We recommend using Azure Native.
azure.cdn.FrontdoorFirewallPolicy
Explore with Pulumi AI
Manages a Front Door (standard/premium) Firewall Policy instance.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
{
Location = "West Europe",
});
var exampleFrontdoorProfile = new Azure.Cdn.FrontdoorProfile("exampleFrontdoorProfile", new()
{
ResourceGroupName = exampleResourceGroup.Name,
SkuName = "Premium_AzureFrontDoor",
});
var exampleFrontdoorFirewallPolicy = new Azure.Cdn.FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy", new()
{
ResourceGroupName = exampleResourceGroup.Name,
SkuName = exampleFrontdoorProfile.SkuName,
Enabled = true,
Mode = "Prevention",
RedirectUrl = "https://www.contoso.com",
CustomBlockResponseStatusCode = 403,
CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
CustomRules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
{
Name = "Rule1",
Enabled = true,
Priority = 1,
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 10,
Type = "MatchRule",
Action = "Block",
MatchConditions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RemoteAddr",
Operator = "IPMatch",
NegationCondition = false,
MatchValues = new[]
{
"10.0.1.0/24",
"10.0.0.0/24",
},
},
},
},
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
{
Name = "Rule2",
Enabled = true,
Priority = 2,
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 10,
Type = "MatchRule",
Action = "Block",
MatchConditions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RemoteAddr",
Operator = "IPMatch",
NegationCondition = false,
MatchValues = new[]
{
"192.168.1.0/24",
},
},
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RequestHeader",
Selector = "UserAgent",
Operator = "Contains",
NegationCondition = false,
MatchValues = new[]
{
"windows",
},
Transforms = new[]
{
"Lowercase",
"Trim",
},
},
},
},
},
ManagedRules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
{
Type = "DefaultRuleSet",
Version = "1.0",
Exclusions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleExclusionArgs
{
MatchVariable = "QueryStringArgNames",
Operator = "Equals",
Selector = "not_suspicious",
},
},
Overrides = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
{
RuleGroupName = "PHP",
Rules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
{
RuleId = "933100",
Enabled = false,
Action = "Block",
},
},
},
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
{
RuleGroupName = "SQLI",
Exclusions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs
{
MatchVariable = "QueryStringArgNames",
Operator = "Equals",
Selector = "really_not_suspicious",
},
},
Rules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
{
RuleId = "942200",
Action = "Block",
Exclusions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs
{
MatchVariable = "QueryStringArgNames",
Operator = "Equals",
Selector = "innocent",
},
},
},
},
},
},
},
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
{
Type = "Microsoft_BotManagerRuleSet",
Version = "1.0",
Action = "Log",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/cdn"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleFrontdoorProfile, err := cdn.NewFrontdoorProfile(ctx, "exampleFrontdoorProfile", &cdn.FrontdoorProfileArgs{
ResourceGroupName: exampleResourceGroup.Name,
SkuName: pulumi.String("Premium_AzureFrontDoor"),
})
if err != nil {
return err
}
_, err = cdn.NewFrontdoorFirewallPolicy(ctx, "exampleFrontdoorFirewallPolicy", &cdn.FrontdoorFirewallPolicyArgs{
ResourceGroupName: exampleResourceGroup.Name,
SkuName: exampleFrontdoorProfile.SkuName,
Enabled: pulumi.Bool(true),
Mode: pulumi.String("Prevention"),
RedirectUrl: pulumi.String("https://www.contoso.com"),
CustomBlockResponseStatusCode: pulumi.Int(403),
CustomBlockResponseBody: pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
CustomRules: cdn.FrontdoorFirewallPolicyCustomRuleArray{
&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
Name: pulumi.String("Rule1"),
Enabled: pulumi.Bool(true),
Priority: pulumi.Int(1),
RateLimitDurationInMinutes: pulumi.Int(1),
RateLimitThreshold: pulumi.Int(10),
Type: pulumi.String("MatchRule"),
Action: pulumi.String("Block"),
MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RemoteAddr"),
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("10.0.1.0/24"),
pulumi.String("10.0.0.0/24"),
},
},
},
},
&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
Name: pulumi.String("Rule2"),
Enabled: pulumi.Bool(true),
Priority: pulumi.Int(2),
RateLimitDurationInMinutes: pulumi.Int(1),
RateLimitThreshold: pulumi.Int(10),
Type: pulumi.String("MatchRule"),
Action: pulumi.String("Block"),
MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RemoteAddr"),
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
},
},
&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RequestHeader"),
Selector: pulumi.String("UserAgent"),
Operator: pulumi.String("Contains"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("windows"),
},
Transforms: pulumi.StringArray{
pulumi.String("Lowercase"),
pulumi.String("Trim"),
},
},
},
},
},
ManagedRules: cdn.FrontdoorFirewallPolicyManagedRuleArray{
&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
Type: pulumi.String("DefaultRuleSet"),
Version: pulumi.String("1.0"),
Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleExclusionArray{
&cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs{
MatchVariable: pulumi.String("QueryStringArgNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("not_suspicious"),
},
},
Overrides: cdn.FrontdoorFirewallPolicyManagedRuleOverrideArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
RuleGroupName: pulumi.String("PHP"),
Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
RuleId: pulumi.String("933100"),
Enabled: pulumi.Bool(false),
Action: pulumi.String("Block"),
},
},
},
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
RuleGroupName: pulumi.String("SQLI"),
Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs{
MatchVariable: pulumi.String("QueryStringArgNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("really_not_suspicious"),
},
},
Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
RuleId: pulumi.String("942200"),
Action: pulumi.String("Block"),
Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs{
MatchVariable: pulumi.String("QueryStringArgNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("innocent"),
},
},
},
},
},
},
},
&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
