Docs Home
We recommend using Azure Native.
azure.cdn.FrontdoorFirewallPolicy
Explore with Pulumi AI
Manages a Front Door (standard/premium) Firewall Policy instance.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-cdn-frontdoor",
location: "West Europe",
});
const exampleFrontdoorProfile = new azure.cdn.FrontdoorProfile("example", {
name: "example-profile",
resourceGroupName: example.name,
skuName: "Premium_AzureFrontDoor",
});
const exampleFrontdoorFirewallPolicy = new azure.cdn.FrontdoorFirewallPolicy("example", {
name: "examplecdnfdwafpolicy",
resourceGroupName: example.name,
skuName: exampleFrontdoorProfile.skuName,
enabled: true,
mode: "Prevention",
redirectUrl: "https://www.contoso.com",
customBlockResponseStatusCode: 403,
customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
jsChallengeCookieExpirationInMinutes: 45,
logScrubbing: {
enabled: true,
scrubbingRules: [{
enabled: true,
matchVariable: "RequestCookieNames",
operator: "Equals",
selector: "ChocolateChip",
}],
},
customRules: [
{
name: "Rule1",
enabled: true,
priority: 1,
rateLimitDurationInMinutes: 1,
rateLimitThreshold: 10,
type: "MatchRule",
action: "Block",
matchConditions: [{
matchVariable: "RemoteAddr",
operator: "IPMatch",
negationCondition: false,
matchValues: [
"10.0.1.0/24",
"10.0.0.0/24",
],
}],
},
{
name: "Rule2",
enabled: true,
priority: 50,
rateLimitDurationInMinutes: 1,
rateLimitThreshold: 10,
type: "MatchRule",
action: "Block",
matchConditions: [
{
matchVariable: "RemoteAddr",
operator: "IPMatch",
negationCondition: false,
matchValues: ["192.168.1.0/24"],
},
{
matchVariable: "RequestHeader",
selector: "UserAgent",
operator: "Contains",
negationCondition: false,
matchValues: ["windows"],
transforms: [
"Lowercase",
"Trim",
],
},
],
},
{
name: "CustomJSChallenge",
enabled: true,
priority: 100,
rateLimitDurationInMinutes: 1,
rateLimitThreshold: 10,
type: "MatchRule",
action: "JSChallenge",
matchConditions: [{
matchVariable: "RemoteAddr",
operator: "IPMatch",
negationCondition: false,
matchValues: ["192.168.1.0/24"],
}],
},
],
managedRules: [
{
type: "DefaultRuleSet",
version: "1.0",
action: "Log",
exclusions: [{
matchVariable: "QueryStringArgNames",
operator: "Equals",
selector: "not_suspicious",
}],
overrides: [
{
ruleGroupName: "PHP",
rules: [{
ruleId: "933100",
enabled: false,
action: "Block",
}],
},
{
ruleGroupName: "SQLI",
exclusions: [{
matchVariable: "QueryStringArgNames",
operator: "Equals",
selector: "really_not_suspicious",
}],
rules: [{
ruleId: "942200",
action: "Block",
exclusions: [{
matchVariable: "QueryStringArgNames",
operator: "Equals",
selector: "innocent",
}],
}],
},
],
},
{
type: "Microsoft_BotManagerRuleSet",
version: "1.1",
action: "Log",
overrides: [{
ruleGroupName: "BadBots",
rules: [{
action: "JSChallenge",
enabled: true,
ruleId: "Bot100200",
}],
}],
},
],
});
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-cdn-frontdoor",
location="West Europe")
example_frontdoor_profile = azure.cdn.FrontdoorProfile("example",
name="example-profile",
resource_group_name=example.name,
sku_name="Premium_AzureFrontDoor")
example_frontdoor_firewall_policy = azure.cdn.FrontdoorFirewallPolicy("example",
name="examplecdnfdwafpolicy",
resource_group_name=example.name,
sku_name=example_frontdoor_profile.sku_name,
enabled=True,
mode="Prevention",
redirect_url="https://www.contoso.com",
custom_block_response_status_code=403,
custom_block_response_body="PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
js_challenge_cookie_expiration_in_minutes=45,
log_scrubbing={
"enabled": True,
"scrubbing_rules": [{
"enabled": True,
"match_variable": "RequestCookieNames",
"operator": "Equals",
"selector": "ChocolateChip",
}],
},
custom_rules=[
{
"name": "Rule1",
"enabled": True,
"priority": 1,
"rate_limit_duration_in_minutes": 1,
"rate_limit_threshold": 10,
"type": "MatchRule",
"action": "Block",
"match_conditions": [{
"match_variable": "RemoteAddr",
"operator": "IPMatch",
"negation_condition": False,
"match_values": [
"10.0.1.0/24",
"10.0.0.0/24",
],
}],
},
{
"name": "Rule2",
"enabled": True,
"priority": 50,
"rate_limit_duration_in_minutes": 1,
"rate_limit_threshold": 10,
"type": "MatchRule",
"action": "Block",
"match_conditions": [
{
"match_variable": "RemoteAddr",
"operator": "IPMatch",
"negation_condition": False,
"match_values": ["192.168.1.0/24"],
},
{
"match_variable": "RequestHeader",
"selector": "UserAgent",
"operator": "Contains",
"negation_condition": False,
"match_values": ["windows"],
"transforms": [
"Lowercase",
"Trim",
],
},
],
},
{
"name": "CustomJSChallenge",
"enabled": True,
"priority": 100,
"rate_limit_duration_in_minutes": 1,
"rate_limit_threshold": 10,
"type": "MatchRule",
"action": "JSChallenge",
"match_conditions": [{
"match_variable": "RemoteAddr",
"operator": "IPMatch",
"negation_condition": False,
"match_values": ["192.168.1.0/24"],
}],
},
],
managed_rules=[
{
"type": "DefaultRuleSet",
"version": "1.0",
"action": "Log",
"exclusions": [{
"match_variable": "QueryStringArgNames",
"operator": "Equals",
"selector": "not_suspicious",
}],
"overrides": [
{
"rule_group_name": "PHP",
"rules": [{
"rule_id": "933100",
"enabled": False,
"action": "Block",
}],
},
{
"rule_group_name": "SQLI",
"exclusions": [{
"match_variable": "QueryStringArgNames",
"operator": "Equals",
"selector": "really_not_suspicious",
}],
"rules": [{
"rule_id": "942200",
"action": "Block",
"exclusions": [{
"match_variable": "QueryStringArgNames",
"operator": "Equals",
"selector": "innocent",
}],
}],
},
],
},
{
"type": "Microsoft_BotManagerRuleSet",
"version": "1.1",
"action": "Log",
"overrides": [{
"rule_group_name": "BadBots",
"rules": [{
"action": "JSChallenge",
"enabled": True,
"rule_id": "Bot100200",
}],
}],
},
])
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/cdn"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-cdn-frontdoor"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleFrontdoorProfile, err := cdn.NewFrontdoorProfile(ctx, "example", &cdn.FrontdoorProfileArgs{
Name: pulumi.String("example-profile"),
ResourceGroupName: example.Name,
SkuName: pulumi.String("Premium_AzureFrontDoor"),
})
if err != nil {
return err
}
_, err = cdn.NewFrontdoorFirewallPolicy(ctx, "example", &cdn.FrontdoorFirewallPolicyArgs{
Name: pulumi.String("examplecdnfdwafpolicy"),
ResourceGroupName: example.Name,
SkuName: exampleFrontdoorProfile.SkuName,
Enabled: pulumi.Bool(true),
Mode: pulumi.String("Prevention"),
RedirectUrl: pulumi.String("https://www.contoso.com"),
CustomBlockResponseStatusCode: pulumi.Int(403),
CustomBlockResponseBody: pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
JsChallengeCookieExpirationInMinutes: pulumi.Int(45),
LogScrubbing: &cdn.FrontdoorFirewallPolicyLogScrubbingArgs{
Enabled: pulumi.Bool(true),
ScrubbingRules: cdn.FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArray{
&cdn.FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs{
Enabled: pulumi.Bool(true),
MatchVariable: pulumi.String("RequestCookieNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("ChocolateChip"),
},
},
},
CustomRules: cdn.FrontdoorFirewallPolicyCustomRuleArray{
&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
Name: pulumi.String("Rule1"),
Enabled: pulumi.Bool(true),
Priority: pulumi.Int(1),
RateLimitDurationInMinutes: pulumi.Int(1),
RateLimitThreshold: pulumi.Int(10),
Type: pulumi.String("MatchRule"),
Action: pulumi.String("Block"),
MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RemoteAddr"),
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("10.0.1.0/24"),
pulumi.String("10.0.0.0/24"),
},
},
},
},
&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
Name: pulumi.String("Rule2"),
Enabled: pulumi.Bool(true),
Priority: pulumi.Int(50),
RateLimitDurationInMinutes: pulumi.Int(1),
RateLimitThreshold: pulumi.Int(10),
Type: pulumi.String("MatchRule"),
Action: pulumi.String("Block"),
MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RemoteAddr"),
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
},
},
&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RequestHeader"),
Selector: pulumi.String("UserAgent"),
Operator: pulumi.String("Contains"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("windows"),
},
Transforms: pulumi.StringArray{
pulumi.String("Lowercase"),
pulumi.String("Trim"),
},
},
},
},
&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
Name: pulumi.String("CustomJSChallenge"),
Enabled: pulumi.Bool(true),
Priority: pulumi.Int(100),
RateLimitDurationInMinutes: pulumi.Int(1),
RateLimitThreshold: pulumi.Int(10),
Type: pulumi.String("MatchRule"),
Action: pulumi.String("JSChallenge"),
MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RemoteAddr"),
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
},
},
},
},
},
ManagedRules: cdn.FrontdoorFirewallPolicyManagedRuleArray{
&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
Type: pulumi.String("DefaultRuleSet"),
Version: pulumi.String("1.0"),
Action: pulumi.String("Log"),
Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleExclusionArray{
&cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs{
MatchVariable: pulumi.String("QueryStringArgNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("not_suspicious"),
},
},
Overrides: cdn.FrontdoorFirewallPolicyManagedRuleOverrideArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
RuleGroupName: pulumi.String("PHP"),
Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
RuleId: pulumi.String("933100"),
Enabled: pulumi.Bool(false),
Action: pulumi.String("Block"),
},
},
},
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
RuleGroupName: pulumi.String("SQLI"),
Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs{
MatchVariable: pulumi.String("QueryStringArgNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("really_not_suspicious"),
},
},
Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
RuleId: pulumi.String("942200"),
Action: pulumi.String("Block"),
Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs{
MatchVariable: pulumi.String("QueryStringArgNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("innocent"),
},
},
},
},
},
},
},
&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
Type: pulumi.String("Microsoft_BotManagerRuleSet"),
Version: pulumi.String("1.1"),
Action: pulumi.String("Log"),
Overrides: cdn.FrontdoorFirewallPolicyManagedRuleOverrideArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
RuleGroupName: pulumi.String("BadBots"),
Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
Action: pulumi.String("JSChallenge"),
Enabled: pulumi.Bool(true),
RuleId: pulumi.String("Bot100200"),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-cdn-frontdoor",
Location = "West Europe",
});
var exampleFrontdoorProfile = new Azure.Cdn.FrontdoorProfile("example", new()
{
Name = "example-profile",
ResourceGroupName = example.Name,
SkuName = "Premium_AzureFrontDoor",
});
var exampleFrontdoorFirewallPolicy = new Azure.Cdn.FrontdoorFirewallPolicy("example", new()
{
Name = "examplecdnfdwafpolicy",
ResourceGroupName = example.Name,
SkuName = exampleFrontdoorProfile.SkuName,
Enabled = true,
Mode = "Prevention",
RedirectUrl = "https://www.contoso.com",
CustomBlockResponseStatusCode = 403,
CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
JsChallengeCookieExpirationInMinutes = 45,
LogScrubbing = new Azure.Cdn.Inputs.FrontdoorFirewallPolicyLogScrubbingArgs
{
Enabled = true,
ScrubbingRules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs
{
Enabled = true,
MatchVariable = "RequestCookieNames",
Operator = "Equals",
Selector = "ChocolateChip",
},
},
},
CustomRules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
{
Name = "Rule1",
Enabled = true,
Priority = 1,
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 10,
Type = "MatchRule",
Action = "Block",
MatchConditions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RemoteAddr",
Operator = "IPMatch",
NegationCondition = false,
MatchValues = new[]
{
"10.0.1.0/24",
"10.0.0.0/24",
},
},
},
},
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
{
