RateLimitRule
andInvalid
. - enabled Boolean
- Describes if the policy is in enabled state or disabled state. Defaults to
true
. - group
Rate StringLimit By - Specifies what grouping the rate limit will count requests by. Possible values are
GeoLocation
,ClientAddr
andNone
. - name String
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- rate
Limit StringDuration - Specifies the duration at which the rate limit policy will be applied. Should be used with
RateLimitRule
rule type. Possible values areFiveMins
andOneMin
. - rate
Limit IntegerThreshold - Specifies the threshold value for the rate limit policy. Must be greater than or equal to 1 if provided.
- action string
- Type of action. Possible values are
Allow
,Block
andLog
. - match
Conditions PolicyCustom Rule Match Condition[] - One or more
match_conditions
blocks as defined below. - priority number
- Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
- rule
Type string - Describes the type of rule. Possible values are
MatchRule
,RateLimitRule
andInvalid
. - enabled boolean
- Describes if the policy is in enabled state or disabled state. Defaults to
true
. - group
Rate stringLimit By - Specifies what grouping the rate limit will count requests by. Possible values are
GeoLocation
,ClientAddr
andNone
. - name string
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- rate
Limit stringDuration - Specifies the duration at which the rate limit policy will be applied. Should be used with
RateLimitRule
rule type. Possible values areFiveMins
andOneMin
. - rate
Limit numberThreshold - Specifies the threshold value for the rate limit policy. Must be greater than or equal to 1 if provided.
- action str
- Type of action. Possible values are
Allow
,Block
andLog
. - match_
conditions Sequence[PolicyCustom Rule Match Condition] - One or more
match_conditions
blocks as defined below. - priority int
- Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
- rule_
type str - Describes the type of rule. Possible values are
MatchRule
,RateLimitRule
andInvalid
. - enabled bool
- Describes if the policy is in enabled state or disabled state. Defaults to
true
. - group_
rate_ strlimit_ by - Specifies what grouping the rate limit will count requests by. Possible values are
GeoLocation
,ClientAddr
andNone
. - name str
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- rate_
limit_ strduration - Specifies the duration at which the rate limit policy will be applied. Should be used with
RateLimitRule
rule type. Possible values areFiveMins
andOneMin
. - rate_
limit_ intthreshold - Specifies the threshold value for the rate limit policy. Must be greater than or equal to 1 if provided.
- action String
- Type of action. Possible values are
Allow
,Block
andLog
. - match
Conditions List<Property Map> - One or more
match_conditions
blocks as defined below. - priority Number
- Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
- rule
Type String - Describes the type of rule. Possible values are
MatchRule
,RateLimitRule
andInvalid
. - enabled Boolean
- Describes if the policy is in enabled state or disabled state. Defaults to
true
. - group
Rate StringLimit By - Specifies what grouping the rate limit will count requests by. Possible values are
GeoLocation
,ClientAddr
andNone
. - name String
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- rate
Limit StringDuration - Specifies the duration at which the rate limit policy will be applied. Should be used with
RateLimitRule
rule type. Possible values areFiveMins
andOneMin
. - rate
Limit NumberThreshold - Specifies the threshold value for the rate limit policy. Must be greater than or equal to 1 if provided.
PolicyCustomRuleMatchCondition, PolicyCustomRuleMatchConditionArgs
- Match
Variables List<PolicyCustom Rule Match Condition Match Variable> - One or more
match_variables
blocks as defined below. - Operator string
- Describes operator to be matched. Possible values are
Any
,IPMatch
,GeoMatch
,Equal
,Contains
,LessThan
,GreaterThan
,LessThanOrEqual
,GreaterThanOrEqual
,BeginsWith
,EndsWith
andRegex
. - Match
Values List<string> - A list of match values. This is Required when the
operator
is notAny
. - Negation
Condition bool - Describes if this is negate condition or not
- Transforms List<string>
- A list of transformations to do before the match is attempted. Possible values are
HtmlEntityDecode
,Lowercase
,RemoveNulls
,Trim
,Uppercase
,UrlDecode
andUrlEncode
.
- Match
Variables []PolicyCustom Rule Match Condition Match Variable - One or more
match_variables
blocks as defined below. - Operator string
- Describes operator to be matched. Possible values are
Any
,IPMatch
,GeoMatch
,Equal
,Contains
,LessThan
,GreaterThan
,LessThanOrEqual
,GreaterThanOrEqual
,BeginsWith
,EndsWith
andRegex
. - Match
Values []string - A list of match values. This is Required when the
operator
is notAny
. - Negation
Condition bool - Describes if this is negate condition or not
- Transforms []string
- A list of transformations to do before the match is attempted. Possible values are
HtmlEntityDecode
,Lowercase
,RemoveNulls
,Trim
,Uppercase
,UrlDecode
andUrlEncode
.
- match
Variables List<PolicyCustom Rule Match Condition Match Variable> - One or more
match_variables
blocks as defined below. - operator String
- Describes operator to be matched. Possible values are
Any
,IPMatch
,GeoMatch
,Equal
,Contains
,LessThan
,GreaterThan
,LessThanOrEqual
,GreaterThanOrEqual
,BeginsWith
,EndsWith
andRegex
. - match
Values List<String> - A list of match values. This is Required when the
operator
is notAny
. - negation
Condition Boolean - Describes if this is negate condition or not
- transforms List<String>
- A list of transformations to do before the match is attempted. Possible values are
HtmlEntityDecode
,Lowercase
,RemoveNulls
,Trim
,Uppercase
,UrlDecode
andUrlEncode
.
- match
Variables PolicyCustom Rule Match Condition Match Variable[] - One or more
match_variables
blocks as defined below. - operator string
- Describes operator to be matched. Possible values are
Any
,IPMatch
,GeoMatch
,Equal
,Contains
,LessThan
,GreaterThan
,LessThanOrEqual
,GreaterThanOrEqual
,BeginsWith
,EndsWith
andRegex
. - match
Values string[] - A list of match values. This is Required when the
operator
is notAny
. - negation
Condition boolean - Describes if this is negate condition or not
- transforms string[]
- A list of transformations to do before the match is attempted. Possible values are
HtmlEntityDecode
,Lowercase
,RemoveNulls
,Trim
,Uppercase
,UrlDecode
andUrlEncode
.
- match_
variables Sequence[PolicyCustom Rule Match Condition Match Variable] - One or more
match_variables
blocks as defined below. - operator str
- Describes operator to be matched. Possible values are
Any
,IPMatch
,GeoMatch
,Equal
,Contains
,LessThan
,GreaterThan
,LessThanOrEqual
,GreaterThanOrEqual
,BeginsWith
,EndsWith
andRegex
. - match_
values Sequence[str] - A list of match values. This is Required when the
operator
is notAny
. - negation_
condition bool - Describes if this is negate condition or not
- transforms Sequence[str]
- A list of transformations to do before the match is attempted. Possible values are
HtmlEntityDecode
,Lowercase
,RemoveNulls
,Trim
,Uppercase
,UrlDecode
andUrlEncode
.