Type: pulumi.String("Microsoft_BotManagerRuleSet"),
Version: pulumi.String("1.0"),
Action: pulumi.String("Log"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.cdn.FrontdoorProfile;
import com.pulumi.azure.cdn.FrontdoorProfileArgs;
import com.pulumi.azure.cdn.FrontdoorFirewallPolicy;
import com.pulumi.azure.cdn.FrontdoorFirewallPolicyArgs;
import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyCustomRuleArgs;
import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyManagedRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var exampleFrontdoorProfile = new FrontdoorProfile("exampleFrontdoorProfile", FrontdoorProfileArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.skuName("Premium_AzureFrontDoor")
.build());
var exampleFrontdoorFirewallPolicy = new FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy", FrontdoorFirewallPolicyArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.skuName(exampleFrontdoorProfile.skuName())
.enabled(true)
.mode("Prevention")
.redirectUrl("https://www.contoso.com")
.customBlockResponseStatusCode(403)
.customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
.customRules(
FrontdoorFirewallPolicyCustomRuleArgs.builder()
.name("Rule1")
.enabled(true)
.priority(1)
.rateLimitDurationInMinutes(1)
.rateLimitThreshold(10)
.type("MatchRule")
.action("Block")
.matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RemoteAddr")
.operator("IPMatch")
.negationCondition(false)
.matchValues(
"10.0.1.0/24",
"10.0.0.0/24")
.build())
.build(),
FrontdoorFirewallPolicyCustomRuleArgs.builder()
.name("Rule2")
.enabled(true)
.priority(2)
.rateLimitDurationInMinutes(1)
.rateLimitThreshold(10)
.type("MatchRule")
.action("Block")
.matchConditions(
FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RemoteAddr")
.operator("IPMatch")
.negationCondition(false)
.matchValues("192.168.1.0/24")
.build(),
FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RequestHeader")
.selector("UserAgent")
.operator("Contains")
.negationCondition(false)
.matchValues("windows")
.transforms(
"Lowercase",
"Trim")
.build())
.build())
.managedRules(
FrontdoorFirewallPolicyManagedRuleArgs.builder()
.type("DefaultRuleSet")
.version("1.0")
.exclusions(FrontdoorFirewallPolicyManagedRuleExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("not_suspicious")
.build())
.overrides(
FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("PHP")
.rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
.ruleId("933100")
.enabled(false)
.action("Block")
.build())
.build(),
FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("SQLI")
.exclusions(FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("really_not_suspicious")
.build())
.rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
.ruleId("942200")
.action("Block")
.exclusions(FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("innocent")
.build())
.build())
.build())
.build(),
FrontdoorFirewallPolicyManagedRuleArgs.builder()
.type("Microsoft_BotManagerRuleSet")
.version("1.0")
.action("Log")
.build())
.build());
}
}
import pulumi
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_frontdoor_profile = azure.cdn.FrontdoorProfile("exampleFrontdoorProfile",
resource_group_name=example_resource_group.name,
sku_name="Premium_AzureFrontDoor")
example_frontdoor_firewall_policy = azure.cdn.FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy",
resource_group_name=example_resource_group.name,
sku_name=example_frontdoor_profile.sku_name,
enabled=True,
mode="Prevention",
redirect_url="https://www.contoso.com",
custom_block_response_status_code=403,
custom_block_response_body="PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
custom_rules=[
azure.cdn.FrontdoorFirewallPolicyCustomRuleArgs(
name="Rule1",
enabled=True,
priority=1,
rate_limit_duration_in_minutes=1,
rate_limit_threshold=10,
type="MatchRule",
action="Block",
match_conditions=[azure.cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs(
match_variable="RemoteAddr",
operator="IPMatch",
negation_condition=False,
match_values=[
"10.0.1.0/24",
"10.0.0.0/24",
],
)],
),
azure.cdn.FrontdoorFirewallPolicyCustomRuleArgs(
name="Rule2",
enabled=True,
priority=2,
rate_limit_duration_in_minutes=1,
rate_limit_threshold=10,
type="MatchRule",
action="Block",
match_conditions=[
azure.cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs(
match_variable="RemoteAddr",
operator="IPMatch",
negation_condition=False,
match_values=["192.168.1.0/24"],
),
azure.cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs(
match_variable="RequestHeader",
selector="UserAgent",
operator="Contains",
negation_condition=False,
match_values=["windows"],
transforms=[
"Lowercase",
"Trim",
],
),
],
),
],
managed_rules=[
azure.cdn.FrontdoorFirewallPolicyManagedRuleArgs(
type="DefaultRuleSet",
version="1.0",
exclusions=[azure.cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs(
match_variable="QueryStringArgNames",
operator="Equals",
selector="not_suspicious",
)],
overrides=[
azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs(
rule_group_name="PHP",
rules=[azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs(
rule_id="933100",
enabled=False,
action="Block",
)],
),
azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs(
rule_group_name="SQLI",
exclusions=[azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs(
match_variable="QueryStringArgNames",
operator="Equals",
selector="really_not_suspicious",
)],
rules=[azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs(
rule_id="942200",
action="Block",
exclusions=[azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs(
match_variable="QueryStringArgNames",
operator="Equals",
selector="innocent",
)],
)],
),
],
),
azure.cdn.FrontdoorFirewallPolicyManagedRuleArgs(
type="Microsoft_BotManagerRuleSet",
version="1.0",
action="Log",
),
])
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleFrontdoorProfile = new azure.cdn.FrontdoorProfile("exampleFrontdoorProfile", {
resourceGroupName: exampleResourceGroup.name,
skuName: "Premium_AzureFrontDoor",
});
const exampleFrontdoorFirewallPolicy = new azure.cdn.FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy", {
resourceGroupName: exampleResourceGroup.name,
skuName: exampleFrontdoorProfile.skuName,
enabled: true,
mode: "Prevention",
redirectUrl: "https://www.contoso.com",
customBlockResponseStatusCode: 403,
customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