Name = "Rule2",
Enabled = true,
Priority = 50,
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 10,
Type = "MatchRule",
Action = "Block",
MatchConditions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RemoteAddr",
Operator = "IPMatch",
NegationCondition = false,
MatchValues = new[]
{
"192.168.1.0/24",
},
},
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RequestHeader",
Selector = "UserAgent",
Operator = "Contains",
NegationCondition = false,
MatchValues = new[]
{
"windows",
},
Transforms = new[]
{
"Lowercase",
"Trim",
},
},
},
},
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
{
Name = "CustomJSChallenge",
Enabled = true,
Priority = 100,
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 10,
Type = "MatchRule",
Action = "JSChallenge",
MatchConditions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RemoteAddr",
Operator = "IPMatch",
NegationCondition = false,
MatchValues = new[]
{
"192.168.1.0/24",
},
},
},
},
},
ManagedRules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
{
Type = "DefaultRuleSet",
Version = "1.0",
Action = "Log",
Exclusions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleExclusionArgs
{
MatchVariable = "QueryStringArgNames",
Operator = "Equals",
Selector = "not_suspicious",
},
},
Overrides = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
{
RuleGroupName = "PHP",
Rules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
{
RuleId = "933100",
Enabled = false,
Action = "Block",
},
},
},
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
{
RuleGroupName = "SQLI",
Exclusions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs
{
MatchVariable = "QueryStringArgNames",
Operator = "Equals",
Selector = "really_not_suspicious",
},
},
Rules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
{
RuleId = "942200",
Action = "Block",
Exclusions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs
{
MatchVariable = "QueryStringArgNames",
Operator = "Equals",
Selector = "innocent",
},
},
},
},
},
},
},
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
{
Type = "Microsoft_BotManagerRuleSet",
Version = "1.1",
Action = "Log",
Overrides = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
{
RuleGroupName = "BadBots",
Rules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
{
Action = "JSChallenge",
Enabled = true,
RuleId = "Bot100200",
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.cdn.FrontdoorProfile;
import com.pulumi.azure.cdn.FrontdoorProfileArgs;
import com.pulumi.azure.cdn.FrontdoorFirewallPolicy;
import com.pulumi.azure.cdn.FrontdoorFirewallPolicyArgs;
import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyLogScrubbingArgs;
import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyCustomRuleArgs;
import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyManagedRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-cdn-frontdoor")
.location("West Europe")
.build());
var exampleFrontdoorProfile = new FrontdoorProfile("exampleFrontdoorProfile", FrontdoorProfileArgs.builder()
.name("example-profile")
.resourceGroupName(example.name())
.skuName("Premium_AzureFrontDoor")
.build());
var exampleFrontdoorFirewallPolicy = new FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy", FrontdoorFirewallPolicyArgs.builder()
.name("examplecdnfdwafpolicy")
.resourceGroupName(example.name())
.skuName(exampleFrontdoorProfile.skuName())
.enabled(true)
.mode("Prevention")
.redirectUrl("https://www.contoso.com")
.customBlockResponseStatusCode(403)
.customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
.jsChallengeCookieExpirationInMinutes(45)
.logScrubbing(FrontdoorFirewallPolicyLogScrubbingArgs.builder()
.enabled(true)
.scrubbingRules(FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs.builder()
.enabled(true)
.matchVariable("RequestCookieNames")
.operator("Equals")
.selector("ChocolateChip")
.build())
.build())
.customRules(
FrontdoorFirewallPolicyCustomRuleArgs.builder()
.name("Rule1")
.enabled(true)
.priority(1)
.rateLimitDurationInMinutes(1)
.rateLimitThreshold(10)
.type("MatchRule")
.action("Block")
.matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RemoteAddr")
.operator("IPMatch")
.negationCondition(false)
.matchValues(
"10.0.1.0/24",
"10.0.0.0/24")
.build())
.build(),
FrontdoorFirewallPolicyCustomRuleArgs.builder()
.name("Rule2")
.enabled(true)
.priority(50)
.rateLimitDurationInMinutes(1)
.rateLimitThreshold(10)
.type("MatchRule")
.action("Block")
.matchConditions(
FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RemoteAddr")
.operator("IPMatch")
.negationCondition(false)
.matchValues("192.168.1.0/24")
.build(),
FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RequestHeader")
.selector("UserAgent")
.operator("Contains")
.negationCondition(false)
.matchValues("windows")
.transforms(
"Lowercase",
"Trim")
.build())
.build(),
FrontdoorFirewallPolicyCustomRuleArgs.builder()
.name("CustomJSChallenge")
.enabled(true)
.priority(100)
.rateLimitDurationInMinutes(1)
.rateLimitThreshold(10)
.type("MatchRule")
.action("JSChallenge")
.matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RemoteAddr")
.operator("IPMatch")
.negationCondition(false)
.matchValues("192.168.1.0/24")
.build())
.build())
.managedRules(
FrontdoorFirewallPolicyManagedRuleArgs.builder()
.type("DefaultRuleSet")
.version("1.0")
.action("Log")
.exclusions(FrontdoorFirewallPolicyManagedRuleExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("not_suspicious")
.build())
.overrides(
FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("PHP")
.rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
.ruleId("933100")
.enabled(false)
.action("Block")
.build())
.build(),
FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("SQLI")
.exclusions(FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("really_not_suspicious")
.build())
.rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
.ruleId("942200")
.action("Block")
.exclusions(FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("innocent")
.build())
.build())
.build())
.build(),
FrontdoorFirewallPolicyManagedRuleArgs.builder()
.type("Microsoft_BotManagerRuleSet")
.version("1.1")
.action("Log")
.overrides(FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("BadBots")
.rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
.action("JSChallenge")
.enabled(true)
.ruleId("Bot100200")
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-cdn-frontdoor
location: West Europe
exampleFrontdoorProfile:
type: azure:cdn:FrontdoorProfile
name: example
properties:
name: example-profile
resourceGroupName: ${example.name}
skuName: Premium_AzureFrontDoor
exampleFrontdoorFirewallPolicy:
type: azure:cdn:FrontdoorFirewallPolicy
name: example
properties:
name: examplecdnfdwafpolicy
resourceGroupName: ${example.name}
skuName: ${exampleFrontdoorProfile.skuName}
enabled: true
mode: Prevention
redirectUrl: https://www.contoso.com
customBlockResponseStatusCode: 403
customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
jsChallengeCookieExpirationInMinutes: 45
logScrubbing:
enabled: true
scrubbingRules:
- enabled: true
matchVariable: RequestCookieNames
operator: Equals
selector: ChocolateChip
customRules:
- name: Rule1
enabled: true
priority: 1
rateLimitDurationInMinutes: 1
rateLimitThreshold: 10
type: MatchRule
action: Block
matchConditions:
- matchVariable: RemoteAddr
operator: IPMatch
negationCondition: false
matchValues:
- 10.0.1.0/24
- 10.0.0.0/24
- name: Rule2
enabled: true
priority: 50
rateLimitDurationInMinutes: 1
rateLimitThreshold: 10
type: MatchRule
action: Block
matchConditions:
- matchVariable: RemoteAddr
operator: IPMatch
negationCondition: false
matchValues:
- 192.168.1.0/24
- matchVariable: RequestHeader
selector: UserAgent
operator: Contains
negationCondition: false
matchValues:
- windows
transforms:
- Lowercase
- Trim
- name: CustomJSChallenge
enabled: true
priority: 100
rateLimitDurationInMinutes: 1
rateLimitThreshold: 10
type: MatchRule
action: JSChallenge
matchConditions:
- matchVariable: RemoteAddr
operator: IPMatch
negationCondition: false
matchValues:
- 192.168.1.0/24
managedRules:
- type: DefaultRuleSet
version: '1.0'
action: Log
exclusions:
- matchVariable: QueryStringArgNames
operator: Equals
selector: not_suspicious
overrides:
- ruleGroupName: PHP
rules:
- ruleId: '933100'
enabled: false
action: Block
- ruleGroupName: SQLI
exclusions:
- matchVariable: QueryStringArgNames
operator: Equals
selector: really_not_suspicious
rules:
- ruleId: '942200'
action: Block
exclusions:
- matchVariable: QueryStringArgNames
operator: Equals
selector: innocent
- type: Microsoft_BotManagerRuleSet
version: '1.1'
action: Log
overrides:
- ruleGroupName: BadBots
rules:
- action: JSChallenge
enabled: true
ruleId: Bot100200
scrubbing_rule Examples:
The following table shows examples of scrubbing_rule’s that can be used to protect sensitive data:
| Match Variable | Operator | Selector | What Gets Scrubbed |
|---|---|---|---|
RequestHeaderNames | Equals | keyToBlock | {“matchVariableName”:“HeaderValue:keyToBlock”,“matchVariableValue”:"****"} |
RequestCookieNames | Equals | cookieToBlock | {“matchVariableName”:“CookieValue:cookieToBlock”,“matchVariableValue”:"****"} |
RequestBodyPostArgNames | Equals | var | {“matchVariableName”:“PostParamValue:var”,“matchVariableValue”:"****"} |
RequestBodyJsonArgNames | Equals | JsonValue | {“matchVariableName”:“JsonValue:key”,“matchVariableValue”:"****"} |
QueryStringArgNames | Equals | foo | {“matchVariableName”:“QueryParamValue:foo”,“matchVariableValue”:"****"} |
RequestIPAddress | Equals Any | Not Supported | {“matchVariableName”:“ClientIP”,“matchVariableValue”:"****"} |
RequestUri | Equals Any | Not Supported | {“matchVariableName”:“URI”,“matchVariableValue”:"****"} |
Create FrontdoorFirewallPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FrontdoorFirewallPolicy(name: string, args: FrontdoorFirewallPolicyArgs, opts?: CustomResourceOptions);@overload
def FrontdoorFirewallPolicy(resource_name: str,
args: FrontdoorFirewallPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FrontdoorFirewallPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
mode: Optional[str] = None,
sku_name: Optional[str] = None,
resource_group_name: Optional[str] = None,
managed_rules: Optional[Sequence[FrontdoorFirewallPolicyManagedRuleArgs]] = None,
js_challenge_cookie_expiration_in_minutes: Optional[int] = None,
log_scrubbing: Optional[FrontdoorFirewallPolicyLogScrubbingArgs] = None,
custom_block_response_body: Optional[str] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
redirect_url: Optional[str] = None,
request_body_check_enabled: Optional[bool] = None,
custom_rules: Optional[Sequence[FrontdoorFirewallPolicyCustomRuleArgs]] = None,
custom_block_response_status_code: Optional[int] = None,
tags: Optional[Mapping[str, str]] = None)func NewFrontdoorFirewallPolicy(ctx *Context, name string, args FrontdoorFirewallPolicyArgs, opts ...ResourceOption) (*FrontdoorFirewallPolicy, error)public FrontdoorFirewallPolicy(string name, FrontdoorFirewallPolicyArgs args, CustomResourceOptions? opts = null)
public FrontdoorFirewallPolicy(String name, FrontdoorFirewallPolicyArgs args)
public FrontdoorFirewallPolicy(String name, FrontdoorFirewallPolicyArgs args, CustomResourceOptions options)
type: azure:cdn:FrontdoorFirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FrontdoorFirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FrontdoorFirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FrontdoorFirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FrontdoorFirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FrontdoorFirewallPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var frontdoorFirewallPolicyResource = new Azure.Cdn.FrontdoorFirewallPolicy("frontdoorFirewallPolicyResource", new()
{
Mode = "string",
SkuName = "string",
ResourceGroupName = "string",
ManagedRules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
{
Action = "string",
Type = "string",
Version = "string",
Exclusions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleExclusionArgs
{
MatchVariable = "string",
Operator = "string",
Selector = "string",
},
},
Overrides = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
{
RuleGroupName = "string",
Exclusions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs
{
MatchVariable = "string",
Operator = "string",
Selector = "string",
},
},
Rules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
{
Action = "string",
RuleId = "string",
Enabled = false,
Exclusions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs
{
MatchVariable = "string",
Operator = "string",
Selector = "string",
},
},
},
},
},
},
},
},
JsChallengeCookieExpirationInMinutes = 0,
LogScrubbing = new Azure.Cdn.Inputs.FrontdoorFirewallPolicyLogScrubbingArgs
{
ScrubbingRules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs
{
MatchVariable = "string",
Enabled = false,
Operator = "string",
Selector = "string",
},
},
Enabled = false,
},
CustomBlockResponseBody = "string",
Enabled = false,
Name = "string",
RedirectUrl = "string",
RequestBodyCheckEnabled = false,
CustomRules = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
{
Action = "string",
Name = "string",
Type = "string",
Enabled = false,
MatchConditions = new[]
{
new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
{
MatchValues = new[]
{
"string",
},
MatchVariable = "string",
Operator = "string",
NegationCondition = false,
Selector = "string",
Transforms = new[]
{
"string",
},
},
},
Priority = 0,
RateLimitDurationInMinutes = 0,
RateLimitThreshold = 0,
},
},
CustomBlockResponseStatusCode = 0,
Tags =
{
{ "string", "string" },
},
});
example, err := cdn.NewFrontdoorFirewallPolicy(ctx, "frontdoorFirewallPolicyResource", &cdn.FrontdoorFirewallPolicyArgs{
Mode: pulumi.String("string"),
SkuName: pulumi.String("string"),
ResourceGroupName: pulumi.String("string"),
ManagedRules: cdn.FrontdoorFirewallPolicyManagedRuleArray{
&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
Action: pulumi.String("string"),
Type: pulumi.String("string"),
Version: pulumi.String("string"),
Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleExclusionArray{
&cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs{
MatchVariable: pulumi.String("string"),
Operator: pulumi.String("string"),
Selector: pulumi.String("string"),
},
},
Overrides: cdn.FrontdoorFirewallPolicyManagedRuleOverrideArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
RuleGroupName: pulumi.String("string"),
Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs{
MatchVariable: pulumi.String("string"),
Operator: pulumi.String("string"),
Selector: pulumi.String("string"),
},
},
Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
Action: pulumi.String("string"),
RuleId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArray{
&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs{
MatchVariable: pulumi.String("string"),
Operator: pulumi.String("string"),
Selector: pulumi.String("string"),
},
},
},
},
},
},
},
},
JsChallengeCookieExpirationInMinutes: pulumi.Int(0),
LogScrubbing: &cdn.FrontdoorFirewallPolicyLogScrubbingArgs{
ScrubbingRules: cdn.FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArray{
&cdn.FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs{
MatchVariable: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Operator: pulumi.String("string"),
Selector: pulumi.String("string"),
},
},
Enabled: pulumi.Bool(false),
},
CustomBlockResponseBody: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Name: pulumi.String("string"),
RedirectUrl: pulumi.String("string"),
RequestBodyCheckEnabled: pulumi.Bool(false),
CustomRules: cdn.FrontdoorFirewallPolicyCustomRuleArray{
&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
Action: pulumi.String("string"),
Name: pulumi.String("string"),
Type: pulumi.String("string"),
Enabled: pulumi.Bool(false),
MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
MatchValues: pulumi.StringArray{
pulumi.String("string"),
},
MatchVariable: pulumi.String("string"),
Operator: pulumi.String("string"),
NegationCondition: pulumi.Bool(false),
Selector: pulumi.String("string"),
Transforms: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Priority: pulumi.Int(0),
RateLimitDurationInMinutes: pulumi.Int(0),
RateLimitThreshold: pulumi.Int(0),
},
},
CustomBlockResponseStatusCode: pulumi.Int(0),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var frontdoorFirewallPolicyResource = new FrontdoorFirewallPolicy("frontdoorFirewallPolicyResource", FrontdoorFirewallPolicyArgs.builder()
.mode("string")
.skuName("string")
.resourceGroupName("string")
.managedRules(FrontdoorFirewallPolicyManagedRuleArgs.builder()
.action("string")
.type("string")
.version("string")
.exclusions(FrontdoorFirewallPolicyManagedRuleExclusionArgs.builder()
.matchVariable("string")
.operator("string")
.selector("string")
.build())
.overrides(FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("string")
.exclusions(FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs.builder()
.matchVariable("string")
.operator("string")
.selector("string")
.build())
.rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
.action("string")
.ruleId("string")
.enabled(false)
.exclusions(FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
.matchVariable("string")
.operator("string")
.selector("string")
.build())
.build())
.build())
.build())
.jsChallengeCookieExpirationInMinutes(0)
.logScrubbing(FrontdoorFirewallPolicyLogScrubbingArgs.builder()
.scrubbingRules(FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs.builder()
.matchVariable("string")
.enabled(false)
.operator("string")
.selector("string")
.build())
.enabled(false)
.build())
.customBlockResponseBody("string")
.enabled(false)
.name("string")
.redirectUrl("string")
.requestBodyCheckEnabled(false)
.customRules(FrontdoorFirewallPolicyCustomRuleArgs.builder()
.action("string")
.name("string")
.type("string")
.enabled(false)
.matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchValues("string")
.matchVariable("string")
.operator("string")
.negationCondition(false)
.selector("string")
.transforms("string")
.build())
.priority(0)
.rateLimitDurationInMinutes(0)
.rateLimitThreshold(0)
.build())
.customBlockResponseStatusCode(0)
.tags(Map.of("string", "string"))
.build());
frontdoor_firewall_policy_resource = azure.cdn.FrontdoorFirewallPolicy("frontdoorFirewallPolicyResource",
mode="string",
sku_name="string",
resource_group_name="string",
managed_rules=[{
"action": "string",
"type": "string",
"version": "string",
"exclusions": [{
"match_variable": "string",
"operator": "string",
"selector": "string",
}],
"overrides": [{
"rule_group_name": "string",
"exclusions": [{
"match_variable": "string",
"operator": "string",
"selector": "string",
}],
"rules": [{
"action": "string",
"rule_id": "string",
"enabled": False,
"exclusions": [{
"match_variable": "string",
"operator": "string",
"selector": "string",
}],
}],
}],
}],
js_challenge_cookie_expiration_in_minutes=0,
log_scrubbing={
"scrubbing_rules": [{
"match_variable": "string",
"enabled": False,
"operator": "string",
"selector": "string",
}],
"enabled": False,
},
custom_block_response_body="string",
enabled=False,
name="string",
redirect_url="string",
request_body_check_enabled=False,
custom_rules=[{
"action": "string",
"name": "string",
"type": "string",
"enabled": False,
"match_conditions": [{
"match_values": ["string"],
"match_variable": "string",
"operator": "string",
"negation_condition": False,
"selector": "string",
"transforms": ["string"],
}],
"priority": 0,
"rate_limit_duration_in_minutes": 0,
"rate_limit_threshold": 0,
}],
custom_block_response_status_code=0,
tags={
"string": "string",
})
const frontdoorFirewallPolicyResource = new azure.cdn.FrontdoorFirewallPolicy("frontdoorFirewallPolicyResource", {
mode: "string",
skuName: "string",
resourceGroupName: "string",
managedRules: [{
action: "string",
type: "string",
version: "string",
exclusions: [{
matchVariable: "string",
operator: "string",
selector: "string",
}],
overrides: [{
ruleGroupName: "string",
exclusions: [{
matchVariable: "string",
operator: "string",
selector: "string",
}],
rules: [{
action: "string",
ruleId: "string",
enabled: false,
exclusions: [{
matchVariable: "string",
operator: "string",
selector: "string",
}],
}],
}],
}],
jsChallengeCookieExpirationInMinutes: 0,
logScrubbing: {
scrubbingRules: [{
matchVariable: "string",
enabled: false,
operator: "string",
selector: "string",
}],
enabled: false,
},
customBlockResponseBody: "string",
enabled: false,
name: "string",
redirectUrl: "string",
requestBodyCheckEnabled: false,
customRules: [{
action: "string",
name: "string",
type: "string",
enabled: false,
matchConditions: [{
matchValues: ["string"],
matchVariable: "string",
operator: "string",
negationCondition: false,
selector: "string",
transforms: ["string"],
}],
priority: 0,
rateLimitDurationInMinutes: 0,
rateLimitThreshold: 0,
}],
customBlockResponseStatusCode: 0,
tags: {
string: "string",
},
});
type: azure:cdn:FrontdoorFirewallPolicy
properties:
customBlockResponseBody: string
customBlockResponseStatusCode: 0
customRules:
- action: string
enabled: false
matchConditions:
- matchValues:
- string
matchVariable: string
negationCondition: false
operator: string
selector: string
transforms:
- string
name: string
priority: 0
rateLimitDurationInMinutes: 0
rateLimitThreshold: 0
type: string
enabled: false
jsChallengeCookieExpirationInMinutes: 0
logScrubbing:
enabled: false
scrubbingRules:
- enabled: false
matchVariable: string
operator: string
selector: string
managedRules:
- action: string
exclusions:
- matchVariable: string
operator: string
selector: string
overrides:
- exclusions:
- matchVariable: string
operator: string
selector: string
ruleGroupName: string
rules:
- action: string
enabled: false
exclusions:
- matchVariable: string
operator: string
selector: string
ruleId: string
type: string
version: string
mode: string
name: string
redirectUrl: string
requestBodyCheckEnabled: false
resourceGroupName: string
skuName: string
tags:
string: string
FrontdoorFirewallPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FrontdoorFirewallPolicy resource accepts the following input properties:
- Mode string
- The Front Door Firewall Policy mode. Possible values are
Detection,Prevention. - Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Sku
Name string The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoororPremium_AzureFrontDoor. Changing this forces a new resource to be created.Note: The
Standard_AzureFrontDoorFront Door Firewall Policy sku may containcustomrules only. ThePremium_AzureFrontDoorFront Door Firewall Policy sku's may contain bothcustomandmanagedrules.- Custom
Block stringResponse Body - If a
custom_ruleblock's action type isblock, this is the response body. The body must be specified in base64 encoding. - Custom
Block intResponse Status Code - If a
custom_ruleblock's action type isblock, this is the response status code. Possible values are200,403,405,406, or429. - Custom
Rules List<FrontdoorFirewall Policy Custom Rule> - One or more
custom_ruleblocks as defined below. - Enabled bool
- Is the Front Door Firewall Policy enabled? Defaults to
true. - int
Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between
5to1440minutes. Defaults to30minutes.Note: The
js_challenge_cookie_expiration_in_minutesfield can only be set onPremium_AzureFrontDoorsku's. Please see the Product Documentation for more information.!> Note: Setting the
js_challenge_cookie_expiration_in_minutespolicy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- Log
Scrubbing FrontdoorFirewall Policy Log Scrubbing A
log_scrubbingblock as defined below.!> Note: Setting the
log_scrubbingblock is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- Managed
Rules List<FrontdoorFirewall Policy Managed Rule> - One or more
managed_ruleblocks as defined below. - Name string
- The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string - If action type is redirect, this field represents redirect URL for the client.