- match
Variables List<Property Map> - One or more
match_variables
blocks as defined below. - operator String
- Describes operator to be matched. Possible values are
Any
,IPMatch
,GeoMatch
,Equal
,Contains
,LessThan
,GreaterThan
,LessThanOrEqual
,GreaterThanOrEqual
,BeginsWith
,EndsWith
andRegex
. - match
Values List<String> - A list of match values. This is Required when the
operator
is notAny
. - negation
Condition Boolean - Describes if this is negate condition or not
- transforms List<String>
- A list of transformations to do before the match is attempted. Possible values are
HtmlEntityDecode
,Lowercase
,RemoveNulls
,Trim
,Uppercase
,UrlDecode
andUrlEncode
.
PolicyCustomRuleMatchConditionMatchVariable, PolicyCustomRuleMatchConditionMatchVariableArgs
- Variable
Name string - The name of the Match Variable. Possible values are
RemoteAddr
,RequestMethod
,QueryString
,PostArgs
,RequestUri
,RequestHeaders
,RequestBody
andRequestCookies
. - Selector string
- Describes field of the matchVariable collection
- Variable
Name string - The name of the Match Variable. Possible values are
RemoteAddr
,RequestMethod
,QueryString
,PostArgs
,RequestUri
,RequestHeaders
,RequestBody
andRequestCookies
. - Selector string
- Describes field of the matchVariable collection
- variable
Name String - The name of the Match Variable. Possible values are
RemoteAddr
,RequestMethod
,QueryString
,PostArgs
,RequestUri
,RequestHeaders
,RequestBody
andRequestCookies
. - selector String
- Describes field of the matchVariable collection
- variable
Name string - The name of the Match Variable. Possible values are
RemoteAddr
,RequestMethod
,QueryString
,PostArgs
,RequestUri
,RequestHeaders
,RequestBody
andRequestCookies
. - selector string
- Describes field of the matchVariable collection
- variable_
name str - The name of the Match Variable. Possible values are
RemoteAddr
,RequestMethod
,QueryString
,PostArgs
,RequestUri
,RequestHeaders
,RequestBody
andRequestCookies
. - selector str
- Describes field of the matchVariable collection
- variable
Name String - The name of the Match Variable. Possible values are
RemoteAddr
,RequestMethod
,QueryString
,PostArgs
,RequestUri
,RequestHeaders
,RequestBody
andRequestCookies
. - selector String
- Describes field of the matchVariable collection
PolicyManagedRules, PolicyManagedRulesArgs
- Managed
Rule List<PolicySets Managed Rules Managed Rule Set> - One or more
managed_rule_set
block defined below. - Exclusions
List<Policy
Managed Rules Exclusion> - One or more
exclusion
block defined below.
- Managed
Rule []PolicySets Managed Rules Managed Rule Set - One or more
managed_rule_set
block defined below. - Exclusions
[]Policy
Managed Rules Exclusion - One or more
exclusion
block defined below.
- managed
Rule List<PolicySets Managed Rules Managed Rule Set> - One or more
managed_rule_set
block defined below. - exclusions
List<Policy
Managed Rules Exclusion> - One or more
exclusion
block defined below.
- managed
Rule PolicySets Managed Rules Managed Rule Set[] - One or more
managed_rule_set
block defined below. - exclusions
Policy
Managed Rules Exclusion[] - One or more
exclusion
block defined below.
- managed_
rule_ Sequence[Policysets Managed Rules Managed Rule Set] - One or more
managed_rule_set
block defined below. - exclusions
Sequence[Policy
Managed Rules Exclusion] - One or more
exclusion
block defined below.
- managed
Rule List<Property Map>Sets - One or more
managed_rule_set
block defined below. - exclusions List<Property Map>
- One or more
exclusion
block defined below.
PolicyManagedRulesExclusion, PolicyManagedRulesExclusionArgs
- Match
Variable string - The name of the Match Variable. Possible values:
RequestArgKeys
,RequestArgNames
,RequestArgValues
,RequestCookieKeys
,RequestCookieNames
,RequestCookieValues
,RequestHeaderKeys
,RequestHeaderNames
,RequestHeaderValues
. - Selector string
- Describes field of the matchVariable collection.
- Selector
Match stringOperator - Describes operator to be matched. Possible values:
Contains
,EndsWith
,Equals
,EqualsAny
,StartsWith
. - Excluded
Rule PolicySet Managed Rules Exclusion Excluded Rule Set - One or more
excluded_rule_set
block defined below.
- Match
Variable string - The name of the Match Variable. Possible values:
RequestArgKeys
,RequestArgNames
,RequestArgValues
,RequestCookieKeys
,RequestCookieNames
,RequestCookieValues
,RequestHeaderKeys
,RequestHeaderNames
,RequestHeaderValues
. - Selector string
- Describes field of the matchVariable collection.
- Selector
Match stringOperator - Describes operator to be matched. Possible values:
Contains
,EndsWith
,Equals
,EqualsAny
,StartsWith
. - Excluded
Rule PolicySet Managed Rules Exclusion Excluded Rule Set - One or more
excluded_rule_set
block defined below.
- match
Variable String - The name of the Match Variable. Possible values:
RequestArgKeys
,RequestArgNames
,RequestArgValues
,RequestCookieKeys
,RequestCookieNames
,RequestCookieValues
,RequestHeaderKeys
,RequestHeaderNames
,RequestHeaderValues
. - selector String
- Describes field of the matchVariable collection.
- selector
Match StringOperator - Describes operator to be matched. Possible values:
Contains
,EndsWith
,Equals
,EqualsAny
,StartsWith
. - excluded
Rule PolicySet Managed Rules Exclusion Excluded Rule Set - One or more
excluded_rule_set
block defined below.
- match
Variable string - The name of the Match Variable. Possible values:
RequestArgKeys
,RequestArgNames
,RequestArgValues
,RequestCookieKeys
,RequestCookieNames
,RequestCookieValues
,RequestHeaderKeys
,RequestHeaderNames
,RequestHeaderValues
. - selector string
- Describes field of the matchVariable collection.
- selector
Match stringOperator - Describes operator to be matched. Possible values:
Contains
,EndsWith
,Equals
,EqualsAny
,StartsWith
. - excluded
Rule PolicySet Managed Rules Exclusion Excluded Rule Set - One or more
excluded_rule_set
block defined below.