customRules: [
{
name: "Rule1",
enabled: true,
priority: 1,
rateLimitDurationInMinutes: 1,
rateLimitThreshold: 10,
type: "MatchRule",
action: "Block",
matchConditions: [{
matchVariable: "RemoteAddr",
operator: "IPMatch",
negationCondition: false,
matchValues: [
"10.0.1.0/24",
"10.0.0.0/24",
],
}],
},
{
name: "Rule2",
enabled: true,
priority: 2,
rateLimitDurationInMinutes: 1,
rateLimitThreshold: 10,
type: "MatchRule",
action: "Block",
matchConditions: [
{
matchVariable: "RemoteAddr",
operator: "IPMatch",
negationCondition: false,
matchValues: ["192.168.1.0/24"],
},
{
matchVariable: "RequestHeader",
selector: "UserAgent",
operator: "Contains",
negationCondition: false,
matchValues: ["windows"],
transforms: [
"Lowercase",
"Trim",
],
},
],
},
],
managedRules: [
{
type: "DefaultRuleSet",
version: "1.0",
exclusions: [{
matchVariable: "QueryStringArgNames",
operator: "Equals",
selector: "not_suspicious",
}],
overrides: [
{
ruleGroupName: "PHP",
rules: [{
ruleId: "933100",
enabled: false,
action: "Block",
}],
},
{
ruleGroupName: "SQLI",
exclusions: [{
matchVariable: "QueryStringArgNames",
operator: "Equals",
selector: "really_not_suspicious",
}],
rules: [{
ruleId: "942200",
action: "Block",
exclusions: [{
matchVariable: "QueryStringArgNames",
operator: "Equals",
selector: "innocent",
}],
}],
},
],
},
{
type: "Microsoft_BotManagerRuleSet",
version: "1.0",
action: "Log",
},
],
});
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
properties:
location: West Europe
exampleFrontdoorProfile:
type: azure:cdn:FrontdoorProfile
properties:
resourceGroupName: ${exampleResourceGroup.name}
skuName: Premium_AzureFrontDoor
exampleFrontdoorFirewallPolicy:
type: azure:cdn:FrontdoorFirewallPolicy
properties:
resourceGroupName: ${exampleResourceGroup.name}
skuName: ${exampleFrontdoorProfile.skuName}
enabled: true
mode: Prevention
redirectUrl: https://www.contoso.com
customBlockResponseStatusCode: 403
customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
customRules:
- name: Rule1
enabled: true
priority: 1
rateLimitDurationInMinutes: 1
rateLimitThreshold: 10
type: MatchRule
action: Block
matchConditions:
- matchVariable: RemoteAddr
operator: IPMatch
negationCondition: false
matchValues:
- 10.0.1.0/24
- 10.0.0.0/24
- name: Rule2
enabled: true
priority: 2
rateLimitDurationInMinutes: 1
rateLimitThreshold: 10
type: MatchRule
action: Block
matchConditions:
- matchVariable: RemoteAddr
operator: IPMatch
negationCondition: false
matchValues:
- 192.168.1.0/24
- matchVariable: RequestHeader
selector: UserAgent
operator: Contains
negationCondition: false
matchValues:
- windows
transforms:
- Lowercase
- Trim
managedRules:
- type: DefaultRuleSet
version: '1.0'
exclusions:
- matchVariable: QueryStringArgNames
operator: Equals
selector: not_suspicious
overrides:
- ruleGroupName: PHP
rules:
- ruleId: '933100'
enabled: false
action: Block
- ruleGroupName: SQLI
exclusions:
- matchVariable: QueryStringArgNames
operator: Equals
selector: really_not_suspicious
rules:
- ruleId: '942200'
action: Block
exclusions:
- matchVariable: QueryStringArgNames
operator: Equals
selector: innocent
- type: Microsoft_BotManagerRuleSet
version: '1.0'
action: Log
Create FrontdoorFirewallPolicy Resource
new FrontdoorFirewallPolicy(name: string, args: FrontdoorFirewallPolicyArgs, opts?: CustomResourceOptions);
@overload
def FrontdoorFirewallPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
custom_block_response_body: Optional[str] = None,
custom_block_response_status_code: Optional[int] = None,
custom_rules: Optional[Sequence[FrontdoorFirewallPolicyCustomRuleArgs]] = None,
enabled: Optional[bool] = None,
managed_rules: Optional[Sequence[FrontdoorFirewallPolicyManagedRuleArgs]] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
redirect_url: Optional[str] = None,
resource_group_name: Optional[str] = None,
sku_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
@overload
def FrontdoorFirewallPolicy(resource_name: str,
args: FrontdoorFirewallPolicyArgs,
opts: Optional[ResourceOptions] = None)
func NewFrontdoorFirewallPolicy(ctx *Context, name string, args FrontdoorFirewallPolicyArgs, opts ...ResourceOption) (*FrontdoorFirewallPolicy, error)
public FrontdoorFirewallPolicy(string name, FrontdoorFirewallPolicyArgs args, CustomResourceOptions? opts = null)
public FrontdoorFirewallPolicy(String name, FrontdoorFirewallPolicyArgs args)
public FrontdoorFirewallPolicy(String name, FrontdoorFirewallPolicyArgs args, CustomResourceOptions options)
type: azure:cdn:FrontdoorFirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FrontdoorFirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FrontdoorFirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FrontdoorFirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FrontdoorFirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FrontdoorFirewallPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
FrontdoorFirewallPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The FrontdoorFirewallPolicy resource accepts the following input properties:
- Mode string
The Front Door Firewall Policy mode. Possible values are
Detection
,Prevention
.NOTE: When run in
Detection
mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- Resource
Group stringName The name of the resource group. Changing this forces a new resource to be created.
- Sku
Name string The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoor
orPremium_AzureFrontDoor
. Changing this forces a new resource to be created.NOTE: The
Standard_AzureFrontDoor
Front Door Firewall Policy sku may containcustom
rules only. ThePremium_AzureFrontDoor
Front Door Firewall Policy skus may contain bothcustom
andmanaged
rules.- Custom
Block stringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- Custom
Block intResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- Custom
Rules List<FrontdoorFirewall Policy Custom Rule> One or more
custom_rule
blocks as defined below.- Enabled bool
Is the Front Door Firewall Policy enabled? Defaults to
true
.- Managed
Rules List<FrontdoorFirewall Policy Managed Rule> One or more
managed_rule
blocks as defined below.- Name string
The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string If action type is redirect, this field represents redirect URL for the client.
- Dictionary<string, string>
A mapping of tags to assign to the Front Door Firewall Policy.