- Request
Body boolCheck Enabled Should policy managed rules inspect the request body content? Defaults to
true.Note: When run in
Detectionmode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- Dictionary<string, string>
- A mapping of tags to assign to the Front Door Firewall Policy.
- Mode string
- The Front Door Firewall Policy mode. Possible values are
Detection,Prevention. - Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Sku
Name string The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoororPremium_AzureFrontDoor. Changing this forces a new resource to be created.Note: The
Standard_AzureFrontDoorFront Door Firewall Policy sku may containcustomrules only. ThePremium_AzureFrontDoorFront Door Firewall Policy sku's may contain bothcustomandmanagedrules.- Custom
Block stringResponse Body - If a
custom_ruleblock's action type isblock, this is the response body. The body must be specified in base64 encoding. - Custom
Block intResponse Status Code - If a
custom_ruleblock's action type isblock, this is the response status code. Possible values are200,403,405,406, or429. - Custom
Rules []FrontdoorFirewall Policy Custom Rule Args - One or more
custom_ruleblocks as defined below. - Enabled bool
- Is the Front Door Firewall Policy enabled? Defaults to
true. - int
Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between
5to1440minutes. Defaults to30minutes.Note: The
js_challenge_cookie_expiration_in_minutesfield can only be set onPremium_AzureFrontDoorsku's. Please see the Product Documentation for more information.!> Note: Setting the
js_challenge_cookie_expiration_in_minutespolicy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- Log
Scrubbing FrontdoorFirewall Policy Log Scrubbing Args A
log_scrubbingblock as defined below.!> Note: Setting the
log_scrubbingblock is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- Managed
Rules []FrontdoorFirewall Policy Managed Rule Args - One or more
managed_ruleblocks as defined below. - Name string
- The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string - If action type is redirect, this field represents redirect URL for the client.
- Request
Body boolCheck Enabled Should policy managed rules inspect the request body content? Defaults to
true.Note: When run in
Detectionmode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- map[string]string
- A mapping of tags to assign to the Front Door Firewall Policy.
- mode String
- The Front Door Firewall Policy mode. Possible values are
Detection,Prevention. - resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- sku
Name String The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoororPremium_AzureFrontDoor. Changing this forces a new resource to be created.Note: The
Standard_AzureFrontDoorFront Door Firewall Policy sku may containcustomrules only. ThePremium_AzureFrontDoorFront Door Firewall Policy sku's may contain bothcustomandmanagedrules.- custom
Block StringResponse Body - If a
custom_ruleblock's action type isblock, this is the response body. The body must be specified in base64 encoding. - custom
Block IntegerResponse Status Code - If a
custom_ruleblock's action type isblock, this is the response status code. Possible values are200,403,405,406, or429. - custom
Rules List<FrontdoorFirewall Policy Custom Rule> - One or more
custom_ruleblocks as defined below. - enabled Boolean
- Is the Front Door Firewall Policy enabled? Defaults to
true. - Integer
Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between
5to1440minutes. Defaults to30minutes.Note: The
js_challenge_cookie_expiration_in_minutesfield can only be set onPremium_AzureFrontDoorsku's. Please see the Product Documentation for more information.!> Note: Setting the
js_challenge_cookie_expiration_in_minutespolicy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- log
Scrubbing FrontdoorFirewall Policy Log Scrubbing A
log_scrubbingblock as defined below.!> Note: Setting the
log_scrubbingblock is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- managed
Rules List<FrontdoorFirewall Policy Managed Rule> - One or more
managed_ruleblocks as defined below. - name String
- The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String - If action type is redirect, this field represents redirect URL for the client.
- request
Body BooleanCheck Enabled Should policy managed rules inspect the request body content? Defaults to
true.Note: When run in
Detectionmode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- Map<String,String>
- A mapping of tags to assign to the Front Door Firewall Policy.
- mode string
- The Front Door Firewall Policy mode. Possible values are
Detection,Prevention. - resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- sku
Name string The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoororPremium_AzureFrontDoor. Changing this forces a new resource to be created.Note: The
Standard_AzureFrontDoorFront Door Firewall Policy sku may containcustomrules only. ThePremium_AzureFrontDoorFront Door Firewall Policy sku's may contain bothcustomandmanagedrules.- custom
Block stringResponse Body - If a
custom_ruleblock's action type isblock, this is the response body. The body must be specified in base64 encoding. - custom
Block numberResponse Status Code - If a
custom_ruleblock's action type isblock, this is the response status code. Possible values are200,403,405,406, or429. - custom
Rules FrontdoorFirewall Policy Custom Rule[] - One or more
custom_ruleblocks as defined below. - enabled boolean
- Is the Front Door Firewall Policy enabled? Defaults to
true. - number
Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between
5to1440minutes. Defaults to30minutes.Note: The
js_challenge_cookie_expiration_in_minutesfield can only be set onPremium_AzureFrontDoorsku's. Please see the Product Documentation for more information.!> Note: Setting the
js_challenge_cookie_expiration_in_minutespolicy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- log
Scrubbing FrontdoorFirewall Policy Log Scrubbing A
log_scrubbingblock as defined below.!> Note: Setting the
log_scrubbingblock is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- managed
Rules FrontdoorFirewall Policy Managed Rule[] - One or more
managed_ruleblocks as defined below. - name string
- The name of the policy. Changing this forces a new resource to be created.
- redirect
Url string - If action type is redirect, this field represents redirect URL for the client.
- request
Body booleanCheck Enabled Should policy managed rules inspect the request body content? Defaults to
true.Note: When run in
Detectionmode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- {[key: string]: string}
- A mapping of tags to assign to the Front Door Firewall Policy.
- mode str
- The Front Door Firewall Policy mode. Possible values are
Detection,Prevention. - resource_
group_ strname - The name of the resource group. Changing this forces a new resource to be created.
- sku_
name str The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoororPremium_AzureFrontDoor. Changing this forces a new resource to be created.Note: The
Standard_AzureFrontDoorFront Door Firewall Policy sku may containcustomrules only. ThePremium_AzureFrontDoorFront Door Firewall Policy sku's may contain bothcustomandmanagedrules.- custom_
block_ strresponse_ body - If a
custom_ruleblock's action type isblock, this is the response body. The body must be specified in base64 encoding. - custom_
block_ intresponse_ status_ code - If a
custom_ruleblock's action type isblock, this is the response status code. Possible values are200,403,405,406, or429. - custom_
rules Sequence[FrontdoorFirewall Policy Custom Rule Args] - One or more
custom_ruleblocks as defined below. - enabled bool
- Is the Front Door Firewall Policy enabled? Defaults to
true. - int
Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between
5to1440minutes. Defaults to30minutes.Note: The
js_challenge_cookie_expiration_in_minutesfield can only be set onPremium_AzureFrontDoorsku's. Please see the Product Documentation for more information.!> Note: Setting the
js_challenge_cookie_expiration_in_minutespolicy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- log_
scrubbing FrontdoorFirewall Policy Log Scrubbing Args A
log_scrubbingblock as defined below.!> Note: Setting the
log_scrubbingblock is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- managed_
rules Sequence[FrontdoorFirewall Policy Managed Rule Args] - One or more
managed_ruleblocks as defined below. - name str
- The name of the policy. Changing this forces a new resource to be created.
- redirect_
url str - If action type is redirect, this field represents redirect URL for the client.
- request_
body_ boolcheck_ enabled Should policy managed rules inspect the request body content? Defaults to
true.Note: When run in
Detectionmode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- Mapping[str, str]
- A mapping of tags to assign to the Front Door Firewall Policy.
