1. Packages
  2. Azure Native
  3. API Docs
  4. network
  5. Policy
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi

azure-native.network.Policy

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi

    Defines web application firewall policy. Azure REST API version: 2022-05-01. Prior API version in Azure Native 1.x: 2020-11-01.

    Other available API versions: 2021-06-01, 2024-02-01.

    Example Usage

    Creates specific policy

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var policy = new AzureNative.Network.Policy("policy", new()
        {
            CustomRules = new AzureNative.Network.Inputs.CustomRuleListArgs
            {
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.CustomRuleArgs
                    {
                        Action = AzureNative.Network.ActionType.Block,
                        MatchConditions = new[]
                        {
                            new AzureNative.Network.Inputs.FrontDoorMatchConditionArgs
                            {
                                MatchValue = new[]
                                {
                                    "192.168.1.0/24",
                                    "10.0.0.0/24",
                                },
                                MatchVariable = AzureNative.Network.FrontDoorMatchVariable.RemoteAddr,
                                Operator = AzureNative.Network.Operator.IPMatch,
                            },
                        },
                        Name = "Rule1",
                        Priority = 1,
                        RateLimitThreshold = 1000,
                        RuleType = AzureNative.Network.RuleType.RateLimitRule,
                    },
                    new AzureNative.Network.Inputs.CustomRuleArgs
                    {
                        Action = AzureNative.Network.ActionType.Block,
                        MatchConditions = new[]
                        {
                            new AzureNative.Network.Inputs.FrontDoorMatchConditionArgs
                            {
                                MatchValue = new[]
                                {
                                    "CH",
                                },
                                MatchVariable = AzureNative.Network.FrontDoorMatchVariable.RemoteAddr,
                                Operator = AzureNative.Network.Operator.GeoMatch,
                            },
                            new AzureNative.Network.Inputs.FrontDoorMatchConditionArgs
                            {
                                MatchValue = new[]
                                {
                                    "windows",
                                },
                                MatchVariable = AzureNative.Network.FrontDoorMatchVariable.RequestHeader,
                                Operator = AzureNative.Network.Operator.Contains,
                                Selector = "UserAgent",
                                Transforms = new[]
                                {
                                    AzureNative.Network.TransformType.Lowercase,
                                },
                            },
                        },
                        Name = "Rule2",
                        Priority = 2,
                        RuleType = AzureNative.Network.RuleType.MatchRule,
                    },
                },
            },
            Location = "WestUs",
            ManagedRules = new AzureNative.Network.Inputs.ManagedRuleSetListArgs
            {
                ManagedRuleSets = new[]
                {
                    new AzureNative.Network.Inputs.FrontDoorManagedRuleSetArgs
                    {
                        Exclusions = new[]
                        {
                            new AzureNative.Network.Inputs.ManagedRuleExclusionArgs
                            {
                                MatchVariable = AzureNative.Network.ManagedRuleExclusionMatchVariable.RequestHeaderNames,
                                Selector = "User-Agent",
                                SelectorMatchOperator = AzureNative.Network.ManagedRuleExclusionSelectorMatchOperator.EqualsValue,
                            },
                        },
                        RuleGroupOverrides = new[]
                        {
                            new AzureNative.Network.Inputs.FrontDoorManagedRuleGroupOverrideArgs
                            {
                                Exclusions = new[]
                                {
                                    new AzureNative.Network.Inputs.ManagedRuleExclusionArgs
                                    {
                                        MatchVariable = AzureNative.Network.ManagedRuleExclusionMatchVariable.RequestCookieNames,
                                        Selector = "token",
                                        SelectorMatchOperator = AzureNative.Network.ManagedRuleExclusionSelectorMatchOperator.StartsWith,
                                    },
                                },
                                RuleGroupName = "SQLI",
                                Rules = new[]
                                {
                                    new AzureNative.Network.Inputs.FrontDoorManagedRuleOverrideArgs
                                    {
                                        Action = "Redirect",
                                        EnabledState = AzureNative.Network.ManagedRuleEnabledState.Enabled,
                                        Exclusions = new[]
                                        {
                                            new AzureNative.Network.Inputs.ManagedRuleExclusionArgs
                                            {
                                                MatchVariable = AzureNative.Network.ManagedRuleExclusionMatchVariable.QueryStringArgNames,
                                                Selector = "query",
                                                SelectorMatchOperator = AzureNative.Network.ManagedRuleExclusionSelectorMatchOperator.EqualsValue,
                                            },
                                        },
                                        RuleId = "942100",
                                    },
                                    new AzureNative.Network.Inputs.FrontDoorManagedRuleOverrideArgs
                                    {
                                        EnabledState = AzureNative.Network.ManagedRuleEnabledState.Disabled,
                                        RuleId = "942110",
                                    },
                                },
                            },
                        },
                        RuleSetAction = AzureNative.Network.ManagedRuleSetActionType.Block,
                        RuleSetType = "DefaultRuleSet",
                        RuleSetVersion = "1.0",
                    },
                },
            },
            PolicyName = "Policy1",
            PolicySettings = new AzureNative.Network.Inputs.FrontDoorPolicySettingsArgs
            {
                CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
                CustomBlockResponseStatusCode = 429,
                EnabledState = AzureNative.Network.PolicyEnabledState.Enabled,
                Mode = AzureNative.Network.PolicyMode.Prevention,
                RedirectUrl = "http://www.bing.com",
                RequestBodyCheck = AzureNative.Network.PolicyRequestBodyCheck.Disabled,
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.SkuArgs
            {
                Name = AzureNative.Network.SkuName.Classic_AzureFrontDoor,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewPolicy(ctx, "policy", &network.PolicyArgs{
    			CustomRules: &network.CustomRuleListArgs{
    				Rules: network.CustomRuleArray{
    					&network.CustomRuleArgs{
    						Action: pulumi.String(network.ActionTypeBlock),
    						MatchConditions: network.FrontDoorMatchConditionArray{
    							&network.FrontDoorMatchConditionArgs{
    								MatchValue: pulumi.StringArray{
    									pulumi.String("192.168.1.0/24"),
    									pulumi.String("10.0.0.0/24"),
    								},
    								MatchVariable: pulumi.String(network.FrontDoorMatchVariableRemoteAddr),
    								Operator:      pulumi.String(network.OperatorIPMatch),
    							},
    						},
    						Name:               pulumi.String("Rule1"),
    						Priority:           pulumi.Int(1),
    						RateLimitThreshold: pulumi.Int(1000),
    						RuleType:           pulumi.String(network.RuleTypeRateLimitRule),
    					},
    					&network.CustomRuleArgs{
    						Action: pulumi.String(network.ActionTypeBlock),
    						MatchConditions: network.FrontDoorMatchConditionArray{
    							&network.FrontDoorMatchConditionArgs{
    								MatchValue: pulumi.StringArray{
    									pulumi.String("CH"),
    								},
    								MatchVariable: pulumi.String(network.FrontDoorMatchVariableRemoteAddr),
    								Operator:      pulumi.String(network.OperatorGeoMatch),
    							},
    							&network.FrontDoorMatchConditionArgs{
    								MatchValue: pulumi.StringArray{
    									pulumi.String("windows"),
    								},
    								MatchVariable: pulumi.String(network.FrontDoorMatchVariableRequestHeader),
    								Operator:      pulumi.String(network.OperatorContains),
    								Selector:      pulumi.String("UserAgent"),
    								Transforms: pulumi.StringArray{
    									pulumi.String(network.TransformTypeLowercase),
    								},
    							},
    						},
    						Name:     pulumi.String("Rule2"),
    						Priority: pulumi.Int(2),
    						RuleType: pulumi.String(network.RuleTypeMatchRule),
    					},
    				},
    			},
    			Location: pulumi.String("WestUs"),
    			ManagedRules: &network.ManagedRuleSetListArgs{
    				ManagedRuleSets: network.FrontDoorManagedRuleSetArray{
    					&network.FrontDoorManagedRuleSetArgs{
    						Exclusions: network.ManagedRuleExclusionArray{
    							&network.ManagedRuleExclusionArgs{
    								MatchVariable:         pulumi.String(network.ManagedRuleExclusionMatchVariableRequestHeaderNames),
    								Selector:              pulumi.String("User-Agent"),
    								SelectorMatchOperator: pulumi.String(network.ManagedRuleExclusionSelectorMatchOperatorEquals),
    							},
    						},
    						RuleGroupOverrides: network.FrontDoorManagedRuleGroupOverrideArray{
    							&network.FrontDoorManagedRuleGroupOverrideArgs{
    								Exclusions: network.ManagedRuleExclusionArray{
    									&network.ManagedRuleExclusionArgs{
    										MatchVariable:         pulumi.String(network.ManagedRuleExclusionMatchVariableRequestCookieNames),
    										Selector:              pulumi.String("token"),
    										SelectorMatchOperator: pulumi.String(network.ManagedRuleExclusionSelectorMatchOperatorStartsWith),
    									},
    								},
    								RuleGroupName: pulumi.String("SQLI"),
    								Rules: network.FrontDoorManagedRuleOverrideArray{
    									&network.FrontDoorManagedRuleOverrideArgs{
    										Action:       pulumi.String("Redirect"),
    										EnabledState: pulumi.String(network.ManagedRuleEnabledStateEnabled),
    										Exclusions: network.ManagedRuleExclusionArray{
    											&network.ManagedRuleExclusionArgs{
    												MatchVariable:         pulumi.String(network.ManagedRuleExclusionMatchVariableQueryStringArgNames),
    												Selector:              pulumi.String("query"),
    												SelectorMatchOperator: pulumi.String(network.ManagedRuleExclusionSelectorMatchOperatorEquals),
    											},
    										},
    										RuleId: pulumi.String("942100"),
    									},
    									&network.FrontDoorManagedRuleOverrideArgs{
    										EnabledState: pulumi.String(network.ManagedRuleEnabledStateDisabled),
    										RuleId:       pulumi.String("942110"),
    									},
    								},
    							},
    						},
    						RuleSetAction:  pulumi.String(network.ManagedRuleSetActionTypeBlock),
    						RuleSetType:    pulumi.String("DefaultRuleSet"),
    						RuleSetVersion: pulumi.String("1.0"),
    					},
    				},
    			},
    			PolicyName: pulumi.String("Policy1"),
    			PolicySettings: &network.FrontDoorPolicySettingsArgs{
    				CustomBlockResponseBody:       pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
    				CustomBlockResponseStatusCode: pulumi.Int(429),
    				EnabledState:                  pulumi.String(network.PolicyEnabledStateEnabled),
    				Mode:                          pulumi.String(network.PolicyModePrevention),
    				RedirectUrl:                   pulumi.String("http://www.bing.com"),
    				RequestBodyCheck:              pulumi.String(network.PolicyRequestBodyCheckDisabled),
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.SkuArgs{
    				Name: pulumi.String(network.SkuName_Classic_AzureFrontDoor),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.Policy;
    import com.pulumi.azurenative.network.PolicyArgs;
    import com.pulumi.azurenative.network.inputs.CustomRuleListArgs;
    import com.pulumi.azurenative.network.inputs.ManagedRuleSetListArgs;
    import com.pulumi.azurenative.network.inputs.FrontDoorPolicySettingsArgs;
    import com.pulumi.azurenative.network.inputs.SkuArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var policy = new Policy("policy", PolicyArgs.builder()        
                .customRules(CustomRuleListArgs.builder()
                    .rules(                
                        CustomRuleArgs.builder()
                            .action("Block")
                            .matchConditions(FrontDoorMatchConditionArgs.builder()