- Mode string
The Front Door Firewall Policy mode. Possible values are
Detection
,Prevention
.NOTE: When run in
Detection
mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- Resource
Group stringName The name of the resource group. Changing this forces a new resource to be created.
- Sku
Name string The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoor
orPremium_AzureFrontDoor
. Changing this forces a new resource to be created.NOTE: The
Standard_AzureFrontDoor
Front Door Firewall Policy sku may containcustom
rules only. ThePremium_AzureFrontDoor
Front Door Firewall Policy skus may contain bothcustom
andmanaged
rules.- Custom
Block stringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- Custom
Block intResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- Custom
Rules []FrontdoorFirewall Policy Custom Rule Args One or more
custom_rule
blocks as defined below.- Enabled bool
Is the Front Door Firewall Policy enabled? Defaults to
true
.- Managed
Rules []FrontdoorFirewall Policy Managed Rule Args One or more
managed_rule
blocks as defined below.- Name string
The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string If action type is redirect, this field represents redirect URL for the client.
- map[string]string
A mapping of tags to assign to the Front Door Firewall Policy.
- mode String
The Front Door Firewall Policy mode. Possible values are
Detection
,Prevention
.NOTE: When run in
Detection
mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- resource
Group StringName The name of the resource group. Changing this forces a new resource to be created.
- sku
Name String The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoor
orPremium_AzureFrontDoor
. Changing this forces a new resource to be created.NOTE: The
Standard_AzureFrontDoor
Front Door Firewall Policy sku may containcustom
rules only. ThePremium_AzureFrontDoor
Front Door Firewall Policy skus may contain bothcustom
andmanaged
rules.- custom
Block StringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom
Block IntegerResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom
Rules List<FrontdoorFirewall Policy Custom Rule> One or more
custom_rule
blocks as defined below.- enabled Boolean
Is the Front Door Firewall Policy enabled? Defaults to
true
.- managed
Rules List<FrontdoorFirewall Policy Managed Rule> One or more
managed_rule
blocks as defined below.- name String
The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String If action type is redirect, this field represents redirect URL for the client.
- Map<String,String>
A mapping of tags to assign to the Front Door Firewall Policy.
- mode string
The Front Door Firewall Policy mode. Possible values are
Detection
,Prevention
.NOTE: When run in
Detection
mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- resource
Group stringName The name of the resource group. Changing this forces a new resource to be created.
- sku
Name string The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoor
orPremium_AzureFrontDoor
. Changing this forces a new resource to be created.NOTE: The
Standard_AzureFrontDoor
Front Door Firewall Policy sku may containcustom
rules only. ThePremium_AzureFrontDoor
Front Door Firewall Policy skus may contain bothcustom
andmanaged
rules.- custom
Block stringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom
Block numberResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom
Rules FrontdoorFirewall Policy Custom Rule[] One or more
custom_rule
blocks as defined below.- enabled boolean
Is the Front Door Firewall Policy enabled? Defaults to
true
.- managed
Rules FrontdoorFirewall Policy Managed Rule[] One or more
managed_rule
blocks as defined below.- name string
The name of the policy. Changing this forces a new resource to be created.
- redirect
Url string If action type is redirect, this field represents redirect URL for the client.
- {[key: string]: string}
A mapping of tags to assign to the Front Door Firewall Policy.
- mode str
The Front Door Firewall Policy mode. Possible values are
Detection
,Prevention
.NOTE: When run in
Detection
mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- resource_
group_ strname The name of the resource group. Changing this forces a new resource to be created.
- sku_
name str The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoor
orPremium_AzureFrontDoor
. Changing this forces a new resource to be created.NOTE: The
Standard_AzureFrontDoor
Front Door Firewall Policy sku may containcustom
rules only. ThePremium_AzureFrontDoor
Front Door Firewall Policy skus may contain bothcustom
andmanaged
rules.- custom_
block_ strresponse_ body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom_
block_ intresponse_ status_ code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom_
rules Sequence[FrontdoorFirewall Policy Custom Rule Args] One or more
custom_rule
blocks as defined below.- enabled bool
Is the Front Door Firewall Policy enabled? Defaults to
true
.- managed_
rules Sequence[FrontdoorFirewall Policy Managed Rule Args] One or more
managed_rule
blocks as defined below.- name str
The name of the policy. Changing this forces a new resource to be created.
- redirect_
url str If action type is redirect, this field represents redirect URL for the client.
- Mapping[str, str]
A mapping of tags to assign to the Front Door Firewall Policy.
- mode String
The Front Door Firewall Policy mode. Possible values are
Detection
,Prevention
.NOTE: When run in
Detection
mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- resource
Group StringName The name of the resource group. Changing this forces a new resource to be created.
- sku
Name String The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoor
orPremium_AzureFrontDoor
. Changing this forces a new resource to be created.NOTE: The
Standard_AzureFrontDoor
Front Door Firewall Policy sku may containcustom
rules only. ThePremium_AzureFrontDoor
Front Door Firewall Policy skus may contain bothcustom
andmanaged
rules.- custom
Block StringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom
Block NumberResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom
Rules List<Property Map> One or more
custom_rule
blocks as defined below.- enabled Boolean
Is the Front Door Firewall Policy enabled? Defaults to
true
.- managed
Rules List<Property Map> One or more
managed_rule
blocks as defined below.- name String
The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String If action type is redirect, this field represents redirect URL for the client.
- Map<String>
A mapping of tags to assign to the Front Door Firewall Policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the FrontdoorFirewallPolicy resource produces the following output properties:
- Frontend
Endpoint List<string>Ids The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- Id string
The provider-assigned unique ID for this managed resource.
- Frontend
Endpoint []stringIds The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- Id string
The provider-assigned unique ID for this managed resource.
- frontend
Endpoint List<String>Ids The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- id String
The provider-assigned unique ID for this managed resource.
- frontend
Endpoint string[]Ids The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- id string
The provider-assigned unique ID for this managed resource.
- frontend_
endpoint_ Sequence[str]ids The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- id str
The provider-assigned unique ID for this managed resource.