- mode String
- The Front Door Firewall Policy mode. Possible values are
Detection,Prevention. - resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- sku
Name String The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoororPremium_AzureFrontDoor. Changing this forces a new resource to be created.Note: The
Standard_AzureFrontDoorFront Door Firewall Policy sku may containcustomrules only. ThePremium_AzureFrontDoorFront Door Firewall Policy sku's may contain bothcustomandmanagedrules.- custom
Block StringResponse Body - If a
custom_ruleblock's action type isblock, this is the response body. The body must be specified in base64 encoding. - custom
Block NumberResponse Status Code - If a
custom_ruleblock's action type isblock, this is the response status code. Possible values are200,403,405,406, or429. - custom
Rules List<Property Map> - One or more
custom_ruleblocks as defined below. - enabled Boolean
- Is the Front Door Firewall Policy enabled? Defaults to
true. - Number
Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between
5to1440minutes. Defaults to30minutes.Note: The
js_challenge_cookie_expiration_in_minutesfield can only be set onPremium_AzureFrontDoorsku's. Please see the Product Documentation for more information.!> Note: Setting the
js_challenge_cookie_expiration_in_minutespolicy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- log
Scrubbing Property Map A
log_scrubbingblock as defined below.!> Note: Setting the
log_scrubbingblock is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- managed
Rules List<Property Map> - One or more
managed_ruleblocks as defined below. - name String
- The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String - If action type is redirect, this field represents redirect URL for the client.
- request
Body BooleanCheck Enabled Should policy managed rules inspect the request body content? Defaults to
true.Note: When run in
Detectionmode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- Map<String>
- A mapping of tags to assign to the Front Door Firewall Policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the FrontdoorFirewallPolicy resource produces the following output properties:
- Frontend
Endpoint List<string>Ids - The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Frontend
Endpoint []stringIds - The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- frontend
Endpoint List<String>Ids - The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- id String
- The provider-assigned unique ID for this managed resource.
- frontend
Endpoint string[]Ids - The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- id string
- The provider-assigned unique ID for this managed resource.
- frontend_
endpoint_ Sequence[str]ids - The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- id str
- The provider-assigned unique ID for this managed resource.
- frontend
Endpoint List<String>Ids - The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing FrontdoorFirewallPolicy Resource
Get an existing FrontdoorFirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FrontdoorFirewallPolicyState, opts?: CustomResourceOptions): FrontdoorFirewallPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
custom_block_response_body: Optional[str] = None,
custom_block_response_status_code: Optional[int] = None,
custom_rules: Optional[Sequence[FrontdoorFirewallPolicyCustomRuleArgs]] = None,
enabled: Optional[bool] = None,
frontend_endpoint_ids: Optional[Sequence[str]] = None,
js_challenge_cookie_expiration_in_minutes: Optional[int] = None,
log_scrubbing: Optional[FrontdoorFirewallPolicyLogScrubbingArgs] = None,
managed_rules: Optional[Sequence[FrontdoorFirewallPolicyManagedRuleArgs]] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
redirect_url: Optional[str] = None,
request_body_check_enabled: Optional[bool] = None,
resource_group_name: Optional[str] = None,
sku_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None) -> FrontdoorFirewallPolicyfunc GetFrontdoorFirewallPolicy(ctx *Context, name string, id IDInput, state *FrontdoorFirewallPolicyState, opts ...ResourceOption) (*FrontdoorFirewallPolicy, error)public static FrontdoorFirewallPolicy Get(string name, Input<string> id, FrontdoorFirewallPolicyState? state, CustomResourceOptions? opts = null)public static FrontdoorFirewallPolicy get(String name, Output<String> id, FrontdoorFirewallPolicyState state, CustomResourceOptions options)resources: _: type: azure:cdn:FrontdoorFirewallPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Custom
Block stringResponse Body - If a
custom_ruleblock's action type isblock, this is the response body. The body must be specified in base64 encoding. - Custom
Block intResponse Status Code - If a
custom_ruleblock's action type isblock, this is the response status code. Possible values are200,403,405,406, or429. - Custom
Rules List<FrontdoorFirewall Policy Custom Rule> - One or more
custom_ruleblocks as defined below. - Enabled bool
- Is the Front Door Firewall Policy enabled? Defaults to
true. - Frontend
Endpoint List<string>Ids - The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- int
Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between
5to1440minutes. Defaults to30minutes.Note: The
js_challenge_cookie_expiration_in_minutesfield can only be set onPremium_AzureFrontDoorsku's. Please see the Product Documentation for more information.!> Note: Setting the
js_challenge_cookie_expiration_in_minutespolicy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- Log
Scrubbing FrontdoorFirewall Policy Log Scrubbing A
log_scrubbingblock as defined below.!> Note: Setting the
log_scrubbingblock is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- Managed
Rules List<FrontdoorFirewall Policy Managed Rule> - One or more
managed_ruleblocks as defined below. - Mode string
- The Front Door Firewall Policy mode. Possible values are
Detection,Prevention. - Name string
- The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string - If action type is redirect, this field represents redirect URL for the client.
- Request
Body boolCheck Enabled Should policy managed rules inspect the request body content? Defaults to
true.Note: When run in
Detectionmode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Sku
Name string The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoororPremium_AzureFrontDoor. Changing this forces a new resource to be created.Note: The
Standard_AzureFrontDoorFront Door Firewall Policy sku may containcustomrules only. ThePremium_AzureFrontDoorFront Door Firewall Policy sku's may contain bothcustomandmanagedrules.- Dictionary<string, string>
- A mapping of tags to assign to the Front Door Firewall Policy.
- Custom
Block stringResponse Body - If a
custom_ruleblock's action type isblock, this is the response body. The body must be specified in base64 encoding. - Custom
Block intResponse Status Code - If a
custom_ruleblock's action type isblock, this is the response status code. Possible values are200,403,405,406, or429. - Custom
Rules []FrontdoorFirewall Policy Custom Rule Args - One or more
custom_ruleblocks as defined below. - Enabled bool
- Is the Front Door Firewall Policy enabled? Defaults to
true. - Frontend
Endpoint []stringIds - The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- int
Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between
5to1440minutes. Defaults to30minutes.Note: The
js_challenge_cookie_expiration_in_minutesfield can only be set onPremium_AzureFrontDoorsku's. Please see the Product Documentation for more information.!> Note: Setting the
js_challenge_cookie_expiration_in_minutespolicy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- Log
Scrubbing FrontdoorFirewall Policy Log Scrubbing Args A
log_scrubbingblock as defined below.!> Note: Setting the
log_scrubbingblock is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- Managed
Rules []FrontdoorFirewall Policy Managed Rule Args - One or more
managed_ruleblocks as defined below. - Mode string
- The Front Door Firewall Policy mode. Possible values are
Detection,Prevention. - Name string
- The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string - If action type is redirect, this field represents redirect URL for the client.
- Request
Body boolCheck Enabled Should policy managed rules inspect the request body content? Defaults to
true.Note: When run in
Detectionmode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Sku
Name string The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoororPremium_AzureFrontDoor. Changing this forces a new resource to be created.Note: The
Standard_AzureFrontDoorFront Door Firewall Policy sku may containcustomrules only. ThePremium_AzureFrontDoorFront Door Firewall Policy sku's may contain bothcustomandmanagedrules.- map[string]string
- A mapping of tags to assign to the Front Door Firewall Policy.
- custom
Block StringResponse Body - If a
custom_ruleblock's action type isblock, this is the response body. The body must be specified in base64 encoding. - custom
Block IntegerResponse Status Code - If a
custom_ruleblock's action type isblock, this is the response status code. Possible values are200,403,405,406, or429. - custom
Rules List<FrontdoorFirewall Policy Custom Rule> - One or more
custom_ruleblocks as defined below. - enabled Boolean
- Is the Front Door Firewall Policy enabled? Defaults to
true. - frontend
Endpoint List<String>Ids - The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- Integer
Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between
5to1440minutes. Defaults to30minutes.Note: The
js_challenge_cookie_expiration_in_minutesfield can only be set onPremium_AzureFrontDoorsku's. Please see the Product Documentation for more information.!> Note: Setting the
js_challenge_cookie_expiration_in_minutespolicy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- log
Scrubbing FrontdoorFirewall Policy Log Scrubbing A
log_scrubbingblock as defined below.!> Note: Setting the
log_scrubbingblock is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- managed
Rules List<FrontdoorFirewall Policy Managed Rule> - One or more
managed_ruleblocks as defined below. - mode String
- The Front Door Firewall Policy mode. Possible values are
Detection,Prevention. - name String
- The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String - If action type is redirect, this field represents redirect URL for the client.
- request
Body BooleanCheck Enabled Should policy managed rules inspect the request body content? Defaults to
true.Note: When run in
Detectionmode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- sku
Name String The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoororPremium_AzureFrontDoor. Changing this forces a new resource to be created.Note: The
Standard_AzureFrontDoorFront Door Firewall Policy sku may containcustomrules only. ThePremium_AzureFrontDoorFront Door Firewall Policy sku's may contain bothcustomandmanagedrules.- Map<String,String>
- A mapping of tags to assign to the Front Door Firewall Policy.
- custom
Block stringResponse Body - If a
custom_ruleblock's action type isblock, this is the response body. The body must be specified in base64 encoding. - custom
Block numberResponse Status Code - If a
custom_ruleblock's action type isblock, this is the response status code. Possible values are200,403,405,406, or429. - custom
Rules FrontdoorFirewall Policy Custom Rule[] - One or more
custom_ruleblocks as defined below. - enabled boolean
- Is the Front Door Firewall Policy enabled? Defaults to
true. - frontend
Endpoint string[]Ids - The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- number
Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between
5to1440minutes. Defaults to30minutes.Note: The
js_challenge_cookie_expiration_in_minutesfield can only be set onPremium_AzureFrontDoorsku's. Please see the Product Documentation for more information.!> Note: Setting the
js_challenge_cookie_expiration_in_minutespolicy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- log
Scrubbing FrontdoorFirewall Policy Log Scrubbing A
log_scrubbingblock as defined below.!> Note: Setting the
log_scrubbingblock is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- managed
Rules FrontdoorFirewall Policy Managed Rule[] - One or more
managed_ruleblocks as defined below. - mode string
- The Front Door Firewall Policy mode. Possible values are
Detection,Prevention. - name string
- The name of the policy. Changing this forces a new resource to be created.
- redirect
Url string - If action type is redirect, this field represents redirect URL for the client.
- request
Body booleanCheck Enabled Should policy managed rules inspect the request body content? Defaults to
true.Note: When run in
Detectionmode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- sku
Name string The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoororPremium_AzureFrontDoor. Changing this forces a new resource to be created.Note: The
Standard_AzureFrontDoorFront Door Firewall Policy sku may containcustomrules only. ThePremium_AzureFrontDoorFront Door Firewall Policy sku's may contain bothcustomandmanagedrules.- {[key: string]: string}
- A mapping of tags to assign to the Front Door Firewall Policy.