- match_
variable str - The name of the Match Variable. Possible values:
RequestArgKeys
,RequestArgNames
,RequestArgValues
,RequestCookieKeys
,RequestCookieNames
,RequestCookieValues
,RequestHeaderKeys
,RequestHeaderNames
,RequestHeaderValues
. - selector str
- Describes field of the matchVariable collection.
- selector_
match_ stroperator - Describes operator to be matched. Possible values:
Contains
,EndsWith
,Equals
,EqualsAny
,StartsWith
. - excluded_
rule_ Policyset Managed Rules Exclusion Excluded Rule Set - One or more
excluded_rule_set
block defined below.
- match
Variable String - The name of the Match Variable. Possible values:
RequestArgKeys
,RequestArgNames
,RequestArgValues
,RequestCookieKeys
,RequestCookieNames
,RequestCookieValues
,RequestHeaderKeys
,RequestHeaderNames
,RequestHeaderValues
. - selector String
- Describes field of the matchVariable collection.
- selector
Match StringOperator - Describes operator to be matched. Possible values:
Contains
,EndsWith
,Equals
,EqualsAny
,StartsWith
. - excluded
Rule Property MapSet - One or more
excluded_rule_set
block defined below.
PolicyManagedRulesExclusionExcludedRuleSet, PolicyManagedRulesExclusionExcludedRuleSetArgs
- Rule
Groups List<PolicyManaged Rules Exclusion Excluded Rule Set Rule Group> - One or more
rule_group
block defined below. - Type string
- The rule set type. Possible values are
Microsoft_DefaultRuleSet
,Microsoft_BotManagerRuleSet
andOWASP
. Defaults toOWASP
. - Version string
- The rule set version. Possible values are
1.0
(for rule set typeMicrosoft_BotManagerRuleSet
),2.1
(for rule set typeMicrosoft_DefaultRuleSet
) and3.2
(for rule set typeOWASP
). Defaults to3.2
.
- Rule
Groups []PolicyManaged Rules Exclusion Excluded Rule Set Rule Group - One or more
rule_group
block defined below. - Type string
- The rule set type. Possible values are
Microsoft_DefaultRuleSet
,Microsoft_BotManagerRuleSet
andOWASP
. Defaults toOWASP
. - Version string
- The rule set version. Possible values are
1.0
(for rule set typeMicrosoft_BotManagerRuleSet
),2.1
(for rule set typeMicrosoft_DefaultRuleSet
) and3.2
(for rule set typeOWASP
). Defaults to3.2
.
- rule
Groups List<PolicyManaged Rules Exclusion Excluded Rule Set Rule Group> - One or more
rule_group
block defined below. - type String
- The rule set type. Possible values are
Microsoft_DefaultRuleSet
,Microsoft_BotManagerRuleSet
andOWASP
. Defaults toOWASP
. - version String
- The rule set version. Possible values are
1.0
(for rule set typeMicrosoft_BotManagerRuleSet
),2.1
(for rule set typeMicrosoft_DefaultRuleSet
) and3.2
(for rule set typeOWASP
). Defaults to3.2
.
- rule
Groups PolicyManaged Rules Exclusion Excluded Rule Set Rule Group[] - One or more
rule_group
block defined below. - type string
- The rule set type. Possible values are
Microsoft_DefaultRuleSet
,Microsoft_BotManagerRuleSet
andOWASP
. Defaults toOWASP
. - version string
- The rule set version. Possible values are
1.0
(for rule set typeMicrosoft_BotManagerRuleSet
),2.1
(for rule set typeMicrosoft_DefaultRuleSet
) and3.2
(for rule set typeOWASP
). Defaults to3.2
.
- rule_
groups Sequence[PolicyManaged Rules Exclusion Excluded Rule Set Rule Group] - One or more
rule_group
block defined below. - type str
- The rule set type. Possible values are
Microsoft_DefaultRuleSet
,Microsoft_BotManagerRuleSet
andOWASP
. Defaults toOWASP
. - version str
- The rule set version. Possible values are
1.0
(for rule set typeMicrosoft_BotManagerRuleSet
),2.1
(for rule set typeMicrosoft_DefaultRuleSet
) and3.2
(for rule set typeOWASP
). Defaults to3.2
.
- rule
Groups List<Property Map> - One or more
rule_group
block defined below. - type String
- The rule set type. Possible values are
Microsoft_DefaultRuleSet
,Microsoft_BotManagerRuleSet
andOWASP
. Defaults toOWASP
. - version String
- The rule set version. Possible values are
1.0
(for rule set typeMicrosoft_BotManagerRuleSet
),2.1
(for rule set typeMicrosoft_DefaultRuleSet
) and3.2
(for rule set typeOWASP
). Defaults to3.2
.
PolicyManagedRulesExclusionExcludedRuleSetRuleGroup, PolicyManagedRulesExclusionExcludedRuleSetRuleGroupArgs
- Rule
Group stringName - The name of rule group for exclusion. Possible values are
BadBots
,crs_20_protocol_violations
,crs_21_protocol_anomalies
,crs_23_request_limits
,crs_30_http_policy
,crs_35_bad_robots
,crs_40_generic_attacks
,crs_41_sql_injection_attacks
,crs_41_xss_attacks
,crs_42_tight_security
,crs_45_trojans
,crs_49_inbound_blocking
,General
,GoodBots
,KnownBadBots
,Known-CVEs
,REQUEST-911-METHOD-ENFORCEMENT
,REQUEST-913-SCANNER-DETECTION
,REQUEST-920-PROTOCOL-ENFORCEMENT
,REQUEST-921-PROTOCOL-ATTACK
,REQUEST-930-APPLICATION-ATTACK-LFI
,REQUEST-931-APPLICATION-ATTACK-RFI
,REQUEST-932-APPLICATION-ATTACK-RCE
,REQUEST-933-APPLICATION-ATTACK-PHP
,REQUEST-941-APPLICATION-ATTACK-XSS
,REQUEST-942-APPLICATION-ATTACK-SQLI
,REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
,REQUEST-944-APPLICATION-ATTACK-JAVA
,UnknownBots
,METHOD-ENFORCEMENT
,PROTOCOL-ENFORCEMENT
,PROTOCOL-ATTACK
,LFI
,RFI
,RCE
,PHP
,NODEJS
,XSS
,SQLI
,FIX
,JAVA
,MS-ThreatIntel-WebShells
,MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
.MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
. - Excluded
Rules List<string> - One or more Rule IDs for exclusion.
