Azure Classic

v5.19.0 published on Friday, Sep 16, 2022 by Pulumi

FrontdoorFirewallPolicy

Manages an Azure CDN Front Door Firewall Policy instance.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
    {
        Location = "West Europe",
    });

    var exampleFrontdoorProfile = new Azure.Cdn.FrontdoorProfile("exampleFrontdoorProfile", new()
    {
        ResourceGroupName = exampleResourceGroup.Name,
        SkuName = "Premium_AzureFrontDoor",
    });

    var exampleFrontdoorFirewallPolicy = new Azure.Cdn.FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy", new()
    {
        ResourceGroupName = exampleResourceGroup.Name,
        SkuName = exampleFrontdoorProfile.SkuName,
        Enabled = true,
        Mode = "Prevention",
        RedirectUrl = "https://www.contoso.com",
        CustomBlockResponseStatusCode = 403,
        CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
        CustomRules = new[]
        {
            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
            {
                Name = "Rule1",
                Enabled = true,
                Priority = 1,
                RateLimitDurationInMinutes = 1,
                RateLimitThreshold = 10,
                Type = "MatchRule",
                Action = "Block",
                MatchConditions = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariable = "RemoteAddr",
                        Operator = "IPMatch",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "10.0.1.0/24",
                            "10.0.0.0/24",
                        },
                    },
                },
            },
            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
            {
                Name = "Rule2",
                Enabled = true,
                Priority = 2,
                RateLimitDurationInMinutes = 1,
                RateLimitThreshold = 10,
                Type = "MatchRule",
                Action = "Block",
                MatchConditions = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariable = "RemoteAddr",
                        Operator = "IPMatch",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "192.168.1.0/24",
                        },
                    },
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariable = "RequestHeader",
                        Selector = "UserAgent",
                        Operator = "Contains",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "windows",
                        },
                        Transforms = new[]
                        {
                            "Lowercase",
                            "Trim",
                        },
                    },
                },
            },
        },
        ManagedRules = new[]
        {
            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
            {
                Type = "DefaultRuleSet",
                Version = "1.0",
                Exclusions = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleExclusionArgs
                    {
                        MatchVariable = "QueryStringArgNames",
                        Operator = "Equals",
                        Selector = "not_suspicious",
                    },
                },
                Overrides = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
                    {
                        RuleGroupName = "PHP",
                        Rules = new[]
                        {
                            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
                            {
                                RuleId = "933100",
                                Enabled = false,
                                Action = "Block",
                            },
                        },
                    },
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
                    {
                        RuleGroupName = "SQLI",
                        Exclusions = new[]
                        {
                            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs
                            {
                                MatchVariable = "QueryStringArgNames",
                                Operator = "Equals",
                                Selector = "really_not_suspicious",
                            },
                        },
                        Rules = new[]
                        {
                            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
                            {
                                RuleId = "942200",
                                Action = "Block",
                                Exclusions = new[]
                                {
                                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs
                                    {
                                        MatchVariable = "QueryStringArgNames",
                                        Operator = "Equals",
                                        Selector = "innocent",
                                    },
                                },
                            },
                        },
                    },
                },
            },
            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
            {
                Type = "Microsoft_BotManagerRuleSet",
                Version = "1.0",
                Action = "Log",
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/cdn"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleFrontdoorProfile, err := cdn.NewFrontdoorProfile(ctx, "exampleFrontdoorProfile", &cdn.FrontdoorProfileArgs{
			ResourceGroupName: exampleResourceGroup.Name,
			SkuName:           pulumi.String("Premium_AzureFrontDoor"),
		})
		if err != nil {
			return err
		}
		_, err = cdn.NewFrontdoorFirewallPolicy(ctx, "exampleFrontdoorFirewallPolicy", &cdn.FrontdoorFirewallPolicyArgs{
			ResourceGroupName:             exampleResourceGroup.Name,
			SkuName:                       exampleFrontdoorProfile.SkuName,
			Enabled:                       pulumi.Bool(true),
			Mode:                          pulumi.String("Prevention"),
			RedirectUrl:                   pulumi.String("https://www.contoso.com"),
			CustomBlockResponseStatusCode: pulumi.Int(403),
			CustomBlockResponseBody:       pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
			CustomRules: cdn.FrontdoorFirewallPolicyCustomRuleArray{
				&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
					Name:                       pulumi.String("Rule1"),
					Enabled:                    pulumi.Bool(true),
					Priority:                   pulumi.Int(1),
					RateLimitDurationInMinutes: pulumi.Int(1),
					RateLimitThreshold:         pulumi.Int(10),
					Type:                       pulumi.String("MatchRule"),
					Action:                     pulumi.String("Block"),
					MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
						&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
							MatchVariable:     pulumi.String("RemoteAddr"),
							Operator:          pulumi.String("IPMatch"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("10.0.1.0/24"),
								pulumi.String("10.0.0.0/24"),
							},
						},
					},
				},
				&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
					Name:                       pulumi.String("Rule2"),
					Enabled:                    pulumi.Bool(true),
					Priority:                   pulumi.Int(2),
					RateLimitDurationInMinutes: pulumi.Int(1),
					RateLimitThreshold:         pulumi.Int(10),
					Type:                       pulumi.String("MatchRule"),
					Action:                     pulumi.String("Block"),
					MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
						&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
							MatchVariable:     pulumi.String("RemoteAddr"),
							Operator:          pulumi.String("IPMatch"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("192.168.1.0/24"),
							},
						},
						&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
							MatchVariable:     pulumi.String("RequestHeader"),
							Selector:          pulumi.String("UserAgent"),
							Operator:          pulumi.String("Contains"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("windows"),
							},
							Transforms: pulumi.StringArray{
								pulumi.String("Lowercase"),
								pulumi.String("Trim"),
							},
						},
					},
				},
			},
			ManagedRules: cdn.FrontdoorFirewallPolicyManagedRuleArray{
				&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
					Type:    pulumi.String("DefaultRuleSet"),
					Version: pulumi.String("1.0"),
					Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleExclusionArray{
						&cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs{
							MatchVariable: pulumi.String("QueryStringArgNames"),
							Operator:      pulumi.String("Equals"),
							Selector:      pulumi.String("not_suspicious"),
						},
					},
					Overrides: cdn.FrontdoorFirewallPolicyManagedRuleOverrideArray{
						&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
							RuleGroupName: pulumi.String("PHP"),
							Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
								&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
									RuleId:  pulumi.String("933100"),
									Enabled: pulumi.Bool(false),
									Action:  pulumi.String("Block"),
								},
							},
						},
						&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
							RuleGroupName: pulumi.String("SQLI"),
							Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArray{
								&cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs{
									MatchVariable: pulumi.String("QueryStringArgNames"),
									Operator:      pulumi.String("Equals"),
									Selector:      pulumi.String("really_not_suspicious"),
								},
							},
							Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
								&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
									RuleId: pulumi.String("942200"),
									Action: pulumi.String("Block"),
									Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArray{
										&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs{
											MatchVariable: pulumi.String("QueryStringArgNames"),
											Operator:      pulumi.String("Equals"),
											Selector:      pulumi.String("innocent"),
										},
									},
								},
							},
						},
					},
				},
				&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
					Type:    pulumi.String("Microsoft_BotManagerRuleSet"),
					Version: pulumi.String("1.0"),
					Action:  pulumi.String("Log"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.cdn.FrontdoorProfile;
import com.pulumi.azure.cdn.FrontdoorProfileArgs;
import com.pulumi.azure.cdn.FrontdoorFirewallPolicy;
import com.pulumi.azure.cdn.FrontdoorFirewallPolicyArgs;
import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyCustomRuleArgs;
import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyManagedRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var exampleFrontdoorProfile = new FrontdoorProfile("exampleFrontdoorProfile", FrontdoorProfileArgs.builder()        
            .resourceGroupName(exampleResourceGroup.name())
            .skuName("Premium_AzureFrontDoor")
            .build());