                                .matchValue(                            
                                    "192.168.1.0/24",
                                    "10.0.0.0/24")
                                .matchVariable("RemoteAddr")
                                .operator("IPMatch")
                                .build())
                            .name("Rule1")
                            .priority(1)
                            .rateLimitThreshold(1000)
                            .ruleType("RateLimitRule")
                            .build(),
                        CustomRuleArgs.builder()
                            .action("Block")
                            .matchConditions(                        
                                FrontDoorMatchConditionArgs.builder()
                                    .matchValue("CH")
                                    .matchVariable("RemoteAddr")
                                    .operator("GeoMatch")
                                    .build(),
                                FrontDoorMatchConditionArgs.builder()
                                    .matchValue("windows")
                                    .matchVariable("RequestHeader")
                                    .operator("Contains")
                                    .selector("UserAgent")
                                    .transforms("Lowercase")
                                    .build())
                            .name("Rule2")
                            .priority(2)
                            .ruleType("MatchRule")
                            .build())
                    .build())
                .location("WestUs")
                .managedRules(ManagedRuleSetListArgs.builder()
                    .managedRuleSets(FrontDoorManagedRuleSetArgs.builder()
                        .exclusions(ManagedRuleExclusionArgs.builder()
                            .matchVariable("RequestHeaderNames")
                            .selector("User-Agent")
                            .selectorMatchOperator("Equals")
                            .build())
                        .ruleGroupOverrides(FrontDoorManagedRuleGroupOverrideArgs.builder()
                            .exclusions(ManagedRuleExclusionArgs.builder()
                                .matchVariable("RequestCookieNames")
                                .selector("token")
                                .selectorMatchOperator("StartsWith")
                                .build())
                            .ruleGroupName("SQLI")
                            .rules(                        
                                FrontDoorManagedRuleOverrideArgs.builder()
                                    .action("Redirect")
                                    .enabledState("Enabled")
                                    .exclusions(ManagedRuleExclusionArgs.builder()
                                        .matchVariable("QueryStringArgNames")
                                        .selector("query")
                                        .selectorMatchOperator("Equals")
                                        .build())
                                    .ruleId("942100")
                                    .build(),
                                FrontDoorManagedRuleOverrideArgs.builder()
                                    .enabledState("Disabled")
                                    .ruleId("942110")
                                    .build())
                            .build())
                        .ruleSetAction("Block")
                        .ruleSetType("DefaultRuleSet")
                        .ruleSetVersion("1.0")
                        .build())
                    .build())
                .policyName("Policy1")
                .policySettings(FrontDoorPolicySettingsArgs.builder()
                    .customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
                    .customBlockResponseStatusCode(429)
                    .enabledState("Enabled")
                    .mode("Prevention")
                    .redirectUrl("http://www.bing.com")
                    .requestBodyCheck("Disabled")
                    .build())
                .resourceGroupName("rg1")
                .sku(SkuArgs.builder()
                    .name("Classic_AzureFrontDoor")
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    policy = azure_native.network.Policy("policy",
        custom_rules=azure_native.network.CustomRuleListArgs(
            rules=[
                azure_native.network.CustomRuleArgs(
                    action=azure_native.network.ActionType.BLOCK,
                    match_conditions=[azure_native.network.FrontDoorMatchConditionArgs(
                        match_value=[
                            "192.168.1.0/24",
                            "10.0.0.0/24",
                        ],
                        match_variable=azure_native.network.FrontDoorMatchVariable.REMOTE_ADDR,
                        operator=azure_native.network.Operator.IP_MATCH,
                    )],
                    name="Rule1",
                    priority=1,
                    rate_limit_threshold=1000,
                    rule_type=azure_native.network.RuleType.RATE_LIMIT_RULE,
                ),
                azure_native.network.CustomRuleArgs(
                    action=azure_native.network.ActionType.BLOCK,
                    match_conditions=[
                        azure_native.network.FrontDoorMatchConditionArgs(
                            match_value=["CH"],
                            match_variable=azure_native.network.FrontDoorMatchVariable.REMOTE_ADDR,
                            operator=azure_native.network.Operator.GEO_MATCH,
                        ),
                        azure_native.network.FrontDoorMatchConditionArgs(
                            match_value=["windows"],
                            match_variable=azure_native.network.FrontDoorMatchVariable.REQUEST_HEADER,
                            operator=azure_native.network.Operator.CONTAINS,
                            selector="UserAgent",
                            transforms=[azure_native.network.TransformType.LOWERCASE],
                        ),
                    ],
                    name="Rule2",
                    priority=2,
                    rule_type=azure_native.network.RuleType.MATCH_RULE,
                ),
            ],
        ),
        location="WestUs",
        managed_rules=azure_native.network.ManagedRuleSetListArgs(
            managed_rule_sets=[azure_native.network.FrontDoorManagedRuleSetArgs(
                exclusions=[azure_native.network.ManagedRuleExclusionArgs(
                    match_variable=azure_native.network.ManagedRuleExclusionMatchVariable.REQUEST_HEADER_NAMES,
                    selector="User-Agent",
                    selector_match_operator=azure_native.network.ManagedRuleExclusionSelectorMatchOperator.EQUALS,
                )],
                rule_group_overrides=[azure_native.network.FrontDoorManagedRuleGroupOverrideArgs(
                    exclusions=[azure_native.network.ManagedRuleExclusionArgs(
                        match_variable=azure_native.network.ManagedRuleExclusionMatchVariable.REQUEST_COOKIE_NAMES,
                        selector="token",
                        selector_match_operator=azure_native.network.ManagedRuleExclusionSelectorMatchOperator.STARTS_WITH,
                    )],
                    rule_group_name="SQLI",
                    rules=[
                        azure_native.network.FrontDoorManagedRuleOverrideArgs(
                            action="Redirect",
                            enabled_state=azure_native.network.ManagedRuleEnabledState.ENABLED,
                            exclusions=[azure_native.network.ManagedRuleExclusionArgs(
                                match_variable=azure_native.network.ManagedRuleExclusionMatchVariable.QUERY_STRING_ARG_NAMES,
                                selector="query",
                                selector_match_operator=azure_native.network.ManagedRuleExclusionSelectorMatchOperator.EQUALS,
                            )],
                            rule_id="942100",
                        ),
                        azure_native.network.FrontDoorManagedRuleOverrideArgs(
                            enabled_state=azure_native.network.ManagedRuleEnabledState.DISABLED,
                            rule_id="942110",
                        ),
                    ],
                )],
                rule_set_action=azure_native.network.ManagedRuleSetActionType.BLOCK,
                rule_set_type="DefaultRuleSet",
                rule_set_version="1.0",
            )],
        ),
        policy_name="Policy1",
        policy_settings=azure_native.network.FrontDoorPolicySettingsArgs(
            custom_block_response_body="PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
            custom_block_response_status_code=429,
            enabled_state=azure_native.network.PolicyEnabledState.ENABLED,
            mode=azure_native.network.PolicyMode.PREVENTION,
            redirect_url="http://www.bing.com",
            request_body_check=azure_native.network.PolicyRequestBodyCheck.DISABLED,
        ),
        resource_group_name="rg1",
        sku=azure_native.network.SkuArgs(
            name=azure_native.network.SkuName.CLASSIC_AZURE_FRONT_DOOR,
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const policy = new azure_native.network.Policy("policy", {
        customRules: {
            rules: [
                {
                    action: azure_native.network.ActionType.Block,
                    matchConditions: [{
                        matchValue: [
                            "192.168.1.0/24",
                            "10.0.0.0/24",
                        ],
                        matchVariable: azure_native.network.FrontDoorMatchVariable.RemoteAddr,
                        operator: azure_native.network.Operator.IPMatch,
                    }],
                    name: "Rule1",
                    priority: 1,
                    rateLimitThreshold: 1000,
                    ruleType: azure_native.network.RuleType.RateLimitRule,
                },
                {
                    action: azure_native.network.ActionType.Block,
                    matchConditions: [
                        {
                            matchValue: ["CH"],
                            matchVariable: azure_native.network.FrontDoorMatchVariable.RemoteAddr,
                            operator: azure_native.network.Operator.GeoMatch,
                        },
                        {
                            matchValue: ["windows"],
                            matchVariable: azure_native.network.FrontDoorMatchVariable.RequestHeader,
                            operator: azure_native.network.Operator.Contains,
                            selector: "UserAgent",
                            transforms: [azure_native.network.TransformType.Lowercase],
                        },
                    ],
                    name: "Rule2",
                    priority: 2,
                    ruleType: azure_native.network.RuleType.MatchRule,
                },
            ],
        },
        location: "WestUs",
        managedRules: {
            managedRuleSets: [{
                exclusions: [{
                    matchVariable: azure_native.network.ManagedRuleExclusionMatchVariable.RequestHeaderNames,
                    selector: "User-Agent",
                    selectorMatchOperator: azure_native.network.ManagedRuleExclusionSelectorMatchOperator.Equals,
                }],
                ruleGroupOverrides: [{
                    exclusions: [{
                        matchVariable: azure_native.network.ManagedRuleExclusionMatchVariable.RequestCookieNames,
                        selector: "token",
                        selectorMatchOperator: azure_native.network.ManagedRuleExclusionSelectorMatchOperator.StartsWith,
                    }],
                    ruleGroupName: "SQLI",
                    rules: [
                        {
                            action: "Redirect",
                            enabledState: azure_native.network.ManagedRuleEnabledState.Enabled,
                            exclusions: [{
                                matchVariable: azure_native.network.ManagedRuleExclusionMatchVariable.QueryStringArgNames,
                                selector: "query",
                                selectorMatchOperator: azure_native.network.ManagedRuleExclusionSelectorMatchOperator.Equals,
                            }],
                            ruleId: "942100",
                        },
                        {
                            enabledState: azure_native.network.ManagedRuleEnabledState.Disabled,
                            ruleId: "942110",
                        },
                    ],
                }],
                ruleSetAction: azure_native.network.ManagedRuleSetActionType.Block,
                ruleSetType: "DefaultRuleSet",
                ruleSetVersion: "1.0",
            }],
        },
        policyName: "Policy1",
        policySettings: {
            customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
            customBlockResponseStatusCode: 429,
            enabledState: azure_native.network.PolicyEnabledState.Enabled,
            mode: azure_native.network.PolicyMode.Prevention,
            redirectUrl: "http://www.bing.com",
            requestBodyCheck: azure_native.network.PolicyRequestBodyCheck.Disabled,
        },
        resourceGroupName: "rg1",
        sku: {
            name: azure_native.network.SkuName.Classic_AzureFrontDoor,
        },
    });
    