- frontend
Endpoint List<String>Ids The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing FrontdoorFirewallPolicy Resource
Get an existing FrontdoorFirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FrontdoorFirewallPolicyState, opts?: CustomResourceOptions): FrontdoorFirewallPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
custom_block_response_body: Optional[str] = None,
custom_block_response_status_code: Optional[int] = None,
custom_rules: Optional[Sequence[FrontdoorFirewallPolicyCustomRuleArgs]] = None,
enabled: Optional[bool] = None,
frontend_endpoint_ids: Optional[Sequence[str]] = None,
managed_rules: Optional[Sequence[FrontdoorFirewallPolicyManagedRuleArgs]] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
redirect_url: Optional[str] = None,
resource_group_name: Optional[str] = None,
sku_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None) -> FrontdoorFirewallPolicy
func GetFrontdoorFirewallPolicy(ctx *Context, name string, id IDInput, state *FrontdoorFirewallPolicyState, opts ...ResourceOption) (*FrontdoorFirewallPolicy, error)
public static FrontdoorFirewallPolicy Get(string name, Input<string> id, FrontdoorFirewallPolicyState? state, CustomResourceOptions? opts = null)
public static FrontdoorFirewallPolicy get(String name, Output<String> id, FrontdoorFirewallPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Custom
Block stringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- Custom
Block intResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- Custom
Rules List<FrontdoorFirewall Policy Custom Rule> One or more
custom_rule
blocks as defined below.- Enabled bool
Is the Front Door Firewall Policy enabled? Defaults to
true
.- Frontend
Endpoint List<string>Ids The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- Managed
Rules List<FrontdoorFirewall Policy Managed Rule> One or more
managed_rule
blocks as defined below.- Mode string
The Front Door Firewall Policy mode. Possible values are
Detection
,Prevention
.NOTE: When run in
Detection
mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- Name string
The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string If action type is redirect, this field represents redirect URL for the client.
- Resource
Group stringName The name of the resource group. Changing this forces a new resource to be created.
- Sku
Name string The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoor
orPremium_AzureFrontDoor
. Changing this forces a new resource to be created.NOTE: The
Standard_AzureFrontDoor
Front Door Firewall Policy sku may containcustom
rules only. ThePremium_AzureFrontDoor
Front Door Firewall Policy skus may contain bothcustom
andmanaged
rules.- Dictionary<string, string>
A mapping of tags to assign to the Front Door Firewall Policy.
- Custom
Block stringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- Custom
Block intResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- Custom
Rules []FrontdoorFirewall Policy Custom Rule Args One or more
custom_rule
blocks as defined below.- Enabled bool
Is the Front Door Firewall Policy enabled? Defaults to
true
.- Frontend
Endpoint []stringIds The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- Managed
Rules []FrontdoorFirewall Policy Managed Rule Args One or more
managed_rule
blocks as defined below.- Mode string
The Front Door Firewall Policy mode. Possible values are
Detection
,Prevention
.NOTE: When run in
Detection
mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- Name string
The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string If action type is redirect, this field represents redirect URL for the client.
- Resource
Group stringName The name of the resource group. Changing this forces a new resource to be created.
- Sku
Name string The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoor
orPremium_AzureFrontDoor
. Changing this forces a new resource to be created.NOTE: The
Standard_AzureFrontDoor
Front Door Firewall Policy sku may containcustom
rules only. ThePremium_AzureFrontDoor
Front Door Firewall Policy skus may contain bothcustom
andmanaged
rules.- map[string]string
A mapping of tags to assign to the Front Door Firewall Policy.
- custom
Block StringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom
Block IntegerResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom
Rules List<FrontdoorFirewall Policy Custom Rule> One or more
custom_rule
blocks as defined below.- enabled Boolean
Is the Front Door Firewall Policy enabled? Defaults to
true
.- frontend
Endpoint List<String>Ids The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- managed
Rules List<FrontdoorFirewall Policy Managed Rule> One or more
managed_rule
blocks as defined below.- mode String
The Front Door Firewall Policy mode. Possible values are
Detection
,Prevention
.NOTE: When run in
Detection
mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- name String
The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String If action type is redirect, this field represents redirect URL for the client.
- resource
Group StringName The name of the resource group. Changing this forces a new resource to be created.
- sku
Name String The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoor
orPremium_AzureFrontDoor
. Changing this forces a new resource to be created.NOTE: The
Standard_AzureFrontDoor
Front Door Firewall Policy sku may containcustom
rules only. ThePremium_AzureFrontDoor
Front Door Firewall Policy skus may contain bothcustom
andmanaged
rules.- Map<String,String>
A mapping of tags to assign to the Front Door Firewall Policy.
- custom
Block stringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom
Block numberResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom
Rules FrontdoorFirewall Policy Custom Rule[] One or more
custom_rule
blocks as defined below.- enabled boolean
Is the Front Door Firewall Policy enabled? Defaults to
true
.- frontend
Endpoint string[]Ids The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- managed
Rules FrontdoorFirewall Policy Managed Rule[] One or more
managed_rule
blocks as defined below.- mode string
The Front Door Firewall Policy mode. Possible values are
Detection
,Prevention
.NOTE: When run in
Detection
mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- name string
The name of the policy. Changing this forces a new resource to be created.
- redirect
Url string If action type is redirect, this field represents redirect URL for the client.
- resource
Group stringName The name of the resource group. Changing this forces a new resource to be created.
- sku
Name string The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoor
orPremium_AzureFrontDoor
. Changing this forces a new resource to be created.NOTE: The
Standard_AzureFrontDoor
Front Door Firewall Policy sku may containcustom
rules only. ThePremium_AzureFrontDoor
Front Door Firewall Policy skus may contain bothcustom
andmanaged
rules.- {[key: string]: string}
A mapping of tags to assign to the Front Door Firewall Policy.