        var exampleFrontdoorFirewallPolicy = new FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy", FrontdoorFirewallPolicyArgs.builder()        
            .resourceGroupName(exampleResourceGroup.name())
            .skuName(exampleFrontdoorProfile.skuName())
            .enabled(true)
            .mode("Prevention")
            .redirectUrl("https://www.contoso.com")
            .customBlockResponseStatusCode(403)
            .customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
            .customRules(            
                FrontdoorFirewallPolicyCustomRuleArgs.builder()
                    .name("Rule1")
                    .enabled(true)
                    .priority(1)
                    .rateLimitDurationInMinutes(1)
                    .rateLimitThreshold(10)
                    .type("MatchRule")
                    .action("Block")
                    .matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                        .matchVariable("RemoteAddr")
                        .operator("IPMatch")
                        .negationCondition(false)
                        .matchValues(                        
                            "10.0.1.0/24",
                            "10.0.0.0/24")
                        .build())
                    .build(),
                FrontdoorFirewallPolicyCustomRuleArgs.builder()
                    .name("Rule2")
                    .enabled(true)
                    .priority(2)
                    .rateLimitDurationInMinutes(1)
                    .rateLimitThreshold(10)
                    .type("MatchRule")
                    .action("Block")
                    .matchConditions(                    
                        FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                            .matchVariable("RemoteAddr")
                            .operator("IPMatch")
                            .negationCondition(false)
                            .matchValues("192.168.1.0/24")
                            .build(),
                        FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                            .matchVariable("RequestHeader")
                            .selector("UserAgent")
                            .operator("Contains")
                            .negationCondition(false)
                            .matchValues("windows")
                            .transforms(                            
                                "Lowercase",
                                "Trim")
                            .build())
                    .build())
            .managedRules(            
                FrontdoorFirewallPolicyManagedRuleArgs.builder()
                    .type("DefaultRuleSet")
                    .version("1.0")
                    .exclusions(FrontdoorFirewallPolicyManagedRuleExclusionArgs.builder()
                        .matchVariable("QueryStringArgNames")
                        .operator("Equals")
                        .selector("not_suspicious")
                        .build())
                    .overrides(                    
                        FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
                            .ruleGroupName("PHP")
                            .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
                                .ruleId("933100")
                                .enabled(false)
                                .action("Block")
                                .build())
                            .build(),
                        FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
                            .ruleGroupName("SQLI")
                            .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs.builder()
                                .matchVariable("QueryStringArgNames")
                                .operator("Equals")
                                .selector("really_not_suspicious")
                                .build())
                            .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
                                .ruleId("942200")
                                .action("Block")
                                .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
                                    .matchVariable("QueryStringArgNames")
                                    .operator("Equals")
                                    .selector("innocent")
                                    .build())
                                .build())
                            .build())
                    .build(),
                FrontdoorFirewallPolicyManagedRuleArgs.builder()
                    .type("Microsoft_BotManagerRuleSet")
                    .version("1.0")
                    .action("Log")
                    .build())
            .build());