    resources:
      policy:
        type: azure-native:network:Policy
        properties:
          customRules:
            rules:
              - action: Block
                matchConditions:
                  - matchValue:
                      - 192.168.1.0/24
                      - 10.0.0.0/24
                    matchVariable: RemoteAddr
                    operator: IPMatch
                name: Rule1
                priority: 1
                rateLimitThreshold: 1000
                ruleType: RateLimitRule
              - action: Block
                matchConditions:
                  - matchValue:
                      - CH
                    matchVariable: RemoteAddr
                    operator: GeoMatch
                  - matchValue:
                      - windows
                    matchVariable: RequestHeader
                    operator: Contains
                    selector: UserAgent
                    transforms:
                      - Lowercase
                name: Rule2
                priority: 2
                ruleType: MatchRule
          location: WestUs
          managedRules:
            managedRuleSets:
              - exclusions:
                  - matchVariable: RequestHeaderNames
                    selector: User-Agent
                    selectorMatchOperator: Equals
                ruleGroupOverrides:
                  - exclusions:
                      - matchVariable: RequestCookieNames
                        selector: token
                        selectorMatchOperator: StartsWith
                    ruleGroupName: SQLI
                    rules:
                      - action: Redirect
                        enabledState: Enabled
                        exclusions:
                          - matchVariable: QueryStringArgNames
                            selector: query
                            selectorMatchOperator: Equals
                        ruleId: '942100'
                      - enabledState: Disabled
                        ruleId: '942110'
                ruleSetAction: Block
                ruleSetType: DefaultRuleSet
                ruleSetVersion: '1.0'
          policyName: Policy1
          policySettings:
            customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
            customBlockResponseStatusCode: 429
            enabledState: Enabled
            mode: Prevention
            redirectUrl: http://www.bing.com
            requestBodyCheck: Disabled
          resourceGroupName: rg1
          sku:
            name: Classic_AzureFrontDoor
    

    Create Policy Resource

    new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);
    @overload
    def Policy(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               custom_rules: Optional[CustomRuleListArgs] = None,
               location: Optional[str] = None,
               managed_rules: Optional[ManagedRuleSetListArgs] = None,
               policy_name: Optional[str] = None,
               policy_settings: Optional[FrontDoorPolicySettingsArgs] = None,
               resource_group_name: Optional[str] = None,
               sku: Optional[SkuArgs] = None,
               tags: Optional[Mapping[str, str]] = None)
    @overload
    def Policy(resource_name: str,
               args: PolicyArgs,
               opts: Optional[ResourceOptions] = None)
    func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)
    public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
    public Policy(String name, PolicyArgs args)
    public Policy(String name, PolicyArgs args, CustomResourceOptions options)
    
    type: azure-native:network:Policy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Policy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Policy resource accepts the following input properties:

    ResourceGroupName string
    Name of the Resource group within the Azure subscription.
    CustomRules Pulumi.AzureNative.Network.Inputs.CustomRuleList
    Describes custom rules inside the policy.
    Location string
    Resource location.
    ManagedRules Pulumi.AzureNative.Network.Inputs.ManagedRuleSetList
    Describes managed rules inside the policy.
    PolicyName string
    The name of the Web Application Firewall Policy.
    PolicySettings Pulumi.AzureNative.Network.Inputs.FrontDoorPolicySettings
    Describes settings for the policy.
    Sku Pulumi.AzureNative.Network.Inputs.Sku
    The pricing tier of web application firewall policy. Defaults to Classic_AzureFrontDoor if not specified.
    Tags Dictionary<string, string>
    Resource tags.
    ResourceGroupName string
    Name of the Resource group within the Azure subscription.
    CustomRules CustomRuleListArgs
    Describes custom rules inside the policy.
    Location string
    Resource location.
    ManagedRules ManagedRuleSetListArgs
    Describes managed rules inside the policy.
    PolicyName string
    The name of the Web Application Firewall Policy.
    PolicySettings FrontDoorPolicySettingsArgs
    Describes settings for the policy.
    Sku SkuArgs
    The pricing tier of web application firewall policy. Defaults to Classic_AzureFrontDoor if not specified.
    Tags map[string]string
    Resource tags.
    resourceGroupName String
    Name of the Resource group within the Azure subscription.
    customRules CustomRuleList
    Describes custom rules inside the policy.
    location String
    Resource location.
    managedRules ManagedRuleSetList
    Describes managed rules inside the policy.
    policyName String
    The name of the Web Application Firewall Policy.
    policySettings FrontDoorPolicySettings
    Describes settings for the policy.
    sku Sku
    The pricing tier of web application firewall policy. Defaults to Classic_AzureFrontDoor if not specified.
    tags Map<String,String>
    Resource tags.
    resourceGroupName string
    Name of the Resource group within the Azure subscription.
    customRules CustomRuleList
    Describes custom rules inside the policy.
    location string
    Resource location.
    managedRules ManagedRuleSetList
    Describes managed rules inside the policy.
    policyName string
    The name of the Web Application Firewall Policy.
    policySettings FrontDoorPolicySettings
    Describes settings for the policy.
    sku Sku
    The pricing tier of web application firewall policy. Defaults to Classic_AzureFrontDoor if not specified.
    tags {[key: string]: string}
    Resource tags.
    resource_group_name str
    Name of the Resource group within the Azure subscription.
    custom_rules CustomRuleListArgs
    Describes custom rules inside the policy.
    location str
    Resource location.
    managed_rules ManagedRuleSetListArgs
    Describes managed rules inside the policy.
    policy_name str
    The name of the Web Application Firewall Policy.
    policy_settings FrontDoorPolicySettingsArgs
    Describes settings for the policy.
    sku SkuArgs
    The pricing tier of web application firewall policy. Defaults to Classic_AzureFrontDoor if not specified.
    tags Mapping[str, str]
    Resource tags.
    resourceGroupName String
    Name of the Resource group within the Azure subscription.
    customRules Property Map
    Describes custom rules inside the policy.
    location String
    Resource location.
    managedRules Property Map
    Describes managed rules inside the policy.
    policyName String
    The name of the Web Application Firewall Policy.
    policySettings Property Map
    Describes settings for the policy.
    sku Property Map
    The pricing tier of web application firewall policy. Defaults to Classic_AzureFrontDoor if not specified.
    tags Map<String>
    Resource tags.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:

    FrontendEndpointLinks List<Pulumi.AzureNative.Network.Outputs.FrontendEndpointLinkResponse>
    Describes Frontend Endpoints associated with this Web Application Firewall policy.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Resource name.
    ProvisioningState string
    Provisioning state of the policy.
    ResourceState string
    RoutingRuleLinks List<Pulumi.AzureNative.Network.Outputs.RoutingRuleLinkResponse>
    Describes Routing Rules associated with this Web Application Firewall policy.
    SecurityPolicyLinks List<Pulumi.AzureNative.Network.Outputs.SecurityPolicyLinkResponse>
    Describes Security Policy associated with this Web Application Firewall policy.
    Type string
    Resource type.
    Etag string
    Gets a unique read-only string that changes whenever the resource is updated.
    FrontendEndpointLinks []FrontendEndpointLinkResponse
    Describes Frontend Endpoints associated with this Web Application Firewall policy.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Resource name.
    ProvisioningState string
    Provisioning state of the policy.
    ResourceState string
    RoutingRuleLinks []RoutingRuleLinkResponse
    Describes Routing Rules associated with this Web Application Firewall policy.
    SecurityPolicyLinks []SecurityPolicyLinkResponse
    Describes Security Policy associated with this Web Application Firewall policy.
    Type string
    Resource type.
    Etag string
    Gets a unique read-only string that changes whenever the resource is updated.
    frontendEndpointLinks List<FrontendEndpointLinkResponse>
    Describes Frontend Endpoints associated with this Web Application Firewall policy.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Resource name.
    provisioningState String
    Provisioning state of the policy.
    resourceState String
    routingRuleLinks List<RoutingRuleLinkResponse>
    Describes Routing Rules associated with this Web Application Firewall policy.
    securityPolicyLinks List<SecurityPolicyLinkResponse>
    Describes Security Policy associated with this Web Application Firewall policy.
    type String
    Resource type.
    etag String
    Gets a unique read-only string that changes whenever the resource is updated.
    frontendEndpointLinks FrontendEndpointLinkResponse[]
    Describes Frontend Endpoints associated with this Web Application Firewall policy.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    Resource name.
    provisioningState string
    Provisioning state of the policy.
    resourceState string
    routingRuleLinks RoutingRuleLinkResponse[]
    Describes Routing Rules associated with this Web Application Firewall policy.
    securityPolicyLinks SecurityPolicyLinkResponse[]
    Describes Security Policy associated with this Web Application Firewall policy.
    type string
    Resource type.
    etag string
    Gets a unique read-only string that changes whenever the resource is updated.
    frontend_endpoint_links Sequence[FrontendEndpointLinkResponse]
    Describes Frontend Endpoints associated with this Web Application Firewall policy.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    Resource name.
    provisioning_state str
    Provisioning state of the policy.
    resource_state str
    routing_rule_links Sequence[RoutingRuleLinkResponse]
    Describes Routing Rules associated with this Web Application Firewall policy.
    security_policy_links Sequence[SecurityPolicyLinkResponse]
    Describes Security Policy associated with this Web Application Firewall policy.
    type str
    Resource type.
    etag str
    Gets a unique read-only string that changes whenever the resource is updated.
    frontendEndpointLinks List<Property Map>
    Describes Frontend Endpoints associated with this Web Application Firewall policy.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Resource name.
    provisioningState String
    Provisioning state of the policy.
    resourceState String
    routingRuleLinks List<Property Map>
    Describes Routing Rules associated with this Web Application Firewall policy.
    securityPolicyLinks List<Property Map>
    Describes Security Policy associated with this Web Application Firewall policy.
    type String
    Resource type.
    etag String
    Gets a unique read-only string that changes whenever the resource is updated.