- Rule
Group stringName - The name of rule group for exclusion. Possible values are
BadBots
,crs_20_protocol_violations
,crs_21_protocol_anomalies
,crs_23_request_limits
,crs_30_http_policy
,crs_35_bad_robots
,crs_40_generic_attacks
,crs_41_sql_injection_attacks
,crs_41_xss_attacks
,crs_42_tight_security
,crs_45_trojans
,crs_49_inbound_blocking
,General
,GoodBots
,KnownBadBots
,Known-CVEs
,REQUEST-911-METHOD-ENFORCEMENT
,REQUEST-913-SCANNER-DETECTION
,REQUEST-920-PROTOCOL-ENFORCEMENT
,REQUEST-921-PROTOCOL-ATTACK
,REQUEST-930-APPLICATION-ATTACK-LFI
,REQUEST-931-APPLICATION-ATTACK-RFI
,REQUEST-932-APPLICATION-ATTACK-RCE
,REQUEST-933-APPLICATION-ATTACK-PHP
,REQUEST-941-APPLICATION-ATTACK-XSS
,REQUEST-942-APPLICATION-ATTACK-SQLI
,REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
,REQUEST-944-APPLICATION-ATTACK-JAVA
,UnknownBots
,METHOD-ENFORCEMENT
,PROTOCOL-ENFORCEMENT
,PROTOCOL-ATTACK
,LFI
,RFI
,RCE
,PHP
,NODEJS
,XSS
,SQLI
,FIX
,JAVA
,MS-ThreatIntel-WebShells
,MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
.MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
. - Excluded
Rules []string - One or more Rule IDs for exclusion.
- rule
Group StringName - The name of rule group for exclusion. Possible values are
BadBots
,crs_20_protocol_violations
,crs_21_protocol_anomalies
,crs_23_request_limits
,crs_30_http_policy
,crs_35_bad_robots
,crs_40_generic_attacks
,crs_41_sql_injection_attacks
,crs_41_xss_attacks
,crs_42_tight_security
,crs_45_trojans
,crs_49_inbound_blocking
,General
,GoodBots
,KnownBadBots
,Known-CVEs
,REQUEST-911-METHOD-ENFORCEMENT
,REQUEST-913-SCANNER-DETECTION
,REQUEST-920-PROTOCOL-ENFORCEMENT
,REQUEST-921-PROTOCOL-ATTACK
,REQUEST-930-APPLICATION-ATTACK-LFI
,REQUEST-931-APPLICATION-ATTACK-RFI
,REQUEST-932-APPLICATION-ATTACK-RCE
,REQUEST-933-APPLICATION-ATTACK-PHP
,REQUEST-941-APPLICATION-ATTACK-XSS
,REQUEST-942-APPLICATION-ATTACK-SQLI
,REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
,REQUEST-944-APPLICATION-ATTACK-JAVA
,UnknownBots
,METHOD-ENFORCEMENT
,PROTOCOL-ENFORCEMENT
,PROTOCOL-ATTACK
,LFI
,RFI
,RCE
,PHP
,NODEJS
,XSS
,SQLI
,FIX
,JAVA
,MS-ThreatIntel-WebShells
,MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
.MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
. - excluded
Rules List<String> - One or more Rule IDs for exclusion.
- rule
Group stringName - The name of rule group for exclusion. Possible values are
BadBots
,crs_20_protocol_violations
,crs_21_protocol_anomalies
,crs_23_request_limits
,crs_30_http_policy
,crs_35_bad_robots
,crs_40_generic_attacks
,crs_41_sql_injection_attacks
,crs_41_xss_attacks
,crs_42_tight_security
,crs_45_trojans
,crs_49_inbound_blocking
,General
,GoodBots
,KnownBadBots
,Known-CVEs
,REQUEST-911-METHOD-ENFORCEMENT
,REQUEST-913-SCANNER-DETECTION
,REQUEST-920-PROTOCOL-ENFORCEMENT
,REQUEST-921-PROTOCOL-ATTACK
,REQUEST-930-APPLICATION-ATTACK-LFI
,REQUEST-931-APPLICATION-ATTACK-RFI
,REQUEST-932-APPLICATION-ATTACK-RCE
,REQUEST-933-APPLICATION-ATTACK-PHP
,REQUEST-941-APPLICATION-ATTACK-XSS
,REQUEST-942-APPLICATION-ATTACK-SQLI
,REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
,REQUEST-944-APPLICATION-ATTACK-JAVA
,UnknownBots
,METHOD-ENFORCEMENT
,PROTOCOL-ENFORCEMENT
,PROTOCOL-ATTACK
,LFI
,RFI
,RCE
,PHP
,NODEJS
,XSS
,SQLI
,FIX
,JAVA
,MS-ThreatIntel-WebShells
,MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
.MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
. - excluded
Rules string[] - One or more Rule IDs for exclusion.
- rule_
group_ strname - The name of rule group for exclusion. Possible values are
BadBots
,crs_20_protocol_violations
,crs_21_protocol_anomalies
,crs_23_request_limits
,crs_30_http_policy
,crs_35_bad_robots
,crs_40_generic_attacks
,crs_41_sql_injection_attacks
,crs_41_xss_attacks
,crs_42_tight_security
,crs_45_trojans
,crs_49_inbound_blocking
,General
,GoodBots
,KnownBadBots
,Known-CVEs
,REQUEST-911-METHOD-ENFORCEMENT
,REQUEST-913-SCANNER-DETECTION
,REQUEST-920-PROTOCOL-ENFORCEMENT
,REQUEST-921-PROTOCOL-ATTACK
,REQUEST-930-APPLICATION-ATTACK-LFI
,REQUEST-931-APPLICATION-ATTACK-RFI
,REQUEST-932-APPLICATION-ATTACK-RCE
,REQUEST-933-APPLICATION-ATTACK-PHP
,REQUEST-941-APPLICATION-ATTACK-XSS
,REQUEST-942-APPLICATION-ATTACK-SQLI
,REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
,REQUEST-944-APPLICATION-ATTACK-JAVA
,UnknownBots
,METHOD-ENFORCEMENT
,PROTOCOL-ENFORCEMENT
,PROTOCOL-ATTACK
,LFI
,RFI
,RCE
,PHP
,NODEJS
,XSS
,SQLI
,FIX
,JAVA
,MS-ThreatIntel-WebShells
,MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
.MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
. - excluded_
rules Sequence[str] - One or more Rule IDs for exclusion.