    }
}
import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_frontdoor_profile = azure.cdn.FrontdoorProfile("exampleFrontdoorProfile",
    resource_group_name=example_resource_group.name,
    sku_name="Premium_AzureFrontDoor")
example_frontdoor_firewall_policy = azure.cdn.FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy",
    resource_group_name=example_resource_group.name,
    sku_name=example_frontdoor_profile.sku_name,
    enabled=True,
    mode="Prevention",
    redirect_url="https://www.contoso.com",
    custom_block_response_status_code=403,
    custom_block_response_body="PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
    custom_rules=[
        azure.cdn.FrontdoorFirewallPolicyCustomRuleArgs(
            name="Rule1",
            enabled=True,
            priority=1,
            rate_limit_duration_in_minutes=1,
            rate_limit_threshold=10,
            type="MatchRule",
            action="Block",
            match_conditions=[azure.cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs(
                match_variable="RemoteAddr",
                operator="IPMatch",
                negation_condition=False,
                match_values=[
                    "10.0.1.0/24",
                    "10.0.0.0/24",
                ],
            )],
        ),
        azure.cdn.FrontdoorFirewallPolicyCustomRuleArgs(
            name="Rule2",
            enabled=True,
            priority=2,
            rate_limit_duration_in_minutes=1,
            rate_limit_threshold=10,
            type="MatchRule",
            action="Block",
            match_conditions=[
                azure.cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs(
                    match_variable="RemoteAddr",
                    operator="IPMatch",
                    negation_condition=False,
                    match_values=["192.168.1.0/24"],
                ),
                azure.cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs(
                    match_variable="RequestHeader",
                    selector="UserAgent",
                    operator="Contains",
                    negation_condition=False,
                    match_values=["windows"],
                    transforms=[
                        "Lowercase",
                        "Trim",
                    ],
                ),
            ],
        ),
    ],
    managed_rules=[
        azure.cdn.FrontdoorFirewallPolicyManagedRuleArgs(
            type="DefaultRuleSet",
            version="1.0",
            exclusions=[azure.cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs(
                match_variable="QueryStringArgNames",
                operator="Equals",
                selector="not_suspicious",
            )],
            overrides=[
                azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs(
                    rule_group_name="PHP",
                    rules=[azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs(
                        rule_id="933100",
                        enabled=False,
                        action="Block",
                    )],
                ),
                azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs(
                    rule_group_name="SQLI",
                    exclusions=[azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs(
                        match_variable="QueryStringArgNames",
                        operator="Equals",
                        selector="really_not_suspicious",
                    )],
                    rules=[azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs(
                        rule_id="942200",
                        action="Block",
                        exclusions=[azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs(
                            match_variable="QueryStringArgNames",
                            operator="Equals",
                            selector="innocent",
                        )],
                    )],
                ),
            ],
        ),
        azure.cdn.FrontdoorFirewallPolicyManagedRuleArgs(
            type="Microsoft_BotManagerRuleSet",
            version="1.0",
            action="Log",
        ),
    ])
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleFrontdoorProfile = new azure.cdn.FrontdoorProfile("exampleFrontdoorProfile", {
    resourceGroupName: exampleResourceGroup.name,
    skuName: "Premium_AzureFrontDoor",
});
const exampleFrontdoorFirewallPolicy = new azure.cdn.FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy", {
    resourceGroupName: exampleResourceGroup.name,
    skuName: exampleFrontdoorProfile.skuName,
    enabled: true,
    mode: "Prevention",
    redirectUrl: "https://www.contoso.com",
    customBlockResponseStatusCode: 403,
    customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
    customRules: [
        {
            name: "Rule1",
            enabled: true,
            priority: 1,
            rateLimitDurationInMinutes: 1,
            rateLimitThreshold: 10,
            type: "MatchRule",
            action: "Block",
            matchConditions: [{
                matchVariable: "RemoteAddr",
                operator: "IPMatch",
                negationCondition: false,
                matchValues: [
                    "10.0.1.0/24",
                    "10.0.0.0/24",
                ],
            }],
        },
        {
            name: "Rule2",
            enabled: true,
            priority: 2,
            rateLimitDurationInMinutes: 1,
            rateLimitThreshold: 10,
            type: "MatchRule",
            action: "Block",
            matchConditions: [
                {
                    matchVariable: "RemoteAddr",
                    operator: "IPMatch",
                    negationCondition: false,
                    matchValues: ["192.168.1.0/24"],
                },
                {
                    matchVariable: "RequestHeader",
                    selector: "UserAgent",
                    operator: "Contains",
                    negationCondition: false,
                    matchValues: ["windows"],
                    transforms: [
                        "Lowercase",
                        "Trim",
                    ],
                },
            ],
        },
    ],
    managedRules: [
        {
            type: "DefaultRuleSet",
            version: "1.0",
            exclusions: [{
                matchVariable: "QueryStringArgNames",
                operator: "Equals",
                selector: "not_suspicious",
            }],
            overrides: [
                {
                    ruleGroupName: "PHP",
                    rules: [{
                        ruleId: "933100",
                        enabled: false,
                        action: "Block",
                    }],
                },
                {
                    ruleGroupName: "SQLI",
                    exclusions: [{
                        matchVariable: "QueryStringArgNames",
                        operator: "Equals",
                        selector: "really_not_suspicious",
                    }],
                    rules: [{
                        ruleId: "942200",
                        action: "Block",
                        exclusions: [{
                            matchVariable: "QueryStringArgNames",
                            operator: "Equals",
                            selector: "innocent",
                        }],
                    }],
                },
            ],
        },
        {
            type: "Microsoft_BotManagerRuleSet",
            version: "1.0",
            action: "Log",
        },
    ],
});
resources:
  exampleResourceGroup:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  exampleFrontdoorProfile:
    type: azure:cdn:FrontdoorProfile
    properties:
      resourceGroupName: ${exampleResourceGroup.name}
      skuName: Premium_AzureFrontDoor
  exampleFrontdoorFirewallPolicy:
    type: azure:cdn:FrontdoorFirewallPolicy
    properties:
      resourceGroupName: ${exampleResourceGroup.name}
      skuName: ${exampleFrontdoorProfile.skuName}
      enabled: true
      mode: Prevention
      redirectUrl: https://www.contoso.com
      customBlockResponseStatusCode: 403
      customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
      customRules:
        - name: Rule1
          enabled: true
          priority: 1
          rateLimitDurationInMinutes: 1
          rateLimitThreshold: 10
          type: MatchRule
          action: Block
          matchConditions:
            - matchVariable: RemoteAddr
              operator: IPMatch
              negationCondition: false
              matchValues:
                - 10.0.1.0/24
                - 10.0.0.0/24
        - name: Rule2
          enabled: true
          priority: 2
          rateLimitDurationInMinutes: 1
          rateLimitThreshold: 10
          type: MatchRule
          action: Block
          matchConditions:
            - matchVariable: RemoteAddr
              operator: IPMatch
              negationCondition: false
              matchValues:
                - 192.168.1.0/24
            - matchVariable: RequestHeader
              selector: UserAgent
              operator: Contains
              negationCondition: false
              matchValues:
                - windows
              transforms:
                - Lowercase
                - Trim
      managedRules:
        - type: DefaultRuleSet
          version: 1.0
          exclusions:
            - matchVariable: QueryStringArgNames
              operator: Equals
              selector: not_suspicious
          overrides:
            - ruleGroupName: PHP
              rules:
                - ruleId: 933100
                  enabled: false
                  action: Block
            - ruleGroupName: SQLI
              exclusions:
                - matchVariable: QueryStringArgNames
                  operator: Equals
                  selector: really_not_suspicious
              rules:
                - ruleId: 942200
                  action: Block
                  exclusions:
                    - matchVariable: QueryStringArgNames
                      operator: Equals
                      selector: innocent
        - type: Microsoft_BotManagerRuleSet
          version: 1.0
          action: Log