- custom_
block_ strresponse_ body - If a
custom_ruleblock's action type isblock, this is the response body. The body must be specified in base64 encoding. - custom_
block_ intresponse_ status_ code - If a
custom_ruleblock's action type isblock, this is the response status code. Possible values are200,403,405,406, or429. - custom_
rules Sequence[FrontdoorFirewall Policy Custom Rule Args] - One or more
custom_ruleblocks as defined below. - enabled bool
- Is the Front Door Firewall Policy enabled? Defaults to
true. - frontend_
endpoint_ Sequence[str]ids - The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- int
Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between
5to1440minutes. Defaults to30minutes.Note: The
js_challenge_cookie_expiration_in_minutesfield can only be set onPremium_AzureFrontDoorsku's. Please see the Product Documentation for more information.!> Note: Setting the
js_challenge_cookie_expiration_in_minutespolicy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- log_
scrubbing FrontdoorFirewall Policy Log Scrubbing Args A
log_scrubbingblock as defined below.!> Note: Setting the
log_scrubbingblock is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- managed_
rules Sequence[FrontdoorFirewall Policy Managed Rule Args] - One or more
managed_ruleblocks as defined below. - mode str
- The Front Door Firewall Policy mode. Possible values are
Detection,Prevention. - name str
- The name of the policy. Changing this forces a new resource to be created.
- redirect_
url str - If action type is redirect, this field represents redirect URL for the client.
- request_
body_ boolcheck_ enabled Should policy managed rules inspect the request body content? Defaults to
true.Note: When run in
Detectionmode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- resource_
group_ strname - The name of the resource group. Changing this forces a new resource to be created.
- sku_
name str The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoororPremium_AzureFrontDoor. Changing this forces a new resource to be created.Note: The
Standard_AzureFrontDoorFront Door Firewall Policy sku may containcustomrules only. ThePremium_AzureFrontDoorFront Door Firewall Policy sku's may contain bothcustomandmanagedrules.- Mapping[str, str]
- A mapping of tags to assign to the Front Door Firewall Policy.
- custom
Block StringResponse Body - If a
custom_ruleblock's action type isblock, this is the response body. The body must be specified in base64 encoding. - custom
Block NumberResponse Status Code - If a
custom_ruleblock's action type isblock, this is the response status code. Possible values are200,403,405,406, or429. - custom
Rules List<Property Map> - One or more
custom_ruleblocks as defined below. - enabled Boolean
- Is the Front Door Firewall Policy enabled? Defaults to
true. - frontend
Endpoint List<String>Ids - The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
- Number
Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between
5to1440minutes. Defaults to30minutes.Note: The
js_challenge_cookie_expiration_in_minutesfield can only be set onPremium_AzureFrontDoorsku's. Please see the Product Documentation for more information.!> Note: Setting the
js_challenge_cookie_expiration_in_minutespolicy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- log
Scrubbing Property Map A
log_scrubbingblock as defined below.!> Note: Setting the
log_scrubbingblock is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- managed
Rules List<Property Map> - One or more
managed_ruleblocks as defined below. - mode String
- The Front Door Firewall Policy mode. Possible values are
Detection,Prevention. - name String
- The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String - If action type is redirect, this field represents redirect URL for the client.
- request
Body BooleanCheck Enabled Should policy managed rules inspect the request body content? Defaults to
true.Note: When run in
Detectionmode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.- resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- sku
Name String The sku's pricing tier for this Front Door Firewall Policy. Possible values include
Standard_AzureFrontDoororPremium_AzureFrontDoor. Changing this forces a new resource to be created.Note: The
Standard_AzureFrontDoorFront Door Firewall Policy sku may containcustomrules only. ThePremium_AzureFrontDoorFront Door Firewall Policy sku's may contain bothcustomandmanagedrules.- Map<String>
- A mapping of tags to assign to the Front Door Firewall Policy.
Supporting Types
FrontdoorFirewallPolicyCustomRule, FrontdoorFirewallPolicyCustomRuleArgs
- Action string
The action to perform when the rule is matched. Possible values are
Allow,Block,Log,Redirect, orJSChallenge.!> Note: Setting the
actionfield toJSChallengeis currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- Name string
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- Type string
- The type of rule. Possible values are
MatchRuleorRateLimitRule. - Enabled bool
- Is the rule is enabled or disabled? Defaults to
true. - Match
Conditions List<FrontdoorFirewall Policy Custom Rule Match Condition> - One or more
match_conditionblock defined below. Can support up to10match_conditionblocks. - Priority int
- The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1. - Rate
Limit intDuration In Minutes - The rate limit duration in minutes. Defaults to
1. - Rate
Limit intThreshold - The rate limit threshold. Defaults to
10.
- Action string
The action to perform when the rule is matched. Possible values are
Allow,Block,Log,Redirect, orJSChallenge.!> Note: Setting the
actionfield toJSChallengeis currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- Name string
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- Type string
- The type of rule. Possible values are
MatchRuleorRateLimitRule. - Enabled bool
- Is the rule is enabled or disabled? Defaults to
true. - Match
Conditions []FrontdoorFirewall Policy Custom Rule Match Condition - One or more
match_conditionblock defined below. Can support up to10match_conditionblocks. - Priority int
- The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1. - Rate
Limit intDuration In Minutes - The rate limit duration in minutes. Defaults to
1. - Rate
Limit intThreshold - The rate limit threshold. Defaults to
10.
- action String
The action to perform when the rule is matched. Possible values are
Allow,Block,Log,Redirect, orJSChallenge.!> Note: Setting the
actionfield toJSChallengeis currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- name String
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type String
- The type of rule. Possible values are
MatchRuleorRateLimitRule. - enabled Boolean
- Is the rule is enabled or disabled? Defaults to
true. - match
Conditions List<FrontdoorFirewall Policy Custom Rule Match Condition> - One or more
match_conditionblock defined below. Can support up to10match_conditionblocks. - priority Integer
- The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1. - rate
Limit IntegerDuration In Minutes - The rate limit duration in minutes. Defaults to
1. - rate
Limit IntegerThreshold - The rate limit threshold. Defaults to
10.
- action string
The action to perform when the rule is matched. Possible values are
Allow,Block,Log,Redirect, orJSChallenge.!> Note: Setting the
actionfield toJSChallengeis currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- name string
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type string
- The type of rule. Possible values are
MatchRuleorRateLimitRule. - enabled boolean
- Is the rule is enabled or disabled? Defaults to
true. - match
Conditions FrontdoorFirewall Policy Custom Rule Match Condition[] - One or more
match_conditionblock defined below. Can support up to10match_conditionblocks. - priority number
- The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1. - rate
Limit numberDuration In Minutes - The rate limit duration in minutes. Defaults to
1. - rate
Limit numberThreshold - The rate limit threshold. Defaults to
10.
- action str
The action to perform when the rule is matched. Possible values are
Allow,Block,Log,Redirect, orJSChallenge.!> Note: Setting the
actionfield toJSChallengeis currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- name str
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type str
- The type of rule. Possible values are
MatchRuleorRateLimitRule. - enabled bool
- Is the rule is enabled or disabled? Defaults to
true. - match_
conditions Sequence[FrontdoorFirewall Policy Custom Rule Match Condition] - One or more
match_conditionblock defined below. Can support up to10match_conditionblocks. - priority int
- The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1. - rate_
limit_ intduration_ in_ minutes - The rate limit duration in minutes. Defaults to
1. - rate_
limit_ intthreshold - The rate limit threshold. Defaults to
10.
- action String
The action to perform when the rule is matched. Possible values are
Allow,Block,Log,Redirect, orJSChallenge.!> Note: Setting the
actionfield toJSChallengeis currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- name String
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type String
- The type of rule. Possible values are
MatchRuleorRateLimitRule. - enabled Boolean
- Is the rule is enabled or disabled? Defaults to
true. - match
Conditions List<Property Map> - One or more
match_conditionblock defined below. Can support up to10match_conditionblocks. - priority Number
- The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1. - rate
Limit NumberDuration In Minutes - The rate limit duration in minutes. Defaults to
1. - rate
Limit NumberThreshold - The rate limit threshold. Defaults to
10.
FrontdoorFirewallPolicyCustomRuleMatchCondition, FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
- Match
Values List<string> - Up to
600possible values to match. Limit is in total across allmatch_conditionblocks andmatch_valuesarguments. String value itself can be up to256characters in length. - Match
Variable string - The request variable to compare with. Possible values are
Cookies,PostArgs,QueryString,RemoteAddr,RequestBody,RequestHeader,RequestMethod,RequestUri, orSocketAddr. - Operator string
- Comparison type to use for matching with the variable value. Possible values are
Any,BeginsWith,Contains,EndsWith,Equal,GeoMatch,GreaterThan,GreaterThanOrEqual,IPMatch,LessThan,LessThanOrEqual, orRegEx. - Negation
Condition bool - Should the result of the condition be negated.
- Selector string
- Match against a specific key if the
match_variableisQueryString,PostArgs,RequestHeader, orCookies. - Transforms List<string>
- Up to
5transforms to apply. Possible values areLowercase,RemoveNulls,Trim,Uppercase,URLDecode, orURLEncode.
- Match
Values []string - Up to
600possible values to match. Limit is in total across allmatch_conditionblocks andmatch_valuesarguments. String value itself can be up to256characters in length. - Match
Variable string - The request variable to compare with. Possible values are
Cookies,PostArgs,QueryString,RemoteAddr,RequestBody,RequestHeader,RequestMethod,RequestUri, orSocketAddr. - Operator string
- Comparison type to use for matching with the variable value. Possible values are
Any,BeginsWith,Contains,EndsWith,Equal,GeoMatch,GreaterThan,GreaterThanOrEqual,IPMatch,LessThan,LessThanOrEqual, orRegEx. - Negation
Condition bool - Should the result of the condition be negated.
- Selector string
- Match against a specific key if the
match_variableisQueryString,PostArgs,RequestHeader, orCookies. - Transforms []string
- Up to
5transforms to apply. Possible values areLowercase,RemoveNulls,Trim,Uppercase,URLDecode, orURLEncode.
- match
Values List<String> - Up to
600possible values to match. Limit is in total across allmatch_conditionblocks andmatch_valuesarguments. String value itself can be up to256characters in length. - match
Variable String - The request variable to compare with. Possible values are
Cookies,PostArgs,QueryString,RemoteAddr,RequestBody,RequestHeader,RequestMethod,RequestUri, orSocketAddr. - operator String
- Comparison type to use for matching with the variable value. Possible values are
Any,BeginsWith,Contains,EndsWith,Equal,GeoMatch,GreaterThan,GreaterThanOrEqual,IPMatch,LessThan,LessThanOrEqual, orRegEx. - negation
Condition Boolean - Should the result of the condition be negated.
- selector String
- Match against a specific key if the
match_variableisQueryString,PostArgs,RequestHeader, orCookies. - transforms List<String>
- Up to
5transforms to apply. Possible values areLowercase,RemoveNulls,Trim,Uppercase,URLDecode, orURLEncode.