    Supporting Types

    ActionType, ActionTypeArgs

    AnomalyScoring
    AnomalyScoring
    Allow
    Allow
    Block
    Block
    Log
    Log
    ActionTypeAnomalyScoring
    AnomalyScoring
    ActionTypeAllow
    Allow
    ActionTypeBlock
    Block
    ActionTypeLog
    Log
    AnomalyScoring
    AnomalyScoring
    Allow
    Allow
    Block
    Block
    Log
    Log
    AnomalyScoring
    AnomalyScoring
    Allow
    Allow
    Block
    Block
    Log
    Log
    ANOMALY_SCORING
    AnomalyScoring
    ALLOW
    Allow
    BLOCK
    Block
    LOG
    Log
    "AnomalyScoring"
    AnomalyScoring
    "Allow"
    Allow
    "Block"
    Block
    "Log"
    Log

    BastionHostSkuName, BastionHostSkuNameArgs

    Basic
    Basic
    Standard
    Standard
    BastionHostSkuNameBasic
    Basic
    BastionHostSkuNameStandard
    Standard
    Basic
    Basic
    Standard
    Standard
    Basic
    Basic
    Standard
    Standard
    BASIC
    Basic
    STANDARD
    Standard
    "Basic"
    Basic
    "Standard"
    Standard

    CustomRule, CustomRuleArgs

    Action string | Pulumi.AzureNative.Network.ActionType
    Describes what action to be applied when rule matches.
    MatchConditions List<Pulumi.AzureNative.Network.Inputs.FrontDoorMatchCondition>
    List of match conditions.
    Priority int
    Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
    RuleType string | Pulumi.AzureNative.Network.RuleType
    Describes type of rule.
    EnabledState string | Pulumi.AzureNative.Network.CustomRuleEnabledState
    Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
    Name string
    Describes the name of the rule.
    RateLimitDurationInMinutes int
    Time window for resetting the rate limit count. Default is 1 minute.
    RateLimitThreshold int
    Number of allowed requests per client within the time window.
    Action string | ActionType
    Describes what action to be applied when rule matches.
    MatchConditions []FrontDoorMatchCondition
    List of match conditions.
    Priority int
    Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
    RuleType string | RuleType
    Describes type of rule.
    EnabledState string | CustomRuleEnabledState
    Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
    Name string
    Describes the name of the rule.
    RateLimitDurationInMinutes int
    Time window for resetting the rate limit count. Default is 1 minute.
    RateLimitThreshold int
    Number of allowed requests per client within the time window.
    action String | ActionType
    Describes what action to be applied when rule matches.
    matchConditions List<FrontDoorMatchCondition>
    List of match conditions.
    priority Integer
    Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
    ruleType String | RuleType
    Describes type of rule.
    enabledState String | CustomRuleEnabledState
    Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
    name String
    Describes the name of the rule.
    rateLimitDurationInMinutes Integer
    Time window for resetting the rate limit count. Default is 1 minute.
    rateLimitThreshold Integer
    Number of allowed requests per client within the time window.
    action string | ActionType
    Describes what action to be applied when rule matches.
    matchConditions FrontDoorMatchCondition[]
    List of match conditions.
    priority number
    Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
    ruleType string | RuleType
    Describes type of rule.
    enabledState string | CustomRuleEnabledState
    Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
    name string
    Describes the name of the rule.
    rateLimitDurationInMinutes number
    Time window for resetting the rate limit count. Default is 1 minute.
    rateLimitThreshold number
    Number of allowed requests per client within the time window.
    action str | ActionType
    Describes what action to be applied when rule matches.
    match_conditions Sequence[FrontDoorMatchCondition]
    List of match conditions.
    priority int
    Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
    rule_type str | RuleType
    Describes type of rule.
    enabled_state str | CustomRuleEnabledState
    Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
    name str
    Describes the name of the rule.
    rate_limit_duration_in_minutes int
    Time window for resetting the rate limit count. Default is 1 minute.
    rate_limit_threshold int
    Number of allowed requests per client within the time window.
    action String | "AnomalyScoring" | "Allow" | "Block" | "Log"
    Describes what action to be applied when rule matches.
    matchConditions List<Property Map>
    List of match conditions.
    priority Number
    Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
    ruleType String | "MatchRule" | "RateLimitRule"
    Describes type of rule.
    enabledState String | "Disabled" | "Enabled"
    Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
    name String
    Describes the name of the rule.
    rateLimitDurationInMinutes Number
    Time window for resetting the rate limit count. Default is 1 minute.
    rateLimitThreshold Number
    Number of allowed requests per client within the time window.

    CustomRuleEnabledState, CustomRuleEnabledStateArgs

    Disabled
    Disabled
    Enabled
    Enabled
    CustomRuleEnabledStateDisabled
    Disabled
    CustomRuleEnabledStateEnabled
    Enabled
    Disabled
    Disabled
    Enabled
    Enabled
    Disabled
    Disabled
    Enabled
    Enabled
    DISABLED
    Disabled
    ENABLED
    Enabled
    "Disabled"
    Disabled
    "Enabled"
    Enabled

    CustomRuleList, CustomRuleListArgs

    Rules []CustomRule
    List of rules
    rules List<CustomRule>
    List of rules
    rules CustomRule[]
    List of rules

    CustomRuleListResponse, CustomRuleListResponseArgs

    CustomRuleResponse, CustomRuleResponseArgs

    Action string
    Describes what action to be applied when rule matches.
    MatchConditions List<Pulumi.AzureNative.Network.Inputs.FrontDoorMatchConditionResponse>
    List of match conditions.
    Priority int
    Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
    RuleType string
    Describes type of rule.
    EnabledState string
    Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
    Name string
    Describes the name of the rule.
    RateLimitDurationInMinutes int
    Time window for resetting the rate limit count. Default is 1 minute.
    RateLimitThreshold int
    Number of allowed requests per client within the time window.
    Action string
    Describes what action to be applied when rule matches.
    MatchConditions []FrontDoorMatchConditionResponse
    List of match conditions.
    Priority int
    Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
    RuleType string
    Describes type of rule.
    EnabledState string
    Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
    Name string
    Describes the name of the rule.
    RateLimitDurationInMinutes int
    Time window for resetting the rate limit count. Default is 1 minute.
    RateLimitThreshold int
    Number of allowed requests per client within the time window.
    action String
    Describes what action to be applied when rule matches.
    matchConditions List<FrontDoorMatchConditionResponse>
    List of match conditions.
    priority Integer
    Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
    ruleType String
    Describes type of rule.
    enabledState String
    Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
    name String
    Describes the name of the rule.
    rateLimitDurationInMinutes Integer
    Time window for resetting the rate limit count. Default is 1 minute.
    rateLimitThreshold Integer
    Number of allowed requests per client within the time window.
    action string
    Describes what action to be applied when rule matches.
    matchConditions FrontDoorMatchConditionResponse[]
    List of match conditions.
    priority number
    Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
    ruleType string
    Describes type of rule.
    enabledState string
    Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
    name string
    Describes the name of the rule.
    rateLimitDurationInMinutes number
    Time window for resetting the rate limit count. Default is 1 minute.
    rateLimitThreshold number
    Number of allowed requests per client within the time window.
    action str
    Describes what action to be applied when rule matches.
    match_conditions Sequence[FrontDoorMatchConditionResponse]
    List of match conditions.
    priority int
    Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
    rule_type str
    Describes type of rule.
    enabled_state str
    Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
    name str
    Describes the name of the rule.
    rate_limit_duration_in_minutes int
    Time window for resetting the rate limit count. Default is 1 minute.
    rate_limit_threshold int
    Number of allowed requests per client within the time window.
    action String
    Describes what action to be applied when rule matches.
    matchConditions List<Property Map>
    List of match conditions.
    priority Number
    Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
    ruleType String
    Describes type of rule.
    enabledState String
    Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
    name String
    Describes the name of the rule.
    rateLimitDurationInMinutes Number
    Time window for resetting the rate limit count. Default is 1 minute.
    rateLimitThreshold Number
    Number of allowed requests per client within the time window.