- rule
Group StringName - The name of rule group for exclusion. Possible values are
BadBots
,crs_20_protocol_violations
,crs_21_protocol_anomalies
,crs_23_request_limits
,crs_30_http_policy
,crs_35_bad_robots
,crs_40_generic_attacks
,crs_41_sql_injection_attacks
,crs_41_xss_attacks
,crs_42_tight_security
,crs_45_trojans
,crs_49_inbound_blocking
,General
,GoodBots
,KnownBadBots
,Known-CVEs
,REQUEST-911-METHOD-ENFORCEMENT
,REQUEST-913-SCANNER-DETECTION
,REQUEST-920-PROTOCOL-ENFORCEMENT
,REQUEST-921-PROTOCOL-ATTACK
,REQUEST-930-APPLICATION-ATTACK-LFI
,REQUEST-931-APPLICATION-ATTACK-RFI
,REQUEST-932-APPLICATION-ATTACK-RCE
,REQUEST-933-APPLICATION-ATTACK-PHP
,REQUEST-941-APPLICATION-ATTACK-XSS
,REQUEST-942-APPLICATION-ATTACK-SQLI
,REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
,REQUEST-944-APPLICATION-ATTACK-JAVA
,UnknownBots
,METHOD-ENFORCEMENT
,PROTOCOL-ENFORCEMENT
,PROTOCOL-ATTACK
,LFI
,RFI
,RCE
,PHP
,NODEJS
,XSS
,SQLI
,FIX
,JAVA
,MS-ThreatIntel-WebShells
,MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
.MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
. - excluded
Rules List<String> - One or more Rule IDs for exclusion.
PolicyManagedRulesManagedRuleSet, PolicyManagedRulesManagedRuleSetArgs
- Version string
- The rule set version. Possible values:
0.1
,1.0
,2.1
,2.2.9
,3.0
,3.1
and3.2
. - Rule
Group List<PolicyOverrides Managed Rules Managed Rule Set Rule Group Override> - One or more
rule_group_override
block defined below. - Type string
- The rule set type. Possible values:
Microsoft_BotManagerRuleSet
,Microsoft_DefaultRuleSet
andOWASP
. Defaults toOWASP
.
- Version string
- The rule set version. Possible values:
0.1
,1.0
,2.1
,2.2.9
,3.0
,3.1
and3.2
. - Rule
Group []PolicyOverrides Managed Rules Managed Rule Set Rule Group Override - One or more
rule_group_override
block defined below. - Type string
- The rule set type. Possible values:
Microsoft_BotManagerRuleSet
,Microsoft_DefaultRuleSet
andOWASP
. Defaults toOWASP
.
- version String
- The rule set version. Possible values:
0.1
,1.0
,2.1
,2.2.9
,3.0
,3.1
and3.2
. - rule
Group List<PolicyOverrides Managed Rules Managed Rule Set Rule Group Override> - One or more
rule_group_override
block defined below. - type String
- The rule set type. Possible values:
Microsoft_BotManagerRuleSet
,Microsoft_DefaultRuleSet
andOWASP
. Defaults toOWASP
.
- version string
- The rule set version. Possible values:
0.1
,1.0
,2.1
,2.2.9
,3.0
,3.1
and3.2
. - rule
Group PolicyOverrides Managed Rules Managed Rule Set Rule Group Override[] - One or more
rule_group_override
block defined below. - type string
- The rule set type. Possible values:
Microsoft_BotManagerRuleSet
,Microsoft_DefaultRuleSet
andOWASP
. Defaults toOWASP
.
- version str
- The rule set version. Possible values:
0.1
,1.0
,2.1
,2.2.9
,3.0
,3.1
and3.2
. - rule_
group_ Sequence[Policyoverrides Managed Rules Managed Rule Set Rule Group Override] - One or more
rule_group_override
block defined below. - type str
- The rule set type. Possible values:
Microsoft_BotManagerRuleSet
,Microsoft_DefaultRuleSet
andOWASP
. Defaults toOWASP
.
- version String
- The rule set version. Possible values:
0.1
,1.0
,2.1
,2.2.9
,3.0
,3.1
and3.2
. - rule
Group List<Property Map>Overrides - One or more
rule_group_override
block defined below. - type String
- The rule set type. Possible values:
Microsoft_BotManagerRuleSet
,Microsoft_DefaultRuleSet
andOWASP
. Defaults toOWASP
.
PolicyManagedRulesManagedRuleSetRuleGroupOverride, PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs
- Rule
Group stringName - The name of the Rule Group. Possible values are
BadBots
,crs_20_protocol_violations
,crs_21_protocol_anomalies
,crs_23_request_limits
,crs_30_http_policy
,crs_35_bad_robots
,crs_40_generic_attacks
,crs_41_sql_injection_attacks
,crs_41_xss_attacks
,crs_42_tight_security
,crs_45_trojans
,crs_49_inbound_blocking
,General
,GoodBots
,KnownBadBots
,Known-CVEs
,REQUEST-911-METHOD-ENFORCEMENT
,REQUEST-913-SCANNER-DETECTION
,REQUEST-920-PROTOCOL-ENFORCEMENT
,REQUEST-921-PROTOCOL-ATTACK
,REQUEST-930-APPLICATION-ATTACK-LFI
,REQUEST-931-APPLICATION-ATTACK-RFI
,REQUEST-932-APPLICATION-ATTACK-RCE
,REQUEST-933-APPLICATION-ATTACK-PHP
,REQUEST-941-APPLICATION-ATTACK-XSS
,REQUEST-942-APPLICATION-ATTACK-SQLI
,REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
,REQUEST-944-APPLICATION-ATTACK-JAVA
,UnknownBots
,METHOD-ENFORCEMENT
,PROTOCOL-ENFORCEMENT
,PROTOCOL-ATTACK
,LFI
,RFI
,RCE
,PHP
,NODEJS
,XSS
,SQLI
,FIX
,JAVA
,MS-ThreatIntel-WebShells
,MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
MS-ThreatIntel-WebShells`,. - Rules
List<Policy
Managed Rules Managed Rule Set Rule Group Override Rule> - One or more
rule
block defined below.
- Rule
Group stringName - The name of the Rule Group. Possible values are
BadBots
,crs_20_protocol_violations
,crs_21_protocol_anomalies
,crs_23_request_limits
,crs_30_http_policy
,crs_35_bad_robots
,crs_40_generic_attacks
,crs_41_sql_injection_attacks
,crs_41_xss_attacks
,crs_42_tight_security
,crs_45_trojans
,crs_49_inbound_blocking
,General
,GoodBots
,KnownBadBots
,Known-CVEs
,REQUEST-911-METHOD-ENFORCEMENT
,REQUEST-913-SCANNER-DETECTION
,REQUEST-920-PROTOCOL-ENFORCEMENT
,REQUEST-921-PROTOCOL-ATTACK
,REQUEST-930-APPLICATION-ATTACK-LFI
,REQUEST-931-APPLICATION-ATTACK-RFI
,REQUEST-932-APPLICATION-ATTACK-RCE
,REQUEST-933-APPLICATION-ATTACK-PHP
,REQUEST-941-APPLICATION-ATTACK-XSS
,REQUEST-942-APPLICATION-ATTACK-SQLI
,REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
,REQUEST-944-APPLICATION-ATTACK-JAVA
,UnknownBots
,METHOD-ENFORCEMENT
,PROTOCOL-ENFORCEMENT
,PROTOCOL-ATTACK
,LFI
,RFI
,RCE
,PHP
,NODEJS
,XSS
,SQLI
,FIX
,JAVA
,MS-ThreatIntel-WebShells
,MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
MS-ThreatIntel-WebShells`,. - Rules
[]Policy
Managed Rules Managed Rule Set Rule Group Override Rule - One or more
rule
block defined below.