- match
Values string[] - Up to
600possible values to match. Limit is in total across allmatch_conditionblocks andmatch_valuesarguments. String value itself can be up to256characters in length. - match
Variable string - The request variable to compare with. Possible values are
Cookies,PostArgs,QueryString,RemoteAddr,RequestBody,RequestHeader,RequestMethod,RequestUri, orSocketAddr. - operator string
- Comparison type to use for matching with the variable value. Possible values are
Any,BeginsWith,Contains,EndsWith,Equal,GeoMatch,GreaterThan,GreaterThanOrEqual,IPMatch,LessThan,LessThanOrEqual, orRegEx. - negation
Condition boolean - Should the result of the condition be negated.
- selector string
- Match against a specific key if the
match_variableisQueryString,PostArgs,RequestHeader, orCookies. - transforms string[]
- Up to
5transforms to apply. Possible values areLowercase,RemoveNulls,Trim,Uppercase,URLDecode, orURLEncode.
- match_
values Sequence[str] - Up to
600possible values to match. Limit is in total across allmatch_conditionblocks andmatch_valuesarguments. String value itself can be up to256characters in length. - match_
variable str - The request variable to compare with. Possible values are
Cookies,PostArgs,QueryString,RemoteAddr,RequestBody,RequestHeader,RequestMethod,RequestUri, orSocketAddr. - operator str
- Comparison type to use for matching with the variable value. Possible values are
Any,BeginsWith,Contains,EndsWith,Equal,GeoMatch,GreaterThan,GreaterThanOrEqual,IPMatch,LessThan,LessThanOrEqual, orRegEx. - negation_
condition bool - Should the result of the condition be negated.
- selector str
- Match against a specific key if the
match_variableisQueryString,PostArgs,RequestHeader, orCookies. - transforms Sequence[str]
- Up to
5transforms to apply. Possible values areLowercase,RemoveNulls,Trim,Uppercase,URLDecode, orURLEncode.
- match
Values List<String> - Up to
600possible values to match. Limit is in total across allmatch_conditionblocks andmatch_valuesarguments. String value itself can be up to256characters in length. - match
Variable String - The request variable to compare with. Possible values are
Cookies,PostArgs,QueryString,RemoteAddr,RequestBody,RequestHeader,RequestMethod,RequestUri, orSocketAddr. - operator String
- Comparison type to use for matching with the variable value. Possible values are
Any,BeginsWith,Contains,EndsWith,Equal,GeoMatch,GreaterThan,GreaterThanOrEqual,IPMatch,LessThan,LessThanOrEqual, orRegEx. - negation
Condition Boolean - Should the result of the condition be negated.
- selector String
- Match against a specific key if the
match_variableisQueryString,PostArgs,RequestHeader, orCookies. - transforms List<String>
- Up to
5transforms to apply. Possible values areLowercase,RemoveNulls,Trim,Uppercase,URLDecode, orURLEncode.
FrontdoorFirewallPolicyLogScrubbing, FrontdoorFirewallPolicyLogScrubbingArgs
- Scrubbing
Rules List<FrontdoorFirewall Policy Log Scrubbing Scrubbing Rule> One or more
scrubbing_ruleblocks as defined below.Note: For more information on masking sensitive data in Azure Front Door please see the product documentation.
- Enabled bool
- Is log scrubbing enabled? Possible values are
trueorfalse. Defaults totrue.
- Scrubbing
Rules []FrontdoorFirewall Policy Log Scrubbing Scrubbing Rule One or more
scrubbing_ruleblocks as defined below.Note: For more information on masking sensitive data in Azure Front Door please see the product documentation.
- Enabled bool
- Is log scrubbing enabled? Possible values are
trueorfalse. Defaults totrue.
- scrubbing
Rules List<FrontdoorFirewall Policy Log Scrubbing Scrubbing Rule> One or more
scrubbing_ruleblocks as defined below.Note: For more information on masking sensitive data in Azure Front Door please see the product documentation.
- enabled Boolean
- Is log scrubbing enabled? Possible values are
trueorfalse. Defaults totrue.
- scrubbing
Rules FrontdoorFirewall Policy Log Scrubbing Scrubbing Rule[] One or more
scrubbing_ruleblocks as defined below.Note: For more information on masking sensitive data in Azure Front Door please see the product documentation.
- enabled boolean
- Is log scrubbing enabled? Possible values are
trueorfalse. Defaults totrue.
- scrubbing_
rules Sequence[FrontdoorFirewall Policy Log Scrubbing Scrubbing Rule] One or more
scrubbing_ruleblocks as defined below.Note: For more information on masking sensitive data in Azure Front Door please see the product documentation.
- enabled bool
- Is log scrubbing enabled? Possible values are
trueorfalse. Defaults totrue.
- scrubbing
Rules List<Property Map> One or more
scrubbing_ruleblocks as defined below.Note: For more information on masking sensitive data in Azure Front Door please see the product documentation.
- enabled Boolean
- Is log scrubbing enabled? Possible values are
trueorfalse. Defaults totrue.
FrontdoorFirewallPolicyLogScrubbingScrubbingRule, FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs
- Match
Variable string The variable to be scrubbed from the logs. Possible values include
QueryStringArgNames,RequestBodyJsonArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestIPAddress, orRequestUri.Note:
RequestIPAddressandRequestUrimust use theEqualsAnyoperator.- Enabled bool
- Is this
scrubbing_ruleenabled? Defaults totrue. - Operator string
- When the
match_variableis a collection, operate on theselectorto specify which elements in the collection thisscrubbing_ruleapplies to. Possible values areEqualsorEqualsAny. Defaults toEquals. - Selector string
When the
match_variableis a collection, theoperatoris used to specify which elements in the collection thisscrubbing_ruleapplies to.Note: The
selectorfield cannot be set if theoperatoris set toEqualsAny.
- Match
Variable string The variable to be scrubbed from the logs. Possible values include
QueryStringArgNames,RequestBodyJsonArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestIPAddress, orRequestUri.Note:
RequestIPAddressandRequestUrimust use theEqualsAnyoperator.- Enabled bool
- Is this
scrubbing_ruleenabled? Defaults totrue. - Operator string
- When the
match_variableis a collection, operate on theselectorto specify which elements in the collection thisscrubbing_ruleapplies to. Possible values areEqualsorEqualsAny. Defaults toEquals. - Selector string
When the
match_variableis a collection, theoperatoris used to specify which elements in the collection thisscrubbing_ruleapplies to.Note: The
selectorfield cannot be set if theoperatoris set toEqualsAny.
- match
Variable String The variable to be scrubbed from the logs. Possible values include
QueryStringArgNames,RequestBodyJsonArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestIPAddress, orRequestUri.Note:
RequestIPAddressandRequestUrimust use theEqualsAnyoperator.- enabled Boolean
- Is this
scrubbing_ruleenabled? Defaults totrue. - operator String
- When the
match_variableis a collection, operate on theselectorto specify which elements in the collection thisscrubbing_ruleapplies to. Possible values areEqualsorEqualsAny. Defaults toEquals. - selector String
When the
match_variableis a collection, theoperatoris used to specify which elements in the collection thisscrubbing_ruleapplies to.Note: The
selectorfield cannot be set if theoperatoris set toEqualsAny.
- match
Variable string The variable to be scrubbed from the logs. Possible values include
QueryStringArgNames,RequestBodyJsonArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestIPAddress, orRequestUri.Note:
RequestIPAddressandRequestUrimust use theEqualsAnyoperator.- enabled boolean
- Is this
scrubbing_ruleenabled? Defaults totrue. - operator string
- When the
match_variableis a collection, operate on theselectorto specify which elements in the collection thisscrubbing_ruleapplies to. Possible values areEqualsorEqualsAny. Defaults toEquals. - selector string
When the
match_variableis a collection, theoperatoris used to specify which elements in the collection thisscrubbing_ruleapplies to.Note: The
selectorfield cannot be set if theoperatoris set toEqualsAny.
- match_
variable str The variable to be scrubbed from the logs. Possible values include
QueryStringArgNames,RequestBodyJsonArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestIPAddress, orRequestUri.Note:
RequestIPAddressandRequestUrimust use theEqualsAnyoperator.- enabled bool
- Is this
scrubbing_ruleenabled? Defaults totrue. - operator str
- When the
match_variableis a collection, operate on theselectorto specify which elements in the collection thisscrubbing_ruleapplies to. Possible values areEqualsorEqualsAny. Defaults toEquals. - selector str
When the
match_variableis a collection, theoperatoris used to specify which elements in the collection thisscrubbing_ruleapplies to.Note: The
selectorfield cannot be set if theoperatoris set toEqualsAny.
- match
Variable String The variable to be scrubbed from the logs. Possible values include
QueryStringArgNames,RequestBodyJsonArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestIPAddress, orRequestUri.Note:
RequestIPAddressandRequestUrimust use theEqualsAnyoperator.- enabled Boolean
- Is this
scrubbing_ruleenabled? Defaults totrue. - operator String
- When the
match_variableis a collection, operate on theselectorto specify which elements in the collection thisscrubbing_ruleapplies to. Possible values areEqualsorEqualsAny. Defaults toEquals. - selector String
When the
match_variableis a collection, theoperatoris used to specify which elements in the collection thisscrubbing_ruleapplies to.Note: The
selectorfield cannot be set if theoperatoris set toEqualsAny.
FrontdoorFirewallPolicyManagedRule, FrontdoorFirewallPolicyManagedRuleArgs
- Action string
- The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include
Allow,Log,Block, orRedirect. - Type string
- The name of the managed rule to use with this resource. Possible values include
DefaultRuleSet,Microsoft_DefaultRuleSet,BotProtection, orMicrosoft_BotManagerRuleSet. - Version string
- The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the
DefaultRuleSettype the possible values include1.0orpreview-0.1. ForMicrosoft_DefaultRuleSetthe possible values include1.1,2.0, or2.1. ForBotProtectionthe value must bepreview-0.1and forMicrosoft_BotManagerRuleSetthe possible values include1.0and1.1. - Exclusions
List<Frontdoor
Firewall Policy Managed Rule Exclusion> - One or more
exclusionblocks as defined below. - Overrides
List<Frontdoor
Firewall Policy Managed Rule Override> - One or more
overrideblocks as defined below.
- Action string
- The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include
Allow,Log,Block, orRedirect. - Type string
- The name of the managed rule to use with this resource. Possible values include
DefaultRuleSet,Microsoft_DefaultRuleSet,BotProtection, orMicrosoft_BotManagerRuleSet. - Version string
- The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the
DefaultRuleSettype the possible values include1.0orpreview-0.1. ForMicrosoft_DefaultRuleSetthe possible values include1.1,2.0, or2.1. ForBotProtectionthe value must bepreview-0.1and forMicrosoft_BotManagerRuleSetthe possible values include1.0and1.1. - Exclusions
[]Frontdoor
Firewall Policy Managed Rule Exclusion - One or more
exclusionblocks as defined below. - Overrides
[]Frontdoor
Firewall Policy Managed Rule Override - One or more
overrideblocks as defined below.