    FrontDoorManagedRuleGroupOverride, FrontDoorManagedRuleGroupOverrideArgs

    RuleGroupName string
    Describes the managed rule group to override.
    Exclusions List<Pulumi.AzureNative.Network.Inputs.ManagedRuleExclusion>
    Describes the exclusions that are applied to all rules in the group.
    Rules List<Pulumi.AzureNative.Network.Inputs.FrontDoorManagedRuleOverride>
    List of rules that will be disabled. If none specified, all rules in the group will be disabled.
    RuleGroupName string
    Describes the managed rule group to override.
    Exclusions []ManagedRuleExclusion
    Describes the exclusions that are applied to all rules in the group.
    Rules []FrontDoorManagedRuleOverride
    List of rules that will be disabled. If none specified, all rules in the group will be disabled.
    ruleGroupName String
    Describes the managed rule group to override.
    exclusions List<ManagedRuleExclusion>
    Describes the exclusions that are applied to all rules in the group.
    rules List<FrontDoorManagedRuleOverride>
    List of rules that will be disabled. If none specified, all rules in the group will be disabled.
    ruleGroupName string
    Describes the managed rule group to override.
    exclusions ManagedRuleExclusion[]
    Describes the exclusions that are applied to all rules in the group.
    rules FrontDoorManagedRuleOverride[]
    List of rules that will be disabled. If none specified, all rules in the group will be disabled.
    rule_group_name str
    Describes the managed rule group to override.
    exclusions Sequence[ManagedRuleExclusion]
    Describes the exclusions that are applied to all rules in the group.
    rules Sequence[FrontDoorManagedRuleOverride]
    List of rules that will be disabled. If none specified, all rules in the group will be disabled.
    ruleGroupName String
    Describes the managed rule group to override.
    exclusions List<Property Map>
    Describes the exclusions that are applied to all rules in the group.
    rules List<Property Map>
    List of rules that will be disabled. If none specified, all rules in the group will be disabled.

    FrontDoorManagedRuleGroupOverrideResponse, FrontDoorManagedRuleGroupOverrideResponseArgs

    RuleGroupName string
    Describes the managed rule group to override.
    Exclusions List<Pulumi.AzureNative.Network.Inputs.ManagedRuleExclusionResponse>
    Describes the exclusions that are applied to all rules in the group.
    Rules List<Pulumi.AzureNative.Network.Inputs.FrontDoorManagedRuleOverrideResponse>
    List of rules that will be disabled. If none specified, all rules in the group will be disabled.
    RuleGroupName string
    Describes the managed rule group to override.
    Exclusions []ManagedRuleExclusionResponse
    Describes the exclusions that are applied to all rules in the group.
    Rules []FrontDoorManagedRuleOverrideResponse
    List of rules that will be disabled. If none specified, all rules in the group will be disabled.
    ruleGroupName String
    Describes the managed rule group to override.
    exclusions List<ManagedRuleExclusionResponse>
    Describes the exclusions that are applied to all rules in the group.
    rules List<FrontDoorManagedRuleOverrideResponse>
    List of rules that will be disabled. If none specified, all rules in the group will be disabled.
    ruleGroupName string
    Describes the managed rule group to override.
    exclusions ManagedRuleExclusionResponse[]
    Describes the exclusions that are applied to all rules in the group.
    rules FrontDoorManagedRuleOverrideResponse[]
    List of rules that will be disabled. If none specified, all rules in the group will be disabled.
    rule_group_name str
    Describes the managed rule group to override.
    exclusions Sequence[ManagedRuleExclusionResponse]
    Describes the exclusions that are applied to all rules in the group.
    rules Sequence[FrontDoorManagedRuleOverrideResponse]
    List of rules that will be disabled. If none specified, all rules in the group will be disabled.
    ruleGroupName String
    Describes the managed rule group to override.
    exclusions List<Property Map>
    Describes the exclusions that are applied to all rules in the group.
    rules List<Property Map>
    List of rules that will be disabled. If none specified, all rules in the group will be disabled.

    FrontDoorManagedRuleOverride, FrontDoorManagedRuleOverrideArgs

    RuleId string
    Identifier for the managed rule.
    Action string | Pulumi.AzureNative.Network.ActionType
    Describes the override action to be applied when rule matches.
    EnabledState string | Pulumi.AzureNative.Network.ManagedRuleEnabledState
    Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
    Exclusions List<Pulumi.AzureNative.Network.Inputs.ManagedRuleExclusion>
    Describes the exclusions that are applied to this specific rule.
    RuleId string
    Identifier for the managed rule.
    Action string | ActionType
    Describes the override action to be applied when rule matches.
    EnabledState string | ManagedRuleEnabledState
    Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
    Exclusions []ManagedRuleExclusion
    Describes the exclusions that are applied to this specific rule.
    ruleId String
    Identifier for the managed rule.
    action String | ActionType
    Describes the override action to be applied when rule matches.
    enabledState String | ManagedRuleEnabledState
    Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
    exclusions List<ManagedRuleExclusion>
    Describes the exclusions that are applied to this specific rule.
    ruleId string
    Identifier for the managed rule.
    action string | ActionType
    Describes the override action to be applied when rule matches.
    enabledState string | ManagedRuleEnabledState
    Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
    exclusions ManagedRuleExclusion[]
    Describes the exclusions that are applied to this specific rule.
    rule_id str
    Identifier for the managed rule.
    action str | ActionType
    Describes the override action to be applied when rule matches.
    enabled_state str | ManagedRuleEnabledState
    Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
    exclusions Sequence[ManagedRuleExclusion]
    Describes the exclusions that are applied to this specific rule.
    ruleId String
    Identifier for the managed rule.
    action String | "AnomalyScoring" | "Allow" | "Block" | "Log"
    Describes the override action to be applied when rule matches.
    enabledState String | "Disabled" | "Enabled"
    Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
    exclusions List<Property Map>
    Describes the exclusions that are applied to this specific rule.

    FrontDoorManagedRuleOverrideResponse, FrontDoorManagedRuleOverrideResponseArgs

    RuleId string
    Identifier for the managed rule.
    Action string
    Describes the override action to be applied when rule matches.
    EnabledState string
    Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
    Exclusions List<Pulumi.AzureNative.Network.Inputs.ManagedRuleExclusionResponse>
    Describes the exclusions that are applied to this specific rule.
    RuleId string
    Identifier for the managed rule.
    Action string
    Describes the override action to be applied when rule matches.
    EnabledState string
    Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
    Exclusions []ManagedRuleExclusionResponse
    Describes the exclusions that are applied to this specific rule.
    ruleId String
    Identifier for the managed rule.
    action String
    Describes the override action to be applied when rule matches.
    enabledState String
    Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
    exclusions List<ManagedRuleExclusionResponse>
    Describes the exclusions that are applied to this specific rule.
    ruleId string
    Identifier for the managed rule.
    action string
    Describes the override action to be applied when rule matches.
    enabledState string
    Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
    exclusions ManagedRuleExclusionResponse[]
    Describes the exclusions that are applied to this specific rule.
    rule_id str
    Identifier for the managed rule.
    action str
    Describes the override action to be applied when rule matches.
    enabled_state str
    Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
    exclusions Sequence[ManagedRuleExclusionResponse]
    Describes the exclusions that are applied to this specific rule.
    ruleId String
    Identifier for the managed rule.
    action String
    Describes the override action to be applied when rule matches.
    enabledState String
    Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
    exclusions List<Property Map>
    Describes the exclusions that are applied to this specific rule.

    FrontDoorManagedRuleSet, FrontDoorManagedRuleSetArgs

    RuleSetType string
    Defines the rule set type to use.
    RuleSetVersion string
    Defines the version of the rule set to use.
    Exclusions List<Pulumi.AzureNative.Network.Inputs.ManagedRuleExclusion>
    Describes the exclusions that are applied to all rules in the set.
    RuleGroupOverrides List<Pulumi.AzureNative.Network.Inputs.FrontDoorManagedRuleGroupOverride>
    Defines the rule group overrides to apply to the rule set.
    RuleSetAction string | Pulumi.AzureNative.Network.ManagedRuleSetActionType
    Defines the rule set action.
    RuleSetType string
    Defines the rule set type to use.
    RuleSetVersion string
    Defines the version of the rule set to use.
    Exclusions []ManagedRuleExclusion
    Describes the exclusions that are applied to all rules in the set.
    RuleGroupOverrides []FrontDoorManagedRuleGroupOverride
    Defines the rule group overrides to apply to the rule set.
    RuleSetAction string | ManagedRuleSetActionType
    Defines the rule set action.
    ruleSetType String
    Defines the rule set type to use.
    ruleSetVersion String
    Defines the version of the rule set to use.
    exclusions List<ManagedRuleExclusion>
    Describes the exclusions that are applied to all rules in the set.
    ruleGroupOverrides List<FrontDoorManagedRuleGroupOverride>
    Defines the rule group overrides to apply to the rule set.
    ruleSetAction String | ManagedRuleSetActionType
    Defines the rule set action.
    ruleSetType string
    Defines the rule set type to use.
    ruleSetVersion string
    Defines the version of the rule set to use.
    exclusions ManagedRuleExclusion[]
    Describes the exclusions that are applied to all rules in the set.
    ruleGroupOverrides FrontDoorManagedRuleGroupOverride[]
    Defines the rule group overrides to apply to the rule set.
    ruleSetAction string | ManagedRuleSetActionType
    Defines the rule set action.
    rule_set_type str
    Defines the rule set type to use.
    rule_set_version str
    Defines the version of the rule set to use.
    exclusions Sequence[ManagedRuleExclusion]
    Describes the exclusions that are applied to all rules in the set.
    rule_group_overrides Sequence[FrontDoorManagedRuleGroupOverride]
    Defines the rule group overrides to apply to the rule set.
    rule_set_action str | ManagedRuleSetActionType
    Defines the rule set action.
    ruleSetType String
    Defines the rule set type to use.
    ruleSetVersion String
    Defines the version of the rule set to use.
    exclusions List<Property Map>
    Describes the exclusions that are applied to all rules in the set.
    ruleGroupOverrides List<Property Map>
    Defines the rule group overrides to apply to the rule set.
    ruleSetAction String | "Block" | "Log" | "Redirect"
    Defines the rule set action.