- rule
Group StringName - The name of the Rule Group. Possible values are
BadBots
,crs_20_protocol_violations
,crs_21_protocol_anomalies
,crs_23_request_limits
,crs_30_http_policy
,crs_35_bad_robots
,crs_40_generic_attacks
,crs_41_sql_injection_attacks
,crs_41_xss_attacks
,crs_42_tight_security
,crs_45_trojans
,crs_49_inbound_blocking
,General
,GoodBots
,KnownBadBots
,Known-CVEs
,REQUEST-911-METHOD-ENFORCEMENT
,REQUEST-913-SCANNER-DETECTION
,REQUEST-920-PROTOCOL-ENFORCEMENT
,REQUEST-921-PROTOCOL-ATTACK
,REQUEST-930-APPLICATION-ATTACK-LFI
,REQUEST-931-APPLICATION-ATTACK-RFI
,REQUEST-932-APPLICATION-ATTACK-RCE
,REQUEST-933-APPLICATION-ATTACK-PHP
,REQUEST-941-APPLICATION-ATTACK-XSS
,REQUEST-942-APPLICATION-ATTACK-SQLI
,REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
,REQUEST-944-APPLICATION-ATTACK-JAVA
,UnknownBots
,METHOD-ENFORCEMENT
,PROTOCOL-ENFORCEMENT
,PROTOCOL-ATTACK
,LFI
,RFI
,RCE
,PHP
,NODEJS
,XSS
,SQLI
,FIX
,JAVA
,MS-ThreatIntel-WebShells
,MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
MS-ThreatIntel-WebShells`,. - rules
List<Policy
Managed Rules Managed Rule Set Rule Group Override Rule> - One or more
rule
block defined below.
- rule
Group stringName - The name of the Rule Group. Possible values are
BadBots
,crs_20_protocol_violations
,crs_21_protocol_anomalies
,crs_23_request_limits
,crs_30_http_policy
,crs_35_bad_robots
,crs_40_generic_attacks
,crs_41_sql_injection_attacks
,crs_41_xss_attacks
,crs_42_tight_security
,crs_45_trojans
,crs_49_inbound_blocking
,General
,GoodBots
,KnownBadBots
,Known-CVEs
,REQUEST-911-METHOD-ENFORCEMENT
,REQUEST-913-SCANNER-DETECTION
,REQUEST-920-PROTOCOL-ENFORCEMENT
,REQUEST-921-PROTOCOL-ATTACK
,REQUEST-930-APPLICATION-ATTACK-LFI
,REQUEST-931-APPLICATION-ATTACK-RFI
,REQUEST-932-APPLICATION-ATTACK-RCE
,REQUEST-933-APPLICATION-ATTACK-PHP
,REQUEST-941-APPLICATION-ATTACK-XSS
,REQUEST-942-APPLICATION-ATTACK-SQLI
,REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
,REQUEST-944-APPLICATION-ATTACK-JAVA
,UnknownBots
,METHOD-ENFORCEMENT
,PROTOCOL-ENFORCEMENT
,PROTOCOL-ATTACK
,LFI
,RFI
,RCE
,PHP
,NODEJS
,XSS
,SQLI
,FIX
,JAVA
,MS-ThreatIntel-WebShells
,MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
MS-ThreatIntel-WebShells`,. - rules
Policy
Managed Rules Managed Rule Set Rule Group Override Rule[] - One or more
rule
block defined below.
- rule_
group_ strname - The name of the Rule Group. Possible values are
BadBots
,crs_20_protocol_violations
,crs_21_protocol_anomalies
,crs_23_request_limits
,crs_30_http_policy
,crs_35_bad_robots
,crs_40_generic_attacks
,crs_41_sql_injection_attacks
,crs_41_xss_attacks
,crs_42_tight_security
,crs_45_trojans
,crs_49_inbound_blocking
,General
,GoodBots
,KnownBadBots
,Known-CVEs
,REQUEST-911-METHOD-ENFORCEMENT
,REQUEST-913-SCANNER-DETECTION
,REQUEST-920-PROTOCOL-ENFORCEMENT
,REQUEST-921-PROTOCOL-ATTACK
,REQUEST-930-APPLICATION-ATTACK-LFI
,REQUEST-931-APPLICATION-ATTACK-RFI
,REQUEST-932-APPLICATION-ATTACK-RCE
,REQUEST-933-APPLICATION-ATTACK-PHP
,REQUEST-941-APPLICATION-ATTACK-XSS
,REQUEST-942-APPLICATION-ATTACK-SQLI
,REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
,REQUEST-944-APPLICATION-ATTACK-JAVA
,UnknownBots
,METHOD-ENFORCEMENT
,PROTOCOL-ENFORCEMENT
,PROTOCOL-ATTACK
,LFI
,RFI
,RCE
,PHP
,NODEJS
,XSS
,SQLI
,FIX
,JAVA
,MS-ThreatIntel-WebShells
,MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
MS-ThreatIntel-WebShells`,. - rules
Sequence[Policy
Managed Rules Managed Rule Set Rule Group Override Rule] - One or more
rule
block defined below.
- rule
Group StringName - The name of the Rule Group. Possible values are
BadBots
,crs_20_protocol_violations
,crs_21_protocol_anomalies
,crs_23_request_limits
,crs_30_http_policy
,crs_35_bad_robots
,crs_40_generic_attacks
,crs_41_sql_injection_attacks
,crs_41_xss_attacks
,crs_42_tight_security
,crs_45_trojans
,crs_49_inbound_blocking
,General
,GoodBots
,KnownBadBots
,Known-CVEs
,REQUEST-911-METHOD-ENFORCEMENT
,REQUEST-913-SCANNER-DETECTION
,REQUEST-920-PROTOCOL-ENFORCEMENT
,REQUEST-921-PROTOCOL-ATTACK
,REQUEST-930-APPLICATION-ATTACK-LFI
,REQUEST-931-APPLICATION-ATTACK-RFI
,REQUEST-932-APPLICATION-ATTACK-RCE
,REQUEST-933-APPLICATION-ATTACK-PHP
,REQUEST-941-APPLICATION-ATTACK-XSS
,REQUEST-942-APPLICATION-ATTACK-SQLI
,REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
,REQUEST-944-APPLICATION-ATTACK-JAVA
,UnknownBots
,METHOD-ENFORCEMENT
,PROTOCOL-ENFORCEMENT
,PROTOCOL-ATTACK
,LFI
,RFI
,RCE
,PHP
,NODEJS
,XSS
,SQLI
,FIX
,JAVA
,MS-ThreatIntel-WebShells
,MS-ThreatIntel-AppSec
,MS-ThreatIntel-SQLI
andMS-ThreatIntel-CVEs
MS-ThreatIntel-WebShells`,. - rules List<Property Map>
- One or more
rule
block defined below.