- action String
- The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include
Allow,Log,Block, orRedirect. - type String
- The name of the managed rule to use with this resource. Possible values include
DefaultRuleSet,Microsoft_DefaultRuleSet,BotProtection, orMicrosoft_BotManagerRuleSet. - version String
- The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the
DefaultRuleSettype the possible values include1.0orpreview-0.1. ForMicrosoft_DefaultRuleSetthe possible values include1.1,2.0, or2.1. ForBotProtectionthe value must bepreview-0.1and forMicrosoft_BotManagerRuleSetthe possible values include1.0and1.1. - exclusions
List<Frontdoor
Firewall Policy Managed Rule Exclusion> - One or more
exclusionblocks as defined below. - overrides
List<Frontdoor
Firewall Policy Managed Rule Override> - One or more
overrideblocks as defined below.
- action string
- The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include
Allow,Log,Block, orRedirect. - type string
- The name of the managed rule to use with this resource. Possible values include
DefaultRuleSet,Microsoft_DefaultRuleSet,BotProtection, orMicrosoft_BotManagerRuleSet. - version string
- The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the
DefaultRuleSettype the possible values include1.0orpreview-0.1. ForMicrosoft_DefaultRuleSetthe possible values include1.1,2.0, or2.1. ForBotProtectionthe value must bepreview-0.1and forMicrosoft_BotManagerRuleSetthe possible values include1.0and1.1. - exclusions
Frontdoor
Firewall Policy Managed Rule Exclusion[] - One or more
exclusionblocks as defined below. - overrides
Frontdoor
Firewall Policy Managed Rule Override[] - One or more
overrideblocks as defined below.
- action str
- The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include
Allow,Log,Block, orRedirect. - type str
- The name of the managed rule to use with this resource. Possible values include
DefaultRuleSet,Microsoft_DefaultRuleSet,BotProtection, orMicrosoft_BotManagerRuleSet. - version str
- The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the
DefaultRuleSettype the possible values include1.0orpreview-0.1. ForMicrosoft_DefaultRuleSetthe possible values include1.1,2.0, or2.1. ForBotProtectionthe value must bepreview-0.1and forMicrosoft_BotManagerRuleSetthe possible values include1.0and1.1. - exclusions
Sequence[Frontdoor
Firewall Policy Managed Rule Exclusion] - One or more
exclusionblocks as defined below. - overrides
Sequence[Frontdoor
Firewall Policy Managed Rule Override] - One or more
overrideblocks as defined below.
- action String
- The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include
Allow,Log,Block, orRedirect. - type String
- The name of the managed rule to use with this resource. Possible values include
DefaultRuleSet,Microsoft_DefaultRuleSet,BotProtection, orMicrosoft_BotManagerRuleSet. - version String
- The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the
DefaultRuleSettype the possible values include1.0orpreview-0.1. ForMicrosoft_DefaultRuleSetthe possible values include1.1,2.0, or2.1. ForBotProtectionthe value must bepreview-0.1and forMicrosoft_BotManagerRuleSetthe possible values include1.0and1.1. - exclusions List<Property Map>
- One or more
exclusionblocks as defined below. - overrides List<Property Map>
- One or more
overrideblocks as defined below.
FrontdoorFirewallPolicyManagedRuleExclusion, FrontdoorFirewallPolicyManagedRuleExclusionArgs
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- Operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - Selector string
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- Operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - Selector string
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- operator String
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - selector String
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - selector string
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- match_
variable str The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- operator str
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - selector str
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- operator String
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - selector String
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
FrontdoorFirewallPolicyManagedRuleOverride, FrontdoorFirewallPolicyManagedRuleOverrideArgs
- Rule
Group stringName - The managed rule group to override.
- Exclusions
List<Frontdoor
Firewall Policy Managed Rule Override Exclusion> - One or more
exclusionblocks as defined below. - Rules
List<Frontdoor
Firewall Policy Managed Rule Override Rule> - One or more
ruleblocks as defined below. If none are specified, all of the rules in the group will be disabled.
- Rule
Group stringName - The managed rule group to override.
- Exclusions
[]Frontdoor
Firewall Policy Managed Rule Override Exclusion - One or more
exclusionblocks as defined below. - Rules
[]Frontdoor
Firewall Policy Managed Rule Override Rule - One or more
ruleblocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule
Group StringName - The managed rule group to override.
- exclusions
List<Frontdoor
Firewall Policy Managed Rule Override Exclusion> - One or more
exclusionblocks as defined below. - rules
List<Frontdoor
Firewall Policy Managed Rule Override Rule> - One or more
ruleblocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule
Group stringName - The managed rule group to override.
- exclusions
Frontdoor
Firewall Policy Managed Rule Override Exclusion[] - One or more
exclusionblocks as defined below. - rules
Frontdoor
Firewall Policy Managed Rule Override Rule[] - One or more
ruleblocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule_
group_ strname - The managed rule group to override.
- exclusions
Sequence[Frontdoor
Firewall Policy Managed Rule Override Exclusion] - One or more
exclusionblocks as defined below. - rules
Sequence[Frontdoor
Firewall Policy Managed Rule Override Rule] - One or more
ruleblocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule
Group StringName - The managed rule group to override.
- exclusions List<Property Map>
- One or more
exclusionblocks as defined below. - rules List<Property Map>
- One or more
ruleblocks as defined below. If none are specified, all of the rules in the group will be disabled.
FrontdoorFirewallPolicyManagedRuleOverrideExclusion, FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- Operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - Selector string
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- Operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - Selector string
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- operator String
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - selector String
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - selector string
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- match_
variable str The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- operator str
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - selector str
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- operator String
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - selector String
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
FrontdoorFirewallPolicyManagedRuleOverrideRule, FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
- Action string
The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for
DefaultRuleSet 1.1and below areAllow,Log,Block, orRedirect. Possible values forDefaultRuleSet 2.0and above areLogorAnomalyScoring. Possible values forMicrosoft_BotManagerRuleSetareAllow,Log,Block,Redirect, orJSChallenge.Note: Please see the
DefaultRuleSetproduct documentation or theMicrosoft_BotManagerRuleSetproduct documentation for more information.!> Note: Setting the
actionfield toJSChallengeis currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- Rule
Id string - Identifier for the managed rule.
- Enabled bool
- Is the managed rule override enabled or disabled. Defaults to
false - Exclusions
List<Frontdoor
Firewall Policy Managed Rule Override Rule Exclusion> - One or more
exclusionblocks as defined below.
- Action string
The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for
DefaultRuleSet 1.1and below areAllow,Log,Block, orRedirect. Possible values forDefaultRuleSet 2.0and above areLogorAnomalyScoring. Possible values forMicrosoft_BotManagerRuleSetareAllow,Log,Block,Redirect, orJSChallenge.Note: Please see the
DefaultRuleSetproduct documentation or theMicrosoft_BotManagerRuleSetproduct documentation for more information.!> Note: Setting the
actionfield toJSChallengeis currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- Rule
Id string - Identifier for the managed rule.
- Enabled bool
- Is the managed rule override enabled or disabled. Defaults to
false - Exclusions
[]Frontdoor
Firewall Policy Managed Rule Override Rule Exclusion - One or more
exclusionblocks as defined below.
- action String
The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for
DefaultRuleSet 1.1and below areAllow,Log,Block, orRedirect. Possible values forDefaultRuleSet 2.0and above areLogorAnomalyScoring. Possible values forMicrosoft_BotManagerRuleSetareAllow,Log,Block,Redirect, orJSChallenge.Note: Please see the
DefaultRuleSetproduct documentation or theMicrosoft_BotManagerRuleSetproduct documentation for more information.!> Note: Setting the
actionfield toJSChallengeis currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- rule
Id String - Identifier for the managed rule.
- enabled Boolean
- Is the managed rule override enabled or disabled. Defaults to
false - exclusions
List<Frontdoor
Firewall Policy Managed Rule Override Rule Exclusion> - One or more
exclusionblocks as defined below.
- action string
The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for
DefaultRuleSet 1.1and below areAllow,Log,Block, orRedirect. Possible values forDefaultRuleSet 2.0and above areLogorAnomalyScoring. Possible values forMicrosoft_BotManagerRuleSetareAllow,Log,Block,Redirect, orJSChallenge.Note: Please see the
DefaultRuleSetproduct documentation or theMicrosoft_BotManagerRuleSetproduct documentation for more information.!> Note: Setting the
actionfield toJSChallengeis currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- rule
Id string - Identifier for the managed rule.
- enabled boolean
- Is the managed rule override enabled or disabled. Defaults to
false - exclusions
Frontdoor
Firewall Policy Managed Rule Override Rule Exclusion[] - One or more
exclusionblocks as defined below.
- action str
The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for
DefaultRuleSet 1.1and below areAllow,Log,Block, orRedirect. Possible values forDefaultRuleSet 2.0and above areLogorAnomalyScoring. Possible values forMicrosoft_BotManagerRuleSetareAllow,Log,Block,Redirect, orJSChallenge.Note: Please see the
DefaultRuleSetproduct documentation or theMicrosoft_BotManagerRuleSetproduct documentation for more information.!> Note: Setting the
actionfield toJSChallengeis currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- rule_
id str - Identifier for the managed rule.
- enabled bool
- Is the managed rule override enabled or disabled. Defaults to
false - exclusions
Sequence[Frontdoor
Firewall Policy Managed Rule Override Rule Exclusion] - One or more
exclusionblocks as defined below.
- action String
The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for
DefaultRuleSet 1.1and below areAllow,Log,Block, orRedirect. Possible values forDefaultRuleSet 2.0and above areLogorAnomalyScoring. Possible values forMicrosoft_BotManagerRuleSetareAllow,Log,Block,Redirect, orJSChallenge.Note: Please see the
DefaultRuleSetproduct documentation or theMicrosoft_BotManagerRuleSetproduct documentation for more information.!> Note: Setting the
actionfield toJSChallengeis currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.- rule
Id String - Identifier for the managed rule.
- enabled Boolean
- Is the managed rule override enabled or disabled. Defaults to
false - exclusions List<Property Map>
- One or more
exclusionblocks as defined below.
FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion, FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- Operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - Selector string
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- Operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - Selector string
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- operator String
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - selector String
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- operator string
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - selector string
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- match_
variable str The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- operator str
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - selector str
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames,RequestBodyPostArgNames,RequestCookieNames,RequestHeaderNames,RequestBodyJsonArgNamesNote:
RequestBodyJsonArgNamesis only available on Default Rule Set (DRS) 2.0 or later- operator String
- Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals,Contains,StartsWith,EndsWith, orEqualsAny. - selector String
Selector for the value in the
match_variableattribute this exclusion applies to.Note:
selectormust be set to*ifoperatoris set toEqualsAny.
Import
Front Door Firewall Policies can be imported using the resource id, e.g.
$ pulumi import azure:cdn/frontdoorFirewallPolicy:FrontdoorFirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/firewallPolicy1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.