    FrontDoorManagedRuleSetResponse, FrontDoorManagedRuleSetResponseArgs

    RuleSetType string
    Defines the rule set type to use.
    RuleSetVersion string
    Defines the version of the rule set to use.
    Exclusions List<Pulumi.AzureNative.Network.Inputs.ManagedRuleExclusionResponse>
    Describes the exclusions that are applied to all rules in the set.
    RuleGroupOverrides List<Pulumi.AzureNative.Network.Inputs.FrontDoorManagedRuleGroupOverrideResponse>
    Defines the rule group overrides to apply to the rule set.
    RuleSetAction string
    Defines the rule set action.
    RuleSetType string
    Defines the rule set type to use.
    RuleSetVersion string
    Defines the version of the rule set to use.
    Exclusions []ManagedRuleExclusionResponse
    Describes the exclusions that are applied to all rules in the set.
    RuleGroupOverrides []FrontDoorManagedRuleGroupOverrideResponse
    Defines the rule group overrides to apply to the rule set.
    RuleSetAction string
    Defines the rule set action.
    ruleSetType String
    Defines the rule set type to use.
    ruleSetVersion String
    Defines the version of the rule set to use.
    exclusions List<ManagedRuleExclusionResponse>
    Describes the exclusions that are applied to all rules in the set.
    ruleGroupOverrides List<FrontDoorManagedRuleGroupOverrideResponse>
    Defines the rule group overrides to apply to the rule set.
    ruleSetAction String
    Defines the rule set action.
    ruleSetType string
    Defines the rule set type to use.
    ruleSetVersion string
    Defines the version of the rule set to use.
    exclusions ManagedRuleExclusionResponse[]
    Describes the exclusions that are applied to all rules in the set.
    ruleGroupOverrides FrontDoorManagedRuleGroupOverrideResponse[]
    Defines the rule group overrides to apply to the rule set.
    ruleSetAction string
    Defines the rule set action.
    rule_set_type str
    Defines the rule set type to use.
    rule_set_version str
    Defines the version of the rule set to use.
    exclusions Sequence[ManagedRuleExclusionResponse]
    Describes the exclusions that are applied to all rules in the set.
    rule_group_overrides Sequence[FrontDoorManagedRuleGroupOverrideResponse]
    Defines the rule group overrides to apply to the rule set.
    rule_set_action str
    Defines the rule set action.
    ruleSetType String
    Defines the rule set type to use.
    ruleSetVersion String
    Defines the version of the rule set to use.
    exclusions List<Property Map>
    Describes the exclusions that are applied to all rules in the set.
    ruleGroupOverrides List<Property Map>
    Defines the rule group overrides to apply to the rule set.
    ruleSetAction String
    Defines the rule set action.

    FrontDoorMatchCondition, FrontDoorMatchConditionArgs

    MatchValue List<string>
    List of possible match values.
    MatchVariable string | Pulumi.AzureNative.Network.FrontDoorMatchVariable
    Request variable to compare with.
    Operator string | Pulumi.AzureNative.Network.Operator
    Comparison type to use for matching with the variable value.
    NegateCondition bool
    Describes if the result of this condition should be negated.
    Selector string
    Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
    Transforms List<Union<string, Pulumi.AzureNative.Network.TransformType>>
    List of transforms.
    MatchValue []string
    List of possible match values.
    MatchVariable string | FrontDoorMatchVariable
    Request variable to compare with.
    Operator string | Operator
    Comparison type to use for matching with the variable value.
    NegateCondition bool
    Describes if the result of this condition should be negated.
    Selector string
    Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
    Transforms []string
    List of transforms.
    matchValue List<String>
    List of possible match values.
    matchVariable String | FrontDoorMatchVariable
    Request variable to compare with.
    operator String | Operator
    Comparison type to use for matching with the variable value.
    negateCondition Boolean
    Describes if the result of this condition should be negated.
    selector String
    Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
    transforms List<Either<String,TransformType>>
    List of transforms.
    matchValue string[]
    List of possible match values.
    matchVariable string | FrontDoorMatchVariable
    Request variable to compare with.
    operator string | Operator
    Comparison type to use for matching with the variable value.
    negateCondition boolean
    Describes if the result of this condition should be negated.
    selector string
    Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
    transforms (string | TransformType)[]
    List of transforms.
    match_value Sequence[str]
    List of possible match values.
    match_variable str | FrontDoorMatchVariable
    Request variable to compare with.
    operator str | Operator
    Comparison type to use for matching with the variable value.
    negate_condition bool
    Describes if the result of this condition should be negated.
    selector str
    Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
    transforms Sequence[Union[str, TransformType]]
    List of transforms.
    matchValue List<String>
    List of possible match values.
    matchVariable String | "RemoteAddr" | "RequestMethod" | "QueryString" | "PostArgs" | "RequestUri" | "RequestHeader" | "RequestBody" | "Cookies" | "SocketAddr"
    Request variable to compare with.
    operator String | "Any" | "IPMatch" | "GeoMatch" | "Equal" | "Contains" | "LessThan" | "GreaterThan" | "LessThanOrEqual" | "GreaterThanOrEqual" | "BeginsWith" | "EndsWith" | "RegEx"
    Comparison type to use for matching with the variable value.
    negateCondition Boolean
    Describes if the result of this condition should be negated.
    selector String
    Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
    transforms List<String | "Lowercase" | "Uppercase" | "Trim" | "UrlDecode" | "UrlEncode" | "RemoveNulls">
    List of transforms.

    FrontDoorMatchConditionResponse, FrontDoorMatchConditionResponseArgs

    MatchValue List<string>
    List of possible match values.
    MatchVariable string
    Request variable to compare with.
    Operator string
    Comparison type to use for matching with the variable value.
    NegateCondition bool
    Describes if the result of this condition should be negated.
    Selector string
    Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
    Transforms List<string>
    List of transforms.
    MatchValue []string
    List of possible match values.
    MatchVariable string
    Request variable to compare with.
    Operator string
    Comparison type to use for matching with the variable value.
    NegateCondition bool
    Describes if the result of this condition should be negated.
    Selector string
    Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
    Transforms []string
    List of transforms.
    matchValue List<String>
    List of possible match values.
    matchVariable String
    Request variable to compare with.
    operator String
    Comparison type to use for matching with the variable value.
    negateCondition Boolean
    Describes if the result of this condition should be negated.
    selector String
    Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
    transforms List<String>
    List of transforms.
    matchValue string[]
    List of possible match values.
    matchVariable string
    Request variable to compare with.
    operator string
    Comparison type to use for matching with the variable value.
    negateCondition boolean
    Describes if the result of this condition should be negated.
    selector string
    Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
    transforms string[]
    List of transforms.
    match_value Sequence[str]
    List of possible match values.
    match_variable str
    Request variable to compare with.
    operator str
    Comparison type to use for matching with the variable value.
    negate_condition bool
    Describes if the result of this condition should be negated.
    selector str
    Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
    transforms Sequence[str]
    List of transforms.
    matchValue List<String>
    List of possible match values.
    matchVariable String
    Request variable to compare with.
    operator String
    Comparison type to use for matching with the variable value.
    negateCondition Boolean
    Describes if the result of this condition should be negated.
    selector String
    Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
    transforms List<String>
    List of transforms.

    FrontDoorMatchVariable, FrontDoorMatchVariableArgs

    RemoteAddr
    RemoteAddr
    RequestMethod
    RequestMethod
    QueryString
    QueryString
    PostArgs
    PostArgs
    RequestUri
    RequestUri
    RequestHeader
    RequestHeader
    RequestBody
    RequestBody
    Cookies
    Cookies
    SocketAddr
    SocketAddr
    FrontDoorMatchVariableRemoteAddr
    RemoteAddr
    FrontDoorMatchVariableRequestMethod
    RequestMethod
    FrontDoorMatchVariableQueryString
    QueryString
    FrontDoorMatchVariablePostArgs
    PostArgs
    FrontDoorMatchVariableRequestUri
    RequestUri
    FrontDoorMatchVariableRequestHeader
    RequestHeader
    FrontDoorMatchVariableRequestBody
    RequestBody
    FrontDoorMatchVariableCookies
    Cookies
    FrontDoorMatchVariableSocketAddr
    SocketAddr
    RemoteAddr
    RemoteAddr
    RequestMethod
    RequestMethod
    QueryString
    QueryString
    PostArgs
    PostArgs
    RequestUri
    RequestUri
    RequestHeader
    RequestHeader
    RequestBody
    RequestBody
    Cookies
    Cookies
    SocketAddr
    SocketAddr
    RemoteAddr
    RemoteAddr
    RequestMethod
    RequestMethod
    QueryString
    QueryString
    PostArgs
    PostArgs
    RequestUri
    RequestUri
    RequestHeader
    RequestHeader
    RequestBody
    RequestBody
    Cookies
    Cookies
    SocketAddr
    SocketAddr
    REMOTE_ADDR
    RemoteAddr
    REQUEST_METHOD
    RequestMethod
    QUERY_STRING
    QueryString
    POST_ARGS
    PostArgs
    REQUEST_URI
    RequestUri
    REQUEST_HEADER
    RequestHeader
    REQUEST_BODY
    RequestBody
    COOKIES
    Cookies
    SOCKET_ADDR
    SocketAddr
    "RemoteAddr"
    RemoteAddr
    "RequestMethod"
    RequestMethod
    "QueryString"
    QueryString
    "PostArgs"
    PostArgs
    "RequestUri"
    RequestUri
    "RequestHeader"
    RequestHeader
    "RequestBody"
    RequestBody
    "Cookies"
    Cookies
    "SocketAddr"
    SocketAddr

    FrontDoorPolicySettings, FrontDoorPolicySettingsArgs

    CustomBlockResponseBody string
    If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
    CustomBlockResponseStatusCode int
    If the action type is block, customer can override the response status code.
    EnabledState string | Pulumi.AzureNative.Network.PolicyEnabledState
    Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
    Mode string | Pulumi.AzureNative.Network.PolicyMode
    Describes if it is in detection mode or prevention mode at policy level.
    RedirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    RequestBodyCheck string | Pulumi.AzureNative.Network.PolicyRequestBodyCheck
    Describes if policy managed rules will inspect the request body content.
    CustomBlockResponseBody string
    If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
    CustomBlockResponseStatusCode int
    If the action type is block, customer can override the response status code.
    EnabledState string | PolicyEnabledState
    Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
    Mode string | PolicyMode
    Describes if it is in detection mode or prevention mode at policy level.
    RedirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    RequestBodyCheck string | PolicyRequestBodyCheck
    Describes if policy managed rules will inspect the request body content.
    customBlockResponseBody String
    If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode Integer
    If the action type is block, customer can override the response status code.
    enabledState String | PolicyEnabledState
    Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
    mode String | PolicyMode
    Describes if it is in detection mode or prevention mode at policy level.
    redirectUrl String
    If action type is redirect, this field represents redirect URL for the client.
    requestBodyCheck String | PolicyRequestBodyCheck
    Describes if policy managed rules will inspect the request body content.
    customBlockResponseBody string
    If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode number
    If the action type is block, customer can override the response status code.
    enabledState string | PolicyEnabledState
    Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
    mode string | PolicyMode
    Describes if it is in detection mode or prevention mode at policy level.
    redirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    requestBodyCheck string | PolicyRequestBodyCheck
    Describes if policy managed rules will inspect the request body content.
    custom_block_response_body str
    If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
    custom_block_response_status_code int
    If the action type is block, customer can override the response status code.
    enabled_state str | PolicyEnabledState
    Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
    mode str | PolicyMode
    Describes if it is in detection mode or prevention mode at policy level.
    redirect_url str
    If action type is redirect, this field represents redirect URL for the client.
    request_body_check str | PolicyRequestBodyCheck
    Describes if policy managed rules will inspect the request body content.
    customBlockResponseBody String
    If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode Number
    If the action type is block, customer can override the response status code.
    enabledState String | "Disabled" | "Enabled"
    Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
    mode String | "Prevention" | "Detection"
    Describes if it is in detection mode or prevention mode at policy level.
    redirectUrl String
    If action type is redirect, this field represents redirect URL for the client.
    requestBodyCheck String | "Disabled" | "Enabled"
    Describes if policy managed rules will inspect the request body content.