Create a FrontdoorFirewallPolicy Resource

new FrontdoorFirewallPolicy(name: string, args: FrontdoorFirewallPolicyArgs, opts?: CustomResourceOptions);
@overload
def FrontdoorFirewallPolicy(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            custom_block_response_body: Optional[str] = None,
                            custom_block_response_status_code: Optional[int] = None,
                            custom_rules: Optional[Sequence[FrontdoorFirewallPolicyCustomRuleArgs]] = None,
                            enabled: Optional[bool] = None,
                            managed_rules: Optional[Sequence[FrontdoorFirewallPolicyManagedRuleArgs]] = None,
                            mode: Optional[str] = None,
                            name: Optional[str] = None,
                            redirect_url: Optional[str] = None,
                            resource_group_name: Optional[str] = None,
                            sku_name: Optional[str] = None,
                            tags: Optional[Mapping[str, str]] = None)
@overload
def FrontdoorFirewallPolicy(resource_name: str,
                            args: FrontdoorFirewallPolicyArgs,
                            opts: Optional[ResourceOptions] = None)
func NewFrontdoorFirewallPolicy(ctx *Context, name string, args FrontdoorFirewallPolicyArgs, opts ...ResourceOption) (*FrontdoorFirewallPolicy, error)
public FrontdoorFirewallPolicy(string name, FrontdoorFirewallPolicyArgs args, CustomResourceOptions? opts = null)
public FrontdoorFirewallPolicy(String name, FrontdoorFirewallPolicyArgs args)
public FrontdoorFirewallPolicy(String name, FrontdoorFirewallPolicyArgs args, CustomResourceOptions options)
type: azure:cdn:FrontdoorFirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args FrontdoorFirewallPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FrontdoorFirewallPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FrontdoorFirewallPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FrontdoorFirewallPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args FrontdoorFirewallPolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

FrontdoorFirewallPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The FrontdoorFirewallPolicy resource accepts the following input properties:

Mode string

The Cdn Frontdoor firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.

ResourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

SkuName string

The sku's pricing tier for this Cdn Frontdoor firewall policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor.

CustomBlockResponseBody string

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

CustomBlockResponseStatusCode int

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

CustomRules List<FrontdoorFirewallPolicyCustomRuleArgs>

One or more custom_rule blocks as defined below.

Enabled bool

Is the Cdn Frontdoor firewall policy enabled? Defaults to true.

ManagedRules List<FrontdoorFirewallPolicyManagedRuleArgs>

One or more managed_rule blocks as defined below.

Name string

The name of the policy. Changing this forces a new resource to be created.

RedirectUrl string

If action type is redirect, this field represents redirect URL for the client.

Tags Dictionary<string, string>

A mapping of tags to assign to the Cdn Frontdoor firewall policy.

Mode string

The Cdn Frontdoor firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.

ResourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

SkuName string

The sku's pricing tier for this Cdn Frontdoor firewall policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor.

CustomBlockResponseBody string

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

CustomBlockResponseStatusCode int

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

CustomRules []FrontdoorFirewallPolicyCustomRuleArgs

One or more custom_rule blocks as defined below.

Enabled bool

Is the Cdn Frontdoor firewall policy enabled? Defaults to true.

ManagedRules []FrontdoorFirewallPolicyManagedRuleArgs

One or more managed_rule blocks as defined below.

Name string

The name of the policy. Changing this forces a new resource to be created.

RedirectUrl string

If action type is redirect, this field represents redirect URL for the client.

Tags map[string]string

A mapping of tags to assign to the Cdn Frontdoor firewall policy.

mode String

The Cdn Frontdoor firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.

resourceGroupName String

The name of the resource group. Changing this forces a new resource to be created.

skuName String

The sku's pricing tier for this Cdn Frontdoor firewall policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor.

customBlockResponseBody String

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

customBlockResponseStatusCode Integer

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

customRules List<FrontdoorFirewallPolicyCustomRuleArgs>

One or more custom_rule blocks as defined below.

enabled Boolean

Is the Cdn Frontdoor firewall policy enabled? Defaults to true.

managedRules List<FrontdoorFirewallPolicyManagedRuleArgs>

One or more managed_rule blocks as defined below.

name String

The name of the policy. Changing this forces a new resource to be created.

redirectUrl String

If action type is redirect, this field represents redirect URL for the client.

tags Map<String,String>

A mapping of tags to assign to the Cdn Frontdoor firewall policy.

mode string

The Cdn Frontdoor firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.

resourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

skuName string

The sku's pricing tier for this Cdn Frontdoor firewall policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor.

customBlockResponseBody string

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

customBlockResponseStatusCode number

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

customRules FrontdoorFirewallPolicyCustomRuleArgs[]

One or more custom_rule blocks as defined below.

enabled boolean

Is the Cdn Frontdoor firewall policy enabled? Defaults to true.

managedRules FrontdoorFirewallPolicyManagedRuleArgs[]

One or more managed_rule blocks as defined below.

name string

The name of the policy. Changing this forces a new resource to be created.

redirectUrl string

If action type is redirect, this field represents redirect URL for the client.

tags {[key: string]: string}

A mapping of tags to assign to the Cdn Frontdoor firewall policy.

mode str

The Cdn Frontdoor firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.

resource_group_name str

The name of the resource group. Changing this forces a new resource to be created.

sku_name str

The sku's pricing tier for this Cdn Frontdoor firewall policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor.

custom_block_response_body str

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

custom_block_response_status_code int

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

custom_rules Sequence[FrontdoorFirewallPolicyCustomRuleArgs]

One or more custom_rule blocks as defined below.

enabled bool

Is the Cdn Frontdoor firewall policy enabled? Defaults to true.

managed_rules Sequence[FrontdoorFirewallPolicyManagedRuleArgs]

One or more managed_rule blocks as defined below.

name str

The name of the policy. Changing this forces a new resource to be created.

redirect_url str

If action type is redirect, this field represents redirect URL for the client.

tags Mapping[str, str]

A mapping of tags to assign to the Cdn Frontdoor firewall policy.

mode String

The Cdn Frontdoor firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.

resourceGroupName String

The name of the resource group. Changing this forces a new resource to be created.

skuName String

The sku's pricing tier for this Cdn Frontdoor firewall policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor.

customBlockResponseBody String

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

customBlockResponseStatusCode Number

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

customRules List<Property Map>

One or more custom_rule blocks as defined below.

enabled Boolean

Is the Cdn Frontdoor firewall policy enabled? Defaults to true.

managedRules List<Property Map>

One or more managed_rule blocks as defined below.

name String

The name of the policy. Changing this forces a new resource to be created.

redirectUrl String

If action type is redirect, this field represents redirect URL for the client.

tags Map<String>

A mapping of tags to assign to the Cdn Frontdoor firewall policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the FrontdoorFirewallPolicy resource produces the following output properties:

FrontendEndpointIds List<string>

The Cdn Frontend Endpoints associated with this Cdn Frontdoor Firewall policy.

Id string

The provider-assigned unique ID for this managed resource.

FrontendEndpointIds []string

The Cdn Frontend Endpoints associated with this Cdn Frontdoor Firewall policy.

Id string

The provider-assigned unique ID for this managed resource.

frontendEndpointIds List<String>

The Cdn Frontend Endpoints associated with this Cdn Frontdoor Firewall policy.

id String

The provider-assigned unique ID for this managed resource.

frontendEndpointIds string[]

The Cdn Frontend Endpoints associated with this Cdn Frontdoor Firewall policy.

id string

The provider-assigned unique ID for this managed resource.

frontend_endpoint_ids Sequence[str]

The Cdn Frontend Endpoints associated with this Cdn Frontdoor Firewall policy.

id str

The provider-assigned unique ID for this managed resource.

frontendEndpointIds List<String>

The Cdn Frontend Endpoints associated with this Cdn Frontdoor Firewall policy.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing FrontdoorFirewallPolicy Resource

Get an existing FrontdoorFirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FrontdoorFirewallPolicyState, opts?: CustomResourceOptions): FrontdoorFirewallPolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        custom_block_response_body: Optional[str] = None,
        custom_block_response_status_code: Optional[int] = None,
        custom_rules: Optional[Sequence[FrontdoorFirewallPolicyCustomRuleArgs]] = None,
        enabled: Optional[bool] = None,
        frontend_endpoint_ids: Optional[Sequence[str]] = None,
        managed_rules: Optional[Sequence[FrontdoorFirewallPolicyManagedRuleArgs]] = None,
        mode: Optional[str] = None,
        name: Optional[str] = None,
        redirect_url: Optional[str] = None,
        resource_group_name: Optional[str] = None,
        sku_name: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None) -> FrontdoorFirewallPolicy
func GetFrontdoorFirewallPolicy(ctx *Context, name string, id IDInput, state *FrontdoorFirewallPolicyState, opts ...ResourceOption) (*FrontdoorFirewallPolicy, error)
public static FrontdoorFirewallPolicy Get(string name, Input<string> id, FrontdoorFirewallPolicyState? state, CustomResourceOptions? opts = null)
public static FrontdoorFirewallPolicy get(String name, Output<String> id, FrontdoorFirewallPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
CustomBlockResponseBody string

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

CustomBlockResponseStatusCode int

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

CustomRules List<FrontdoorFirewallPolicyCustomRuleArgs>

One or more custom_rule blocks as defined below.

Enabled bool

Is the Cdn Frontdoor firewall policy enabled? Defaults to true.

FrontendEndpointIds List<string>

The Cdn Frontend Endpoints associated with this Cdn Frontdoor Firewall policy.

ManagedRules List<FrontdoorFirewallPolicyManagedRuleArgs>

One or more managed_rule blocks as defined below.

Mode string

The Cdn Frontdoor firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.

Name string

The name of the policy. Changing this forces a new resource to be created.

RedirectUrl string

If action type is redirect, this field represents redirect URL for the client.

ResourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

SkuName string

The sku's pricing tier for this Cdn Frontdoor firewall policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor.

Tags Dictionary<string, string>

A mapping of tags to assign to the Cdn Frontdoor firewall policy.

CustomBlockResponseBody string

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

CustomBlockResponseStatusCode int

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

CustomRules []FrontdoorFirewallPolicyCustomRuleArgs

One or more custom_rule blocks as defined below.

Enabled bool

Is the Cdn Frontdoor firewall policy enabled? Defaults to true.

FrontendEndpointIds []string

The Cdn Frontend Endpoints associated with this Cdn Frontdoor Firewall policy.

ManagedRules []FrontdoorFirewallPolicyManagedRuleArgs

One or more managed_rule blocks as defined below.

Mode string

The Cdn Frontdoor firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.

Name string

The name of the policy. Changing this forces a new resource to be created.

RedirectUrl string

If action type is redirect, this field represents redirect URL for the client.

ResourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

SkuName string

The sku's pricing tier for this Cdn Frontdoor firewall policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor.

Tags map[string]string

A mapping of tags to assign to the Cdn Frontdoor firewall policy.

customBlockResponseBody String

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

customBlockResponseStatusCode Integer

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

customRules List<FrontdoorFirewallPolicyCustomRuleArgs>

One or more custom_rule blocks as defined below.

enabled Boolean

Is the Cdn Frontdoor firewall policy enabled? Defaults to true.

frontendEndpointIds List<String>

The Cdn Frontend Endpoints associated with this Cdn Frontdoor Firewall policy.

managedRules List<FrontdoorFirewallPolicyManagedRuleArgs>

One or more managed_rule blocks as defined below.

mode String

The Cdn Frontdoor firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.

name String

The name of the policy. Changing this forces a new resource to be created.

redirectUrl String

If action type is redirect, this field represents redirect URL for the client.

resourceGroupName String

The name of the resource group. Changing this forces a new resource to be created.

skuName String

The sku's pricing tier for this Cdn Frontdoor firewall policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor.

tags Map<String,String>

A mapping of tags to assign to the Cdn Frontdoor firewall policy.

customBlockResponseBody string

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

customBlockResponseStatusCode number

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

customRules FrontdoorFirewallPolicyCustomRuleArgs[]

One or more custom_rule blocks as defined below.

enabled boolean

Is the Cdn Frontdoor firewall policy enabled? Defaults to true.

frontendEndpointIds string[]

The Cdn Frontend Endpoints associated with this Cdn Frontdoor Firewall policy.

managedRules FrontdoorFirewallPolicyManagedRuleArgs[]

One or more managed_rule blocks as defined below.

mode string

The Cdn Frontdoor firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.

name string

The name of the policy. Changing this forces a new resource to be created.

redirectUrl string

If action type is redirect, this field represents redirect URL for the client.

resourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

skuName string

The sku's pricing tier for this Cdn Frontdoor firewall policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor.

tags {[key: string]: string}

A mapping of tags to assign to the Cdn Frontdoor firewall policy.

custom_block_response_body str

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

custom_block_response_status_code int

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

custom_rules Sequence[FrontdoorFirewallPolicyCustomRuleArgs]

One or more custom_rule blocks as defined below.

enabled bool

Is the Cdn Frontdoor firewall policy enabled? Defaults to true.

frontend_endpoint_ids Sequence[str]

The Cdn Frontend Endpoints associated with this Cdn Frontdoor Firewall policy.

managed_rules Sequence[FrontdoorFirewallPolicyManagedRuleArgs]

One or more managed_rule blocks as defined below.

mode str

The Cdn Frontdoor firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.

name str

The name of the policy. Changing this forces a new resource to be created.

redirect_url str

If action type is redirect, this field represents redirect URL for the client.

resource_group_name str

The name of the resource group. Changing this forces a new resource to be created.

sku_name str

The sku's pricing tier for this Cdn Frontdoor firewall policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor.

tags Mapping[str, str]

A mapping of tags to assign to the Cdn Frontdoor firewall policy.

customBlockResponseBody String

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

customBlockResponseStatusCode Number

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

customRules List<Property Map>

One or more custom_rule blocks as defined below.

enabled Boolean

Is the Cdn Frontdoor firewall policy enabled? Defaults to true.

frontendEndpointIds List<String>

The Cdn Frontend Endpoints associated with this Cdn Frontdoor Firewall policy.

managedRules List<Property Map>

One or more managed_rule blocks as defined below.

mode String

The Cdn Frontdoor firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.

name String

The name of the policy. Changing this forces a new resource to be created.

redirectUrl String

If action type is redirect, this field represents redirect URL for the client.

resourceGroupName String

The name of the resource group. Changing this forces a new resource to be created.

skuName String

The sku's pricing tier for this Cdn Frontdoor firewall policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor.

tags Map<String>

A mapping of tags to assign to the Cdn Frontdoor firewall policy.

Supporting Types

FrontdoorFirewallPolicyCustomRule

Action string

The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.

Name string

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

Type string

The type of rule. Possible values are MatchRule or RateLimitRule.

Enabled bool

Is the rule is enabled or disabled? Defaults to true.

MatchConditions List<FrontdoorFirewallPolicyCustomRuleMatchCondition>

One or more match_condition block defined below. Can support up to 10 match_condition blocks.

Priority int

The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.

RateLimitDurationInMinutes int

The rate limit duration in minutes. Defaults to 1.

RateLimitThreshold int

The rate limit threshold. Defaults to 10.

Action string

The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.

Name string

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

Type string

The type of rule. Possible values are MatchRule or RateLimitRule.

Enabled bool

Is the rule is enabled or disabled? Defaults to true.

MatchConditions []FrontdoorFirewallPolicyCustomRuleMatchCondition

One or more match_condition block defined below. Can support up to 10 match_condition blocks.

Priority int

The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.

RateLimitDurationInMinutes int

The rate limit duration in minutes. Defaults to 1.

RateLimitThreshold int

The rate limit threshold. Defaults to 10.

action String

The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.

name String

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

type String

The type of rule. Possible values are MatchRule or RateLimitRule.

enabled Boolean

Is the rule is enabled or disabled? Defaults to true.

matchConditions List<FrontdoorFirewallPolicyCustomRuleMatchCondition>

One or more match_condition block defined below. Can support up to 10 match_condition blocks.

priority Integer

The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.

rateLimitDurationInMinutes Integer

The rate limit duration in minutes. Defaults to 1.

rateLimitThreshold Integer

The rate limit threshold. Defaults to 10.

action string

The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.

name string

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

type string

The type of rule. Possible values are MatchRule or RateLimitRule.

enabled boolean

Is the rule is enabled or disabled? Defaults to true.

matchConditions FrontdoorFirewallPolicyCustomRuleMatchCondition[]

One or more match_condition block defined below. Can support up to 10 match_condition blocks.

priority number

The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.

rateLimitDurationInMinutes number

The rate limit duration in minutes. Defaults to 1.

rateLimitThreshold number

The rate limit threshold. Defaults to 10.

action str

The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.

name str

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

type str

The type of rule. Possible values are MatchRule or RateLimitRule.

enabled bool

Is the rule is enabled or disabled? Defaults to true.

match_conditions Sequence[FrontdoorFirewallPolicyCustomRuleMatchCondition]

One or more match_condition block defined below. Can support up to 10 match_condition blocks.

priority int

The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.

rate_limit_duration_in_minutes int

The rate limit duration in minutes. Defaults to 1.

rate_limit_threshold int

The rate limit threshold. Defaults to 10.

action String

The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.

name String

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

type String

The type of rule. Possible values are MatchRule or RateLimitRule.

enabled Boolean

Is the rule is enabled or disabled? Defaults to true.

matchConditions List<Property Map>

One or more match_condition block defined below. Can support up to 10 match_condition blocks.

priority Number

The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.

rateLimitDurationInMinutes Number

The rate limit duration in minutes. Defaults to 1.

rateLimitThreshold Number

The rate limit threshold. Defaults to 10.

FrontdoorFirewallPolicyCustomRuleMatchCondition

MatchValues List<string>

Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.

MatchVariable string

The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.

Operator string

Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.

NegationCondition bool

Should the result of the condition be negated.

Selector string

Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.

Transforms List<string>

Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode or URLEncode.

MatchValues []string

Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.

MatchVariable string

The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.

Operator string

Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.

NegationCondition bool

Should the result of the condition be negated.

Selector string

Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.

Transforms []string

Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode or URLEncode.

matchValues List<String>

Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.

matchVariable String

The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.

operator String

Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.

negationCondition Boolean

Should the result of the condition be negated.

selector String

Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.

transforms List<String>

Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode or URLEncode.

matchValues string[]

Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.

matchVariable string

The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.

operator string

Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.

negationCondition boolean

Should the result of the condition be negated.

selector string

Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.

transforms string[]

Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode or URLEncode.

match_values Sequence[str]

Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.

match_variable str

The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.

operator str

Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.

negation_condition bool

Should the result of the condition be negated.

selector str

Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.

transforms Sequence[str]

Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode or URLEncode.

matchValues List<String>

Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.

matchVariable String

The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.

operator String

Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.

negationCondition Boolean

Should the result of the condition be negated.

selector String

Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.

transforms List<String>

Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode or URLEncode.

FrontdoorFirewallPolicyManagedRule

Action string

The action to perform when the managed rule is matched. Possible values are Allow, Block, Log, or Redirect.

Type string

The name of the managed rule to use with this resource.

Version string

The version on the managed rule to use with this resource.

Exclusions List<FrontdoorFirewallPolicyManagedRuleExclusion>

One or more exclusion blocks as defined below.

Overrides List<FrontdoorFirewallPolicyManagedRuleOverride>

One or more override blocks as defined below.

Action string

The action to perform when the managed rule is matched. Possible values are Allow, Block, Log, or Redirect.

Type string

The name of the managed rule to use with this resource.

Version string

The version on the managed rule to use with this resource.

Exclusions []FrontdoorFirewallPolicyManagedRuleExclusion

One or more exclusion blocks as defined below.

Overrides []FrontdoorFirewallPolicyManagedRuleOverride

One or more override blocks as defined below.

action String

The action to perform when the managed rule is matched. Possible values are Allow, Block, Log, or Redirect.

type String

The name of the managed rule to use with this resource.

version String

The version on the managed rule to use with this resource.

exclusions List<FrontdoorFirewallPolicyManagedRuleExclusion>

One or more exclusion blocks as defined below.

overrides List<FrontdoorFirewallPolicyManagedRuleOverride>

One or more override blocks as defined below.

action string

The action to perform when the managed rule is matched. Possible values are Allow, Block, Log, or Redirect.

type string

The name of the managed rule to use with this resource.

version string

The version on the managed rule to use with this resource.

exclusions FrontdoorFirewallPolicyManagedRuleExclusion[]

One or more exclusion blocks as defined below.

overrides FrontdoorFirewallPolicyManagedRuleOverride[]

One or more override blocks as defined below.

action str

The action to perform when the managed rule is matched. Possible values are Allow, Block, Log, or Redirect.

type str

The name of the managed rule to use with this resource.

version str

The version on the managed rule to use with this resource.

exclusions Sequence[FrontdoorFirewallPolicyManagedRuleExclusion]

One or more exclusion blocks as defined below.

overrides Sequence[FrontdoorFirewallPolicyManagedRuleOverride]

One or more override blocks as defined below.

action String

The action to perform when the managed rule is matched. Possible values are Allow, Block, Log, or Redirect.

type String

The name of the managed rule to use with this resource.

version String

The version on the managed rule to use with this resource.

exclusions List<Property Map>

One or more exclusion blocks as defined below.

overrides List<Property Map>

One or more override blocks as defined below.

FrontdoorFirewallPolicyManagedRuleExclusion

MatchVariable string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

Operator string

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

Selector string

Selector for the value in the match_variable attribute this exclusion applies to.

MatchVariable string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

Operator string

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

Selector string

Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable String

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

operator String

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

selector String

Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

operator string

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

selector string

Selector for the value in the match_variable attribute this exclusion applies to.

match_variable str

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

operator str

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

selector str

Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable String

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

operator String

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

selector String

Selector for the value in the match_variable attribute this exclusion applies to.

FrontdoorFirewallPolicyManagedRuleOverride

RuleGroupName string

The managed rule group to override.

Exclusions List<FrontdoorFirewallPolicyManagedRuleOverrideExclusion>

One or more exclusion blocks as defined below.

Rules List<FrontdoorFirewallPolicyManagedRuleOverrideRule>

One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

RuleGroupName string

The managed rule group to override.

Exclusions []FrontdoorFirewallPolicyManagedRuleOverrideExclusion

One or more exclusion blocks as defined below.

Rules []FrontdoorFirewallPolicyManagedRuleOverrideRule

One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

ruleGroupName String

The managed rule group to override.

exclusions List<FrontdoorFirewallPolicyManagedRuleOverrideExclusion>

One or more exclusion blocks as defined below.

rules List<FrontdoorFirewallPolicyManagedRuleOverrideRule>

One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

ruleGroupName string

The managed rule group to override.

exclusions FrontdoorFirewallPolicyManagedRuleOverrideExclusion[]

One or more exclusion blocks as defined below.

rules FrontdoorFirewallPolicyManagedRuleOverrideRule[]

One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

rule_group_name str

The managed rule group to override.

exclusions Sequence[FrontdoorFirewallPolicyManagedRuleOverrideExclusion]

One or more exclusion blocks as defined below.

rules Sequence[FrontdoorFirewallPolicyManagedRuleOverrideRule]

One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

ruleGroupName String

The managed rule group to override.

exclusions List<Property Map>

One or more exclusion blocks as defined below.

rules List<Property Map>

One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

FrontdoorFirewallPolicyManagedRuleOverrideExclusion

MatchVariable string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

Operator string

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

Selector string

Selector for the value in the match_variable attribute this exclusion applies to.

MatchVariable string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

Operator string

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

Selector string

Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable String

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

operator String

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

selector String

Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

operator string

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

selector string

Selector for the value in the match_variable attribute this exclusion applies to.

match_variable str

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

operator str

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

selector str

Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable String

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

operator String

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

selector String

Selector for the value in the match_variable attribute this exclusion applies to.

FrontdoorFirewallPolicyManagedRuleOverrideRule

Action string

The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.

RuleId string

Identifier for the managed rule.

Enabled bool

Is the managed rule override enabled or disabled. Defaults to false

Exclusions List<FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion>

One or more exclusion blocks as defined below.

Action string

The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.

RuleId string

Identifier for the managed rule.

Enabled bool

Is the managed rule override enabled or disabled. Defaults to false

Exclusions []FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion

One or more exclusion blocks as defined below.

action String

The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.

ruleId String

Identifier for the managed rule.

enabled Boolean

Is the managed rule override enabled or disabled. Defaults to false

exclusions List<FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion>

One or more exclusion blocks as defined below.

action string

The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.

ruleId string

Identifier for the managed rule.

enabled boolean

Is the managed rule override enabled or disabled. Defaults to false

exclusions FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion[]

One or more exclusion blocks as defined below.

action str

The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.

rule_id str

Identifier for the managed rule.

enabled bool

Is the managed rule override enabled or disabled. Defaults to false

exclusions Sequence[FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion]

One or more exclusion blocks as defined below.

action String

The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.

ruleId String

Identifier for the managed rule.

enabled Boolean

Is the managed rule override enabled or disabled. Defaults to false

exclusions List<Property Map>

One or more exclusion blocks as defined below.

FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion

MatchVariable string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

Operator string

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

Selector string

Selector for the value in the match_variable attribute this exclusion applies to.

MatchVariable string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

Operator string

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

Selector string

Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable String

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

operator String

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

selector String

Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

operator string

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

selector string

Selector for the value in the match_variable attribute this exclusion applies to.

match_variable str

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

operator str

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

selector str

Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable String

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.

operator String

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.

selector String

Selector for the value in the match_variable attribute this exclusion applies to.

Import

Frontdoor Firewall Policy can be imported using the resource id, e.g.

 $ pulumi import azure:cdn/frontdoorFirewallPolicy:FrontdoorFirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Network/frontdoorWebApplicationFirewallPolicies/firewallPolicy1

Package Details

Repository
https://github.com/pulumi/pulumi-azure
License
Apache-2.0
Notes

This Pulumi package is based on the azurerm Terraform Provider.