PolicyManagedRulesManagedRuleSetRuleGroupOverrideRule, PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs
- Id string
- Identifier for the managed rule.
- Action string
- Describes the override action to be applied when rule matches. Possible values are
Allow
,AnomalyScoring
,Block
,JSChallenge
andLog
.JSChallenge
is only valid for rulesets of typeMicrosoft_BotManagerRuleSet
. - Enabled bool
- Describes if the managed rule is in enabled state or disabled state. Defaults to
false
.
- Id string
- Identifier for the managed rule.
- Action string
- Describes the override action to be applied when rule matches. Possible values are
Allow
,AnomalyScoring
,Block
,JSChallenge
andLog
.JSChallenge
is only valid for rulesets of typeMicrosoft_BotManagerRuleSet
. - Enabled bool
- Describes if the managed rule is in enabled state or disabled state. Defaults to
false
.
- id String
- Identifier for the managed rule.
- action String
- Describes the override action to be applied when rule matches. Possible values are
Allow
,AnomalyScoring
,Block
,JSChallenge
andLog
.JSChallenge
is only valid for rulesets of typeMicrosoft_BotManagerRuleSet
. - enabled Boolean
- Describes if the managed rule is in enabled state or disabled state. Defaults to
false
.
- id string
- Identifier for the managed rule.
- action string
- Describes the override action to be applied when rule matches. Possible values are
Allow
,AnomalyScoring
,Block
,JSChallenge
andLog
.JSChallenge
is only valid for rulesets of typeMicrosoft_BotManagerRuleSet
. - enabled boolean
- Describes if the managed rule is in enabled state or disabled state. Defaults to
false
.
- id str
- Identifier for the managed rule.
- action str
- Describes the override action to be applied when rule matches. Possible values are
Allow
,AnomalyScoring
,Block
,JSChallenge
andLog
.JSChallenge
is only valid for rulesets of typeMicrosoft_BotManagerRuleSet
. - enabled bool
- Describes if the managed rule is in enabled state or disabled state. Defaults to
false
.
- id String
- Identifier for the managed rule.
- action String
- Describes the override action to be applied when rule matches. Possible values are
Allow
,AnomalyScoring
,Block
,JSChallenge
andLog
.JSChallenge
is only valid for rulesets of typeMicrosoft_BotManagerRuleSet
. - enabled Boolean
- Describes if the managed rule is in enabled state or disabled state. Defaults to
false
.
PolicyPolicySettings, PolicyPolicySettingsArgs
- Enabled bool
- Describes if the policy is in enabled state or disabled state. Defaults to
true
. - File
Upload boolEnforcement - Whether the firewall should block a request with upload size greater then
file_upload_limit_in_mb
. - File
Upload intLimit In Mb - The File Upload Limit in MB. Accepted values are in the range
1
to4000
. Defaults to100
. - int
- Specifies the JavaScript challenge cookie validity lifetime in minutes. The user is challenged after the lifetime expires. Accepted values are in the range
5
to1440
. Defaults to30
. - Log
Scrubbing PolicyPolicy Settings Log Scrubbing - One
log_scrubbing
block as defined below. - Max
Request intBody Size In Kb - The Maximum Request Body Size in KB. Accepted values are in the range
8
to2000
. Defaults to128
. - Mode string
- Describes if it is in detection mode or prevention mode at the policy level. Valid values are
Detection
andPrevention
. Defaults toPrevention
. - Request
Body boolCheck - Is Request Body Inspection enabled? Defaults to
true
. - Request
Body boolEnforcement - Whether the firewall should block a request with body size greater then
max_request_body_size_in_kb
. Defaults totrue
. - Request
Body intInspect Limit In Kb - Specifies the maximum request body inspection limit in KB for the Web Application Firewall. Defaults to
128
.
- Enabled bool
- Describes if the policy is in enabled state or disabled state. Defaults to
true
. - File
Upload boolEnforcement - Whether the firewall should block a request with upload size greater then
file_upload_limit_in_mb
. - File
Upload intLimit In Mb - The File Upload Limit in MB. Accepted values are in the range
1
to4000
. Defaults to100
. - int
- Specifies the JavaScript challenge cookie validity lifetime in minutes. The user is challenged after the lifetime expires. Accepted values are in the range
5
to1440
. Defaults to30
. - Log
Scrubbing PolicyPolicy Settings Log Scrubbing - One
log_scrubbing
block as defined below. - Max
Request intBody Size In Kb - The Maximum Request Body Size in KB. Accepted values are in the range
8
to2000
. Defaults to128
. - Mode string
- Describes if it is in detection mode or prevention mode at the policy level. Valid values are
Detection
andPrevention
. Defaults toPrevention
. - Request
Body boolCheck - Is Request Body Inspection enabled? Defaults to
true
. - Request
Body boolEnforcement - Whether the firewall should block a request with body size greater then
max_request_body_size_in_kb
. Defaults totrue
. - Request
Body intInspect Limit In Kb - Specifies the maximum request body inspection limit in KB for the Web Application Firewall. Defaults to
128
.
- enabled Boolean
- Describes if the policy is in enabled state or disabled state. Defaults to
true
. - file
Upload BooleanEnforcement - Whether the firewall should block a request with upload size greater then
file_upload_limit_in_mb
. - file
Upload IntegerLimit In Mb - The File Upload Limit in MB. Accepted values are in the range
1
to4000
. Defaults to100
. - Integer
- Specifies the JavaScript challenge cookie validity lifetime in minutes. The user is challenged after the lifetime expires. Accepted values are in the range
5
to1440
. Defaults to30
. - log
Scrubbing PolicyPolicy Settings Log Scrubbing - One
log_scrubbing
block as defined below. - max
Request IntegerBody Size In Kb - The Maximum Request Body Size in KB. Accepted values are in the range
8
to2000
. Defaults to128
. - mode String
- Describes if it is in detection mode or prevention mode at the policy level. Valid values are
Detection
andPrevention
. Defaults toPrevention
. - request
Body BooleanCheck - Is Request Body Inspection enabled? Defaults to
true
. - request
Body BooleanEnforcement - Whether the firewall should block a request with body size greater then
max_request_body_size_in_kb
. Defaults totrue
. - request
Body IntegerInspect Limit In Kb - Specifies the maximum request body inspection limit in KB for the Web Application Firewall. Defaults to
128
.