    FrontDoorPolicySettingsResponse, FrontDoorPolicySettingsResponseArgs

    CustomBlockResponseBody string
    If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
    CustomBlockResponseStatusCode int
    If the action type is block, customer can override the response status code.
    EnabledState string
    Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
    Mode string
    Describes if it is in detection mode or prevention mode at policy level.
    RedirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    RequestBodyCheck string
    Describes if policy managed rules will inspect the request body content.
    CustomBlockResponseBody string
    If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
    CustomBlockResponseStatusCode int
    If the action type is block, customer can override the response status code.
    EnabledState string
    Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
    Mode string
    Describes if it is in detection mode or prevention mode at policy level.
    RedirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    RequestBodyCheck string
    Describes if policy managed rules will inspect the request body content.
    customBlockResponseBody String
    If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode Integer
    If the action type is block, customer can override the response status code.
    enabledState String
    Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
    mode String
    Describes if it is in detection mode or prevention mode at policy level.
    redirectUrl String
    If action type is redirect, this field represents redirect URL for the client.
    requestBodyCheck String
    Describes if policy managed rules will inspect the request body content.
    customBlockResponseBody string
    If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode number
    If the action type is block, customer can override the response status code.
    enabledState string
    Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
    mode string
    Describes if it is in detection mode or prevention mode at policy level.
    redirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    requestBodyCheck string
    Describes if policy managed rules will inspect the request body content.
    custom_block_response_body str
    If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
    custom_block_response_status_code int
    If the action type is block, customer can override the response status code.
    enabled_state str
    Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
    mode str
    Describes if it is in detection mode or prevention mode at policy level.
    redirect_url str
    If action type is redirect, this field represents redirect URL for the client.
    request_body_check str
    Describes if policy managed rules will inspect the request body content.
    customBlockResponseBody String
    If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode Number
    If the action type is block, customer can override the response status code.
    enabledState String
    Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
    mode String
    Describes if it is in detection mode or prevention mode at policy level.
    redirectUrl String
    If action type is redirect, this field represents redirect URL for the client.
    requestBodyCheck String
    Describes if policy managed rules will inspect the request body content.

    FrontendEndpointLinkResponse, FrontendEndpointLinkResponseArgs

    Id string
    Resource ID.
    Id string
    Resource ID.
    id String
    Resource ID.
    id string
    Resource ID.
    id str
    Resource ID.
    id String
    Resource ID.

    ManagedRuleEnabledState, ManagedRuleEnabledStateArgs

    Disabled
    Disabled
    Enabled
    Enabled
    ManagedRuleEnabledStateDisabled
    Disabled
    ManagedRuleEnabledStateEnabled
    Enabled
    Disabled
    Disabled
    Enabled
    Enabled
    Disabled
    Disabled
    Enabled
    Enabled
    DISABLED
    Disabled
    ENABLED
    Enabled
    "Disabled"
    Disabled
    "Enabled"
    Enabled

    ManagedRuleExclusion, ManagedRuleExclusionArgs

    MatchVariable string | Pulumi.AzureNative.Network.ManagedRuleExclusionMatchVariable
    The variable type to be excluded.
    Selector string
    Selector value for which elements in the collection this exclusion applies to.
    SelectorMatchOperator string | Pulumi.AzureNative.Network.ManagedRuleExclusionSelectorMatchOperator
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.
    MatchVariable string | ManagedRuleExclusionMatchVariable
    The variable type to be excluded.
    Selector string
    Selector value for which elements in the collection this exclusion applies to.
    SelectorMatchOperator string | ManagedRuleExclusionSelectorMatchOperator
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.
    matchVariable String | ManagedRuleExclusionMatchVariable
    The variable type to be excluded.
    selector String
    Selector value for which elements in the collection this exclusion applies to.
    selectorMatchOperator String | ManagedRuleExclusionSelectorMatchOperator
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.
    matchVariable string | ManagedRuleExclusionMatchVariable
    The variable type to be excluded.
    selector string
    Selector value for which elements in the collection this exclusion applies to.
    selectorMatchOperator string | ManagedRuleExclusionSelectorMatchOperator
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.
    match_variable str | ManagedRuleExclusionMatchVariable
    The variable type to be excluded.
    selector str
    Selector value for which elements in the collection this exclusion applies to.
    selector_match_operator str | ManagedRuleExclusionSelectorMatchOperator
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.
    matchVariable String | "RequestHeaderNames" | "RequestCookieNames" | "QueryStringArgNames" | "RequestBodyPostArgNames" | "RequestBodyJsonArgNames"
    The variable type to be excluded.
    selector String
    Selector value for which elements in the collection this exclusion applies to.
    selectorMatchOperator String | "Equals" | "Contains" | "StartsWith" | "EndsWith" | "EqualsAny"
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.

    ManagedRuleExclusionMatchVariable, ManagedRuleExclusionMatchVariableArgs

    RequestHeaderNames
    RequestHeaderNames
    RequestCookieNames
    RequestCookieNames
    QueryStringArgNames
    QueryStringArgNames
    RequestBodyPostArgNames
    RequestBodyPostArgNames
    RequestBodyJsonArgNames
    RequestBodyJsonArgNames
    ManagedRuleExclusionMatchVariableRequestHeaderNames
    RequestHeaderNames
    ManagedRuleExclusionMatchVariableRequestCookieNames
    RequestCookieNames
    ManagedRuleExclusionMatchVariableQueryStringArgNames
    QueryStringArgNames
    ManagedRuleExclusionMatchVariableRequestBodyPostArgNames
    RequestBodyPostArgNames
    ManagedRuleExclusionMatchVariableRequestBodyJsonArgNames
    RequestBodyJsonArgNames
    RequestHeaderNames
    RequestHeaderNames
    RequestCookieNames
    RequestCookieNames
    QueryStringArgNames
    QueryStringArgNames
    RequestBodyPostArgNames
    RequestBodyPostArgNames
    RequestBodyJsonArgNames
    RequestBodyJsonArgNames
    RequestHeaderNames
    RequestHeaderNames
    RequestCookieNames
    RequestCookieNames
    QueryStringArgNames
    QueryStringArgNames
    RequestBodyPostArgNames
    RequestBodyPostArgNames
    RequestBodyJsonArgNames
    RequestBodyJsonArgNames
    REQUEST_HEADER_NAMES
    RequestHeaderNames
    REQUEST_COOKIE_NAMES
    RequestCookieNames
    QUERY_STRING_ARG_NAMES
    QueryStringArgNames
    REQUEST_BODY_POST_ARG_NAMES
    RequestBodyPostArgNames
    REQUEST_BODY_JSON_ARG_NAMES
    RequestBodyJsonArgNames
    "RequestHeaderNames"
    RequestHeaderNames
    "RequestCookieNames"
    RequestCookieNames
    "QueryStringArgNames"
    QueryStringArgNames
    "RequestBodyPostArgNames"
    RequestBodyPostArgNames
    "RequestBodyJsonArgNames"
    RequestBodyJsonArgNames

    ManagedRuleExclusionResponse, ManagedRuleExclusionResponseArgs

    MatchVariable string
    The variable type to be excluded.
    Selector string
    Selector value for which elements in the collection this exclusion applies to.
    SelectorMatchOperator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.
    MatchVariable string
    The variable type to be excluded.
    Selector string
    Selector value for which elements in the collection this exclusion applies to.
    SelectorMatchOperator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.
    matchVariable String
    The variable type to be excluded.
    selector String
    Selector value for which elements in the collection this exclusion applies to.
    selectorMatchOperator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.
    matchVariable string
    The variable type to be excluded.
    selector string
    Selector value for which elements in the collection this exclusion applies to.
    selectorMatchOperator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.
    match_variable str
    The variable type to be excluded.
    selector str
    Selector value for which elements in the collection this exclusion applies to.
    selector_match_operator str
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.
    matchVariable String
    The variable type to be excluded.
    selector String
    Selector value for which elements in the collection this exclusion applies to.
    selectorMatchOperator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.