- custom_
block_ strresponse_ body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom_
block_ intresponse_ status_ code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom_
rules Sequence[FrontdoorFirewall Policy Custom Rule Args] One or more
custom_rule
blocks as defined below.- enabled bool
Is the Front Door Firewall Policy enabled? Defaults to
true
.- frontend_
endpoint_ Sequence[str]ids The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- managed_
rules Sequence[FrontdoorFirewall Policy Managed Rule Args] One or more
managed_rule
blocks as defined below.- mode str
The Front Door Firewall Policy mode. Possible values are
Detection
,Prevention
.NOTE: When run in
Detection
mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- name str
The name of the policy. Changing this forces a new resource to be created.
- redirect_
url str If action type is redirect, this field represents redirect URL for the client.
- resource_
group_ strname The name of the resource group. Changing this forces a new resource to be created.
- sku_
name str The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoor
orPremium_AzureFrontDoor
. Changing this forces a new resource to be created.NOTE: The
Standard_AzureFrontDoor
Front Door Firewall Policy sku may containcustom
rules only. ThePremium_AzureFrontDoor
Front Door Firewall Policy skus may contain bothcustom
andmanaged
rules.- Mapping[str, str]
A mapping of tags to assign to the Front Door Firewall Policy.
- custom
Block StringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom
Block NumberResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom
Rules List<Property Map> One or more
custom_rule
blocks as defined below.- enabled Boolean
Is the Front Door Firewall Policy enabled? Defaults to
true
.- frontend
Endpoint List<String>Ids The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- managed
Rules List<Property Map> One or more
managed_rule
blocks as defined below.- mode String
The Front Door Firewall Policy mode. Possible values are
Detection
,Prevention
.NOTE: When run in
Detection
mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- name String
The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String If action type is redirect, this field represents redirect URL for the client.
- resource
Group StringName The name of the resource group. Changing this forces a new resource to be created.
- sku
Name String The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoor
orPremium_AzureFrontDoor
. Changing this forces a new resource to be created.NOTE: The
Standard_AzureFrontDoor
Front Door Firewall Policy sku may containcustom
rules only. ThePremium_AzureFrontDoor
Front Door Firewall Policy skus may contain bothcustom
andmanaged
rules.- Map<String>
A mapping of tags to assign to the Front Door Firewall Policy.
Supporting Types
FrontdoorFirewallPolicyCustomRule, FrontdoorFirewallPolicyCustomRuleArgs
- Action string
The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
.- Name string
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- Type string
The type of rule. Possible values are
MatchRule
orRateLimitRule
.- Enabled bool
Is the rule is enabled or disabled? Defaults to
true
.- Match
Conditions List<FrontdoorFirewall Policy Custom Rule Match Condition> One or more
match_condition
block defined below. Can support up to10
match_condition
blocks.- Priority int
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
.- Rate
Limit intDuration In Minutes The rate limit duration in minutes. Defaults to
1
.- Rate
Limit intThreshold The rate limit threshold. Defaults to
10
.
- Action string
The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
.- Name string
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- Type string
The type of rule. Possible values are
MatchRule
orRateLimitRule
.- Enabled bool
Is the rule is enabled or disabled? Defaults to
true
.- Match
Conditions []FrontdoorFirewall Policy Custom Rule Match Condition One or more
match_condition
block defined below. Can support up to10
match_condition
blocks.- Priority int
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
.- Rate
Limit intDuration In Minutes The rate limit duration in minutes. Defaults to
1
.- Rate
Limit intThreshold The rate limit threshold. Defaults to
10
.
- action String
The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
.- name String
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type String
The type of rule. Possible values are
MatchRule
orRateLimitRule
.- enabled Boolean
Is the rule is enabled or disabled? Defaults to
true
.- match
Conditions List<FrontdoorFirewall Policy Custom Rule Match Condition> One or more
match_condition
block defined below. Can support up to10
match_condition
blocks.- priority Integer
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
.- rate
Limit IntegerDuration In Minutes The rate limit duration in minutes. Defaults to
1
.- rate
Limit IntegerThreshold The rate limit threshold. Defaults to
10
.
- action string
The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
.- name string
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type string
The type of rule. Possible values are
MatchRule
orRateLimitRule
.- enabled boolean
Is the rule is enabled or disabled? Defaults to
true
.- match
Conditions FrontdoorFirewall Policy Custom Rule Match Condition[] One or more
match_condition
block defined below. Can support up to10
match_condition
blocks.- priority number
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
.- rate
Limit numberDuration In Minutes The rate limit duration in minutes. Defaults to
1
.- rate
Limit numberThreshold The rate limit threshold. Defaults to
10
.
- action str
The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
.- name str
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type str
The type of rule. Possible values are
MatchRule
orRateLimitRule
.- enabled bool
Is the rule is enabled or disabled? Defaults to
true
.- match_
conditions Sequence[FrontdoorFirewall Policy Custom Rule Match Condition] One or more
match_condition
block defined below. Can support up to10
match_condition
blocks.- priority int
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
.- rate_
limit_ intduration_ in_ minutes The rate limit duration in minutes. Defaults to
1
.- rate_
limit_ intthreshold The rate limit threshold. Defaults to
10
.
- action String
The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
.- name String
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type String
The type of rule. Possible values are
MatchRule
orRateLimitRule
.- enabled Boolean
Is the rule is enabled or disabled? Defaults to
true
.- match
Conditions List<Property Map> One or more
match_condition
block defined below. Can support up to10
match_condition
blocks.- priority Number
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
.- rate
Limit NumberDuration In Minutes The rate limit duration in minutes. Defaults to
1
.- rate
Limit NumberThreshold The rate limit threshold. Defaults to
10
.
FrontdoorFirewallPolicyCustomRuleMatchCondition, FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
- Match
Values List<string> Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters in length.- Match
Variable string The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
.- Operator string
Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
.- Negation
Condition bool Should the result of the condition be negated.
- Selector string
Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
.- Transforms List<string>
Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- Match
Values []string Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters in length.- Match
Variable string The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
.- Operator string
Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
.- Negation
Condition bool Should the result of the condition be negated.
- Selector string
Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
.- Transforms []string
Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- match
Values List<String> Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters in length.- match
Variable String The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
.- operator String
Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
.- negation
Condition Boolean Should the result of the condition be negated.
- selector String
Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
.- transforms List<String>
Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- match
Values string[] Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters in length.- match
Variable string The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
.- operator string
Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
.- negation
Condition boolean Should the result of the condition be negated.
- selector string
Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
.- transforms string[]
Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- match_
values Sequence[str] Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters in length.- match_
variable str The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
.- operator str
Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
.- negation_
condition bool Should the result of the condition be negated.
- selector str
Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
.- transforms Sequence[str]
Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- match
Values List<String> Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters in length.- match
Variable String The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
.- operator String
Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
.- negation
Condition Boolean Should the result of the condition be negated.
- selector String
Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
.- transforms List<String>
Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
FrontdoorFirewallPolicyManagedRule, FrontdoorFirewallPolicyManagedRuleArgs
- Action string
The action to perform for all DRS rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the DRS you are using. Possible values include
Allow
,Log
,Block
, andRedirect
.- Type string
The name of the managed rule to use with this resource. Possible values include
DefaultRuleSet
,Microsoft_DefaultRuleSet
,BotProtection
orMicrosoft_BotManagerRuleSet
.- Version string
The version of the managed rule to use with this resource. Possible values depends on which DRS type you are using, for the
DefaultRuleSet
type the possible values include1.0
orpreview-0.1
. ForMicrosoft_DefaultRuleSet
the possible values include1.1
,2.0
or2.1
. ForBotProtection
the value must bepreview-0.1
and forMicrosoft_BotManagerRuleSet
the value must be1.0
.- Exclusions
List<Frontdoor
Firewall Policy Managed Rule Exclusion> One or more
exclusion
blocks as defined below.- Overrides
List<Frontdoor
Firewall Policy Managed Rule Override> One or more
override
blocks as defined below.
- Action string
The action to perform for all DRS rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the DRS you are using. Possible values include
Allow
,Log
,Block
, andRedirect
.- Type string
The name of the managed rule to use with this resource. Possible values include
DefaultRuleSet
,Microsoft_DefaultRuleSet
,BotProtection
orMicrosoft_BotManagerRuleSet
.- Version string
The version of the managed rule to use with this resource. Possible values depends on which DRS type you are using, for the
DefaultRuleSet
type the possible values include1.0
orpreview-0.1
. ForMicrosoft_DefaultRuleSet
the possible values include1.1
,2.0
or2.1
. ForBotProtection
the value must bepreview-0.1
and forMicrosoft_BotManagerRuleSet
the value must be1.0
.- Exclusions
[]Frontdoor
Firewall Policy Managed Rule Exclusion One or more
exclusion
blocks as defined below.- Overrides
[]Frontdoor
Firewall Policy Managed Rule Override One or more
override
blocks as defined below.
- action String
The action to perform for all DRS rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the DRS you are using. Possible values include
Allow
,Log
,Block
, andRedirect
.- type String
The name of the managed rule to use with this resource. Possible values include
DefaultRuleSet
,Microsoft_DefaultRuleSet
,BotProtection
orMicrosoft_BotManagerRuleSet
.- version String
The version of the managed rule to use with this resource. Possible values depends on which DRS type you are using, for the
DefaultRuleSet
type the possible values include1.0
orpreview-0.1
. ForMicrosoft_DefaultRuleSet
the possible values include1.1
,2.0
or2.1
. ForBotProtection
the value must bepreview-0.1
and forMicrosoft_BotManagerRuleSet
the value must be1.0
.- exclusions
List<Frontdoor
Firewall Policy Managed Rule Exclusion> One or more
exclusion
blocks as defined below.- overrides
List<Frontdoor
Firewall Policy Managed Rule Override> One or more
override
blocks as defined below.
- action string
The action to perform for all DRS rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the DRS you are using. Possible values include
Allow
,Log
,Block
, andRedirect
.- type string
The name of the managed rule to use with this resource. Possible values include
DefaultRuleSet
,Microsoft_DefaultRuleSet
,BotProtection
orMicrosoft_BotManagerRuleSet
.- version string
The version of the managed rule to use with this resource. Possible values depends on which DRS type you are using, for the
DefaultRuleSet
type the possible values include1.0
orpreview-0.1
. ForMicrosoft_DefaultRuleSet
the possible values include1.1
,2.0
or2.1
. ForBotProtection
the value must bepreview-0.1
and forMicrosoft_BotManagerRuleSet
the value must be1.0
.- exclusions
Frontdoor
Firewall Policy Managed Rule Exclusion[] One or more
exclusion
blocks as defined below.- overrides
Frontdoor
Firewall Policy Managed Rule Override[] One or more
override
blocks as defined below.
- action str
The action to perform for all DRS rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the DRS you are using. Possible values include
Allow
,Log
,Block
, andRedirect
.- type str
The name of the managed rule to use with this resource. Possible values include
DefaultRuleSet
,Microsoft_DefaultRuleSet
,BotProtection
orMicrosoft_BotManagerRuleSet
.- version str
The version of the managed rule to use with this resource. Possible values depends on which DRS type you are using, for the
DefaultRuleSet
type the possible values include1.0
orpreview-0.1
. ForMicrosoft_DefaultRuleSet
the possible values include1.1
,2.0
or2.1
. ForBotProtection
the value must bepreview-0.1
and forMicrosoft_BotManagerRuleSet
the value must be1.0
.- exclusions
Sequence[Frontdoor
Firewall Policy Managed Rule Exclusion] One or more
exclusion
blocks as defined below.- overrides
Sequence[Frontdoor
Firewall Policy Managed Rule Override] One or more
override
blocks as defined below.
- action String
The action to perform for all DRS rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the DRS you are using. Possible values include
Allow
,Log
,Block
, andRedirect
.- type String
The name of the managed rule to use with this resource. Possible values include
DefaultRuleSet
,Microsoft_DefaultRuleSet
,BotProtection
orMicrosoft_BotManagerRuleSet
.- version String
The version of the managed rule to use with this resource. Possible values depends on which DRS type you are using, for the
DefaultRuleSet
type the possible values include1.0
orpreview-0.1
. ForMicrosoft_DefaultRuleSet
the possible values include1.1
,2.0
or2.1
. ForBotProtection
the value must bepreview-0.1
and forMicrosoft_BotManagerRuleSet
the value must be1.0
.- exclusions List<Property Map>
One or more
exclusion
blocks as defined below.- overrides List<Property Map>
One or more
override
blocks as defined below.
FrontdoorFirewallPolicyManagedRuleExclusion, FrontdoorFirewallPolicyManagedRuleExclusionArgs
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- Operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- Selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- Operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- Selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- operator String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector String
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- match_
variable str The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- operator str
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector str
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- operator String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector String
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
FrontdoorFirewallPolicyManagedRuleOverride, FrontdoorFirewallPolicyManagedRuleOverrideArgs
- Rule
Group stringName The managed rule group to override.
- Exclusions
List<Frontdoor
Firewall Policy Managed Rule Override Exclusion> One or more
exclusion
blocks as defined below.- Rules
List<Frontdoor
Firewall Policy Managed Rule Override Rule> One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- Rule
Group stringName The managed rule group to override.
- Exclusions
[]Frontdoor
Firewall Policy Managed Rule Override Exclusion One or more
exclusion
blocks as defined below.- Rules
[]Frontdoor
Firewall Policy Managed Rule Override Rule One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule
Group StringName The managed rule group to override.
- exclusions
List<Frontdoor
Firewall Policy Managed Rule Override Exclusion> One or more
exclusion
blocks as defined below.- rules
List<Frontdoor
Firewall Policy Managed Rule Override Rule> One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule
Group stringName The managed rule group to override.
- exclusions
Frontdoor
Firewall Policy Managed Rule Override Exclusion[] One or more
exclusion
blocks as defined below.- rules
Frontdoor
Firewall Policy Managed Rule Override Rule[] One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule_
group_ strname The managed rule group to override.
- exclusions
Sequence[Frontdoor
Firewall Policy Managed Rule Override Exclusion] One or more
exclusion
blocks as defined below.- rules
Sequence[Frontdoor
Firewall Policy Managed Rule Override Rule] One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule
Group StringName The managed rule group to override.
- exclusions List<Property Map>
One or more
exclusion
blocks as defined below.- rules List<Property Map>
One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
FrontdoorFirewallPolicyManagedRuleOverrideExclusion, FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- Operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- Selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- Operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- Selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- operator String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector String
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- match_
variable str The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- operator str
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector str
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- operator String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector String
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
FrontdoorFirewallPolicyManagedRuleOverrideRule, FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
- Action string
The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DRS
1.1
and below areAllow
,Log
,Block
, andRedirect
. For DRS2.0
and above the possible values areLog
orAnomalyScoring
.->NOTE: Please see the DRS product documentation for more information.
- Rule
Id string Identifier for the managed rule.
- Enabled bool
Is the managed rule override enabled or disabled. Defaults to
false
- Exclusions
List<Frontdoor
Firewall Policy Managed Rule Override Rule Exclusion> One or more
exclusion
blocks as defined below.
- Action string
The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DRS
1.1
and below areAllow
,Log
,Block
, andRedirect
. For DRS2.0
and above the possible values areLog
orAnomalyScoring
.->NOTE: Please see the DRS product documentation for more information.
- Rule
Id string Identifier for the managed rule.
- Enabled bool
Is the managed rule override enabled or disabled. Defaults to
false
- Exclusions
[]Frontdoor
Firewall Policy Managed Rule Override Rule Exclusion One or more
exclusion
blocks as defined below.
- action String
The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DRS
1.1
and below areAllow
,Log
,Block
, andRedirect
. For DRS2.0
and above the possible values areLog
orAnomalyScoring
.->NOTE: Please see the DRS product documentation for more information.
- rule
Id String Identifier for the managed rule.
- enabled Boolean
Is the managed rule override enabled or disabled. Defaults to
false
- exclusions
List<Frontdoor
Firewall Policy Managed Rule Override Rule Exclusion> One or more
exclusion
blocks as defined below.
- action string
The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DRS
1.1
and below areAllow
,Log
,Block
, andRedirect
. For DRS2.0
and above the possible values areLog
orAnomalyScoring
.->NOTE: Please see the DRS product documentation for more information.
- rule
Id string Identifier for the managed rule.
- enabled boolean
Is the managed rule override enabled or disabled. Defaults to
false
- exclusions
Frontdoor
Firewall Policy Managed Rule Override Rule Exclusion[] One or more
exclusion
blocks as defined below.
- action str
The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DRS
1.1
and below areAllow
,Log
,Block
, andRedirect
. For DRS2.0
and above the possible values areLog
orAnomalyScoring
.->NOTE: Please see the DRS product documentation for more information.
- rule_
id str Identifier for the managed rule.
- enabled bool
Is the managed rule override enabled or disabled. Defaults to
false
- exclusions
Sequence[Frontdoor
Firewall Policy Managed Rule Override Rule Exclusion] One or more
exclusion
blocks as defined below.
- action String
The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DRS
1.1
and below areAllow
,Log
,Block
, andRedirect
. For DRS2.0
and above the possible values areLog
orAnomalyScoring
.->NOTE: Please see the DRS product documentation for more information.
- rule
Id String Identifier for the managed rule.
- enabled Boolean
Is the managed rule override enabled or disabled. Defaults to
false
- exclusions List<Property Map>
One or more
exclusion
blocks as defined below.
FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion, FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- Operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- Selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- Operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- Selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- operator String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector String
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- match_
variable str The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- operator str
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector str
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
,RequestBodyJsonArgNames
NOTE:
RequestBodyJsonArgNames
is only available on Default Rule Set (DRS) 2.0 or later- operator String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector String
Selector for the value in the
match_variable
attribute this exclusion applies to.NOTE:
selector
must be set to*
ifoperator
is set toEqualsAny
.
Import
Front Door Firewall Policies can be imported using the resource id
, e.g.
$ pulumi import azure:cdn/frontdoorFirewallPolicy:FrontdoorFirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/firewallPolicy1
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurerm
Terraform Provider.