- enabled boolean
- Describes if the policy is in enabled state or disabled state. Defaults to
true
. - file
Upload booleanEnforcement - Whether the firewall should block a request with upload size greater then
file_upload_limit_in_mb
. - file
Upload numberLimit In Mb - The File Upload Limit in MB. Accepted values are in the range
1
to4000
. Defaults to100
. - number
- Specifies the JavaScript challenge cookie validity lifetime in minutes. The user is challenged after the lifetime expires. Accepted values are in the range
5
to1440
. Defaults to30
. - log
Scrubbing PolicyPolicy Settings Log Scrubbing - One
log_scrubbing
block as defined below. - max
Request numberBody Size In Kb - The Maximum Request Body Size in KB. Accepted values are in the range
8
to2000
. Defaults to128
. - mode string
- Describes if it is in detection mode or prevention mode at the policy level. Valid values are
Detection
andPrevention
. Defaults toPrevention
. - request
Body booleanCheck - Is Request Body Inspection enabled? Defaults to
true
. - request
Body booleanEnforcement - Whether the firewall should block a request with body size greater then
max_request_body_size_in_kb
. Defaults totrue
. - request
Body numberInspect Limit In Kb - Specifies the maximum request body inspection limit in KB for the Web Application Firewall. Defaults to
128
.
- enabled bool
- Describes if the policy is in enabled state or disabled state. Defaults to
true
. - file_
upload_ boolenforcement - Whether the firewall should block a request with upload size greater then
file_upload_limit_in_mb
. - file_
upload_ intlimit_ in_ mb - The File Upload Limit in MB. Accepted values are in the range
1
to4000
. Defaults to100
. - int
- Specifies the JavaScript challenge cookie validity lifetime in minutes. The user is challenged after the lifetime expires. Accepted values are in the range
5
to1440
. Defaults to30
. - log_
scrubbing PolicyPolicy Settings Log Scrubbing - One
log_scrubbing
block as defined below. - max_
request_ intbody_ size_ in_ kb - The Maximum Request Body Size in KB. Accepted values are in the range
8
to2000
. Defaults to128
. - mode str
- Describes if it is in detection mode or prevention mode at the policy level. Valid values are
Detection
andPrevention
. Defaults toPrevention
. - request_
body_ boolcheck - Is Request Body Inspection enabled? Defaults to
true
. - request_
body_ boolenforcement - Whether the firewall should block a request with body size greater then
max_request_body_size_in_kb
. Defaults totrue
. - request_
body_ intinspect_ limit_ in_ kb - Specifies the maximum request body inspection limit in KB for the Web Application Firewall. Defaults to
128
.
- enabled Boolean
- Describes if the policy is in enabled state or disabled state. Defaults to
true
. - file
Upload BooleanEnforcement - Whether the firewall should block a request with upload size greater then
file_upload_limit_in_mb
. - file
Upload NumberLimit In Mb - The File Upload Limit in MB. Accepted values are in the range
1
to4000
. Defaults to100
. - Number
- Specifies the JavaScript challenge cookie validity lifetime in minutes. The user is challenged after the lifetime expires. Accepted values are in the range
5
to1440
. Defaults to30
. - log
Scrubbing Property Map - One
log_scrubbing
block as defined below. - max
Request NumberBody Size In Kb - The Maximum Request Body Size in KB. Accepted values are in the range
8
to2000
. Defaults to128
. - mode String
- Describes if it is in detection mode or prevention mode at the policy level. Valid values are
Detection
andPrevention
. Defaults toPrevention
. - request
Body BooleanCheck - Is Request Body Inspection enabled? Defaults to
true
. - request
Body BooleanEnforcement - Whether the firewall should block a request with body size greater then
max_request_body_size_in_kb
. Defaults totrue
. - request
Body NumberInspect Limit In Kb - Specifies the maximum request body inspection limit in KB for the Web Application Firewall. Defaults to
128
.
PolicyPolicySettingsLogScrubbing, PolicyPolicySettingsLogScrubbingArgs
- Enabled bool
- Whether the log scrubbing is enabled or disabled. Defaults to
true
. - Rules
List<Policy
Policy Settings Log Scrubbing Rule> - One or more
scrubbing_rule
blocks as define below.
- Enabled bool
- Whether the log scrubbing is enabled or disabled. Defaults to
true
. - Rules
[]Policy
Policy Settings Log Scrubbing Rule - One or more
scrubbing_rule
blocks as define below.
- enabled Boolean
- Whether the log scrubbing is enabled or disabled. Defaults to
true
. - rules
List<Policy
Policy Settings Log Scrubbing Rule> - One or more
scrubbing_rule
blocks as define below.
- enabled boolean
- Whether the log scrubbing is enabled or disabled. Defaults to
true
. - rules
Policy
Policy Settings Log Scrubbing Rule[] - One or more
scrubbing_rule
blocks as define below.
- enabled bool
- Whether the log scrubbing is enabled or disabled. Defaults to
true
. - rules
Sequence[Policy
Policy Settings Log Scrubbing Rule] - One or more
scrubbing_rule
blocks as define below.
- enabled Boolean
- Whether the log scrubbing is enabled or disabled. Defaults to
true
. - rules List<Property Map>
- One or more
scrubbing_rule
blocks as define below.
PolicyPolicySettingsLogScrubbingRule, PolicyPolicySettingsLogScrubbingRuleArgs
- Match
Variable string - Enabled bool
- Describes if the managed rule is in enabled state or disabled state. Defaults to
false
. - Selector string
- When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to.
- Selector
Match stringOperator
- Match
Variable string - Enabled bool
- Describes if the managed rule is in enabled state or disabled state. Defaults to
false
. - Selector string
- When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to.
- Selector
Match stringOperator
- match
Variable String - enabled Boolean
- Describes if the managed rule is in enabled state or disabled state. Defaults to
false
. - selector String
- When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to.
- selector
Match StringOperator
- match
Variable string - enabled boolean
- Describes if the managed rule is in enabled state or disabled state. Defaults to
false
. - selector string
- When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to.
- selector
Match stringOperator
- match_
variable str - enabled bool
- Describes if the managed rule is in enabled state or disabled state. Defaults to
false
. - selector str
- When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to.
- selector_
match_ stroperator
- match
Variable String - enabled Boolean
- Describes if the managed rule is in enabled state or disabled state. Defaults to
false
. - selector String
- When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to.
- selector
Match StringOperator
Import
Web Application Firewall Policy can be imported using the resource id
, e.g.
$ pulumi import azure:waf/policy:Policy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/example-wafpolicy
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.