    ManagedRuleExclusionSelectorMatchOperator, ManagedRuleExclusionSelectorMatchOperatorArgs

    EqualsValue
    Equals
    Contains
    Contains
    StartsWith
    StartsWith
    EndsWith
    EndsWith
    EqualsAny
    EqualsAny
    ManagedRuleExclusionSelectorMatchOperatorEquals
    Equals
    ManagedRuleExclusionSelectorMatchOperatorContains
    Contains
    ManagedRuleExclusionSelectorMatchOperatorStartsWith
    StartsWith
    ManagedRuleExclusionSelectorMatchOperatorEndsWith
    EndsWith
    ManagedRuleExclusionSelectorMatchOperatorEqualsAny
    EqualsAny
    Equals
    Equals
    Contains
    Contains
    StartsWith
    StartsWith
    EndsWith
    EndsWith
    EqualsAny
    EqualsAny
    Equals
    Equals
    Contains
    Contains
    StartsWith
    StartsWith
    EndsWith
    EndsWith
    EqualsAny
    EqualsAny
    EQUALS
    Equals
    CONTAINS
    Contains
    STARTS_WITH
    StartsWith
    ENDS_WITH
    EndsWith
    EQUALS_ANY
    EqualsAny
    "Equals"
    Equals
    "Contains"
    Contains
    "StartsWith"
    StartsWith
    "EndsWith"
    EndsWith
    "EqualsAny"
    EqualsAny

    ManagedRuleSetActionType, ManagedRuleSetActionTypeArgs

    Block
    Block
    Log
    Log
    Redirect
    Redirect
    ManagedRuleSetActionTypeBlock
    Block
    ManagedRuleSetActionTypeLog
    Log
    ManagedRuleSetActionTypeRedirect
    Redirect
    Block
    Block
    Log
    Log
    Redirect
    Redirect
    Block
    Block
    Log
    Log
    Redirect
    Redirect
    BLOCK
    Block
    LOG
    Log
    REDIRECT
    Redirect
    "Block"
    Block
    "Log"
    Log
    "Redirect"
    Redirect

    ManagedRuleSetList, ManagedRuleSetListArgs

    ManagedRuleSetListResponse, ManagedRuleSetListResponseArgs

    Operator, OperatorArgs

    Any
    Any
    IPMatch
    IPMatch
    GeoMatch
    GeoMatch
    Equal
    Equal
    Contains
    Contains
    LessThan
    LessThan
    GreaterThan
    GreaterThan
    LessThanOrEqual
    LessThanOrEqual
    GreaterThanOrEqual
    GreaterThanOrEqual
    BeginsWith
    BeginsWith
    EndsWith
    EndsWith
    RegEx
    RegEx
    OperatorAny
    Any
    OperatorIPMatch
    IPMatch
    OperatorGeoMatch
    GeoMatch
    OperatorEqual
    Equal
    OperatorContains
    Contains
    OperatorLessThan
    LessThan
    OperatorGreaterThan
    GreaterThan
    OperatorLessThanOrEqual
    LessThanOrEqual
    OperatorGreaterThanOrEqual
    GreaterThanOrEqual
    OperatorBeginsWith
    BeginsWith
    OperatorEndsWith
    EndsWith
    OperatorRegEx
    RegEx
    Any
    Any
    IPMatch
    IPMatch
    GeoMatch
    GeoMatch
    Equal
    Equal
    Contains
    Contains
    LessThan
    LessThan
    GreaterThan
    GreaterThan
    LessThanOrEqual
    LessThanOrEqual
    GreaterThanOrEqual
    GreaterThanOrEqual
    BeginsWith
    BeginsWith
    EndsWith
    EndsWith
    RegEx
    RegEx
    Any
    Any
    IPMatch
    IPMatch
    GeoMatch
    GeoMatch
    Equal
    Equal
    Contains
    Contains
    LessThan
    LessThan
    GreaterThan
    GreaterThan
    LessThanOrEqual
    LessThanOrEqual
    GreaterThanOrEqual
    GreaterThanOrEqual
    BeginsWith
    BeginsWith
    EndsWith
    EndsWith
    RegEx
    RegEx
    ANY
    Any
    IP_MATCH
    IPMatch
    GEO_MATCH
    GeoMatch
    EQUAL
    Equal
    CONTAINS
    Contains
    LESS_THAN
    LessThan
    GREATER_THAN
    GreaterThan
    LESS_THAN_OR_EQUAL
    LessThanOrEqual
    GREATER_THAN_OR_EQUAL
    GreaterThanOrEqual
    BEGINS_WITH
    BeginsWith
    ENDS_WITH
    EndsWith
    REG_EX
    RegEx
    "Any"
    Any
    "IPMatch"
    IPMatch
    "GeoMatch"
    GeoMatch
    "Equal"
    Equal
    "Contains"
    Contains
    "LessThan"
    LessThan
    "GreaterThan"
    GreaterThan
    "LessThanOrEqual"
    LessThanOrEqual
    "GreaterThanOrEqual"
    GreaterThanOrEqual
    "BeginsWith"
    BeginsWith
    "EndsWith"
    EndsWith
    "RegEx"
    RegEx

    PolicyEnabledState, PolicyEnabledStateArgs

    Disabled
    Disabled
    Enabled
    Enabled
    PolicyEnabledStateDisabled
    Disabled
    PolicyEnabledStateEnabled
    Enabled
    Disabled
    Disabled
    Enabled
    Enabled
    Disabled
    Disabled
    Enabled
    Enabled
    DISABLED
    Disabled
    ENABLED
    Enabled
    "Disabled"
    Disabled
    "Enabled"
    Enabled

    PolicyMode, PolicyModeArgs

    Prevention
    Prevention
    Detection
    Detection
    PolicyModePrevention
    Prevention
    PolicyModeDetection
    Detection
    Prevention
    Prevention
    Detection
    Detection
    Prevention
    Prevention
    Detection
    Detection
    PREVENTION
    Prevention
    DETECTION
    Detection
    "Prevention"
    Prevention
    "Detection"
    Detection

    PolicyRequestBodyCheck, PolicyRequestBodyCheckArgs

    Disabled
    Disabled
    Enabled
    Enabled
    PolicyRequestBodyCheckDisabled
    Disabled
    PolicyRequestBodyCheckEnabled
    Enabled
    Disabled
    Disabled
    Enabled
    Enabled
    Disabled
    Disabled
    Enabled
    Enabled
    DISABLED
    Disabled
    ENABLED
    Enabled
    "Disabled"
    Disabled
    "Enabled"
    Enabled

    RoutingRuleLinkResponse, RoutingRuleLinkResponseArgs

    Id string
    Resource ID.
    Id string
    Resource ID.
    id String
    Resource ID.
    id string
    Resource ID.
    id str
    Resource ID.
    id String
    Resource ID.

    RuleType, RuleTypeArgs

    MatchRule
    MatchRule
    RateLimitRule
    RateLimitRule
    RuleTypeMatchRule
    MatchRule
    RuleTypeRateLimitRule
    RateLimitRule
    MatchRule
    MatchRule
    RateLimitRule
    RateLimitRule
    MatchRule
    MatchRule
    RateLimitRule
    RateLimitRule
    MATCH_RULE
    MatchRule
    RATE_LIMIT_RULE
    RateLimitRule
    "MatchRule"
    MatchRule
    "RateLimitRule"
    RateLimitRule

    SecurityPolicyLinkResponse, SecurityPolicyLinkResponseArgs

    Id string
    Resource ID.
    Id string
    Resource ID.
    id String
    Resource ID.
    id string
    Resource ID.
    id str
    Resource ID.
    id String
    Resource ID.

    Sku, SkuArgs

    Name string | SkuName | BastionHostSkuName
    Name of the pricing tier.
    name String | SkuName | BastionHostSkuName
    Name of the pricing tier.
    name string | SkuName | BastionHostSkuName
    Name of the pricing tier.
    name str | SkuName | BastionHostSkuName
    Name of the pricing tier.

    SkuName, SkuNameArgs

    Classic_AzureFrontDoor
    Classic_AzureFrontDoor
    Standard_AzureFrontDoor
    Standard_AzureFrontDoor
    Premium_AzureFrontDoor
    Premium_AzureFrontDoor
    SkuName_Classic_AzureFrontDoor
    Classic_AzureFrontDoor
    SkuName_Standard_AzureFrontDoor
    Standard_AzureFrontDoor
    SkuName_Premium_AzureFrontDoor
    Premium_AzureFrontDoor
    Classic_AzureFrontDoor
    Classic_AzureFrontDoor
    Standard_AzureFrontDoor
    Standard_AzureFrontDoor
    Premium_AzureFrontDoor
    Premium_AzureFrontDoor
    Classic_AzureFrontDoor
    Classic_AzureFrontDoor
    Standard_AzureFrontDoor
    Standard_AzureFrontDoor
    Premium_AzureFrontDoor
    Premium_AzureFrontDoor
    CLASSIC_AZURE_FRONT_DOOR
    Classic_AzureFrontDoor
    STANDARD_AZURE_FRONT_DOOR
    Standard_AzureFrontDoor
    PREMIUM_AZURE_FRONT_DOOR
    Premium_AzureFrontDoor
    "Classic_AzureFrontDoor"
    Classic_AzureFrontDoor
    "Standard_AzureFrontDoor"
    Standard_AzureFrontDoor
    "Premium_AzureFrontDoor"
    Premium_AzureFrontDoor

    SkuResponse, SkuResponseArgs

    Name string
    Name of the pricing tier.
    Name string
    Name of the pricing tier.
    name String
    Name of the pricing tier.
    name string
    Name of the pricing tier.
    name str
    Name of the pricing tier.
    name String
    Name of the pricing tier.

    TransformType, TransformTypeArgs

    Lowercase
    Lowercase
    Uppercase
    Uppercase
    Trim
    Trim
    UrlDecode
    UrlDecode
    UrlEncode
    UrlEncode
    RemoveNulls
    RemoveNulls
    TransformTypeLowercase
    Lowercase
    TransformTypeUppercase
    Uppercase
    TransformTypeTrim
    Trim
    TransformTypeUrlDecode
    UrlDecode
    TransformTypeUrlEncode
    UrlEncode
    TransformTypeRemoveNulls
    RemoveNulls
    Lowercase
    Lowercase
    Uppercase
    Uppercase
    Trim
    Trim
    UrlDecode
    UrlDecode
    UrlEncode
    UrlEncode
    RemoveNulls
    RemoveNulls
    Lowercase
    Lowercase
    Uppercase
    Uppercase
    Trim
    Trim
    UrlDecode
    UrlDecode
    UrlEncode
    UrlEncode
    RemoveNulls
    RemoveNulls
    LOWERCASE
    Lowercase
    UPPERCASE
    Uppercase
    TRIM
    Trim
    URL_DECODE
    UrlDecode
    URL_ENCODE
    UrlEncode
    REMOVE_NULLS
    RemoveNulls
    "Lowercase"
    Lowercase
    "Uppercase"
    Uppercase
    "Trim"
    Trim
    "UrlDecode"
    UrlDecode
    "UrlEncode"
    UrlEncode
    "RemoveNulls"
    RemoveNulls

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:network:Policy Policy1 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName} 
    

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi