We recommend using Azure Native.
azure.frontdoor.FirewallPolicy
Explore with Pulumi AI
Import
FrontDoor Web Application Firewall Policy can be imported using the resource id
, e.g.
$ pulumi import azure:frontdoor/firewallPolicy:FirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/examplefdwafpolicy
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
{
Location = "West Europe",
});
var exampleFirewallPolicy = new Azure.FrontDoor.FirewallPolicy("exampleFirewallPolicy", new()
{
ResourceGroupName = exampleResourceGroup.Name,
Enabled = true,
Mode = "Prevention",
RedirectUrl = "https://www.contoso.com",
CustomBlockResponseStatusCode = 403,
CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
CustomRules = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleArgs
{
Name = "Rule1",
Enabled = true,
Priority = 1,
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 10,
Type = "MatchRule",
Action = "Block",
MatchConditions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RemoteAddr",
Operator = "IPMatch",
NegationCondition = false,
MatchValues = new[]
{
"192.168.1.0/24",
"10.0.0.0/24",
},
},
},
},
new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleArgs
{
Name = "Rule2",
Enabled = true,
Priority = 2,
RateLimitDurationInMinutes = 1,
RateLimitThreshold = 10,
Type = "MatchRule",
Action = "Block",
MatchConditions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RemoteAddr",
Operator = "IPMatch",
NegationCondition = false,
MatchValues = new[]
{
"192.168.1.0/24",
},
},
new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
{
MatchVariable = "RequestHeader",
Selector = "UserAgent",
Operator = "Contains",
NegationCondition = false,
MatchValues = new[]
{
"windows",
},
Transforms = new[]
{
"Lowercase",
"Trim",
},
},
},
},
},
ManagedRules = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleArgs
{
Type = "DefaultRuleSet",
Version = "1.0",
Exclusions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleExclusionArgs
{
MatchVariable = "QueryStringArgNames",
Operator = "Equals",
Selector = "not_suspicious",
},
},
Overrides = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideArgs
{
RuleGroupName = "PHP",
Rules = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleArgs
{
RuleId = "933100",
Enabled = false,
Action = "Block",
},
},
},
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideArgs
{
RuleGroupName = "SQLI",
Exclusions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideExclusionArgs
{
MatchVariable = "QueryStringArgNames",
Operator = "Equals",
Selector = "really_not_suspicious",
},
},
Rules = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleArgs
{
RuleId = "942200",
Action = "Block",
Exclusions = new[]
{
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleExclusionArgs
{
MatchVariable = "QueryStringArgNames",
Operator = "Equals",
Selector = "innocent",
},
},
},
},
},
},
},
new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleArgs
{
Type = "Microsoft_BotManagerRuleSet",
Version = "1.0",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/frontdoor"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
_, err = frontdoor.NewFirewallPolicy(ctx, "exampleFirewallPolicy", &frontdoor.FirewallPolicyArgs{
ResourceGroupName: exampleResourceGroup.Name,
Enabled: pulumi.Bool(true),
Mode: pulumi.String("Prevention"),
RedirectUrl: pulumi.String("https://www.contoso.com"),
CustomBlockResponseStatusCode: pulumi.Int(403),
CustomBlockResponseBody: pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
CustomRules: frontdoor.FirewallPolicyCustomRuleArray{
&frontdoor.FirewallPolicyCustomRuleArgs{
Name: pulumi.String("Rule1"),
Enabled: pulumi.Bool(true),
Priority: pulumi.Int(1),
RateLimitDurationInMinutes: pulumi.Int(1),
RateLimitThreshold: pulumi.Int(10),
Type: pulumi.String("MatchRule"),
Action: pulumi.String("Block"),
MatchConditions: frontdoor.FirewallPolicyCustomRuleMatchConditionArray{
&frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RemoteAddr"),
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
pulumi.String("10.0.0.0/24"),
},
},
},
},
&frontdoor.FirewallPolicyCustomRuleArgs{
Name: pulumi.String("Rule2"),
Enabled: pulumi.Bool(true),
Priority: pulumi.Int(2),
RateLimitDurationInMinutes: pulumi.Int(1),
RateLimitThreshold: pulumi.Int(10),
Type: pulumi.String("MatchRule"),
Action: pulumi.String("Block"),
MatchConditions: frontdoor.FirewallPolicyCustomRuleMatchConditionArray{
&frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RemoteAddr"),
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
},
},
&frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
MatchVariable: pulumi.String("RequestHeader"),
Selector: pulumi.String("UserAgent"),
Operator: pulumi.String("Contains"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("windows"),
},
Transforms: pulumi.StringArray{
pulumi.String("Lowercase"),
pulumi.String("Trim"),
},
},
},
},
},
ManagedRules: frontdoor.FirewallPolicyManagedRuleArray{
&frontdoor.FirewallPolicyManagedRuleArgs{
Type: pulumi.String("DefaultRuleSet"),
Version: pulumi.String("1.0"),
Exclusions: frontdoor.FirewallPolicyManagedRuleExclusionArray{
&frontdoor.FirewallPolicyManagedRuleExclusionArgs{
MatchVariable: pulumi.String("QueryStringArgNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("not_suspicious"),
},
},
Overrides: frontdoor.FirewallPolicyManagedRuleOverrideArray{
&frontdoor.FirewallPolicyManagedRuleOverrideArgs{
RuleGroupName: pulumi.String("PHP"),
Rules: frontdoor.FirewallPolicyManagedRuleOverrideRuleArray{
&frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs{
RuleId: pulumi.String("933100"),
Enabled: pulumi.Bool(false),
Action: pulumi.String("Block"),
},
},
},
&frontdoor.FirewallPolicyManagedRuleOverrideArgs{
RuleGroupName: pulumi.String("SQLI"),
Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideExclusionArray{
&frontdoor.FirewallPolicyManagedRuleOverrideExclusionArgs{
MatchVariable: pulumi.String("QueryStringArgNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("really_not_suspicious"),
},
},
Rules: frontdoor.FirewallPolicyManagedRuleOverrideRuleArray{
&frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs{
RuleId: pulumi.String("942200"),
Action: pulumi.String("Block"),
Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArray{
&frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArgs{
MatchVariable: pulumi.String("QueryStringArgNames"),
Operator: pulumi.String("Equals"),
Selector: pulumi.String("innocent"),
},
},
},
},
},
},
},
&frontdoor.FirewallPolicyManagedRuleArgs{
Type: pulumi.String("Microsoft_BotManagerRuleSet"),
Version: pulumi.String("1.0"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.frontdoor.FirewallPolicy;
import com.pulumi.azure.frontdoor.FirewallPolicyArgs;
import com.pulumi.azure.frontdoor.inputs.FirewallPolicyCustomRuleArgs;
import com.pulumi.azure.frontdoor.inputs.FirewallPolicyManagedRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var exampleFirewallPolicy = new FirewallPolicy("exampleFirewallPolicy", FirewallPolicyArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.enabled(true)
.mode("Prevention")
.redirectUrl("https://www.contoso.com")
.customBlockResponseStatusCode(403)
.customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
.customRules(
FirewallPolicyCustomRuleArgs.builder()
.name("Rule1")
.enabled(true)
.priority(1)
.rateLimitDurationInMinutes(1)
.rateLimitThreshold(10)
.type("MatchRule")
.action("Block")
.matchConditions(FirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RemoteAddr")
.operator("IPMatch")
.negationCondition(false)
.matchValues(
"192.168.1.0/24",
"10.0.0.0/24")
.build())
.build(),
FirewallPolicyCustomRuleArgs.builder()
.name("Rule2")
.enabled(true)
.priority(2)
.rateLimitDurationInMinutes(1)
.rateLimitThreshold(10)
.type("MatchRule")
.action("Block")
.matchConditions(
FirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RemoteAddr")
.operator("IPMatch")
.negationCondition(false)
.matchValues("192.168.1.0/24")
.build(),
FirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RequestHeader")
.selector("UserAgent")
.operator("Contains")
.negationCondition(false)
.matchValues("windows")
.transforms(
"Lowercase",
"Trim")
.build())
.build())
.managedRules(
FirewallPolicyManagedRuleArgs.builder()
.type("DefaultRuleSet")
.version("1.0")
.exclusions(FirewallPolicyManagedRuleExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("not_suspicious")
.build())
.overrides(
FirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("PHP")
.rules(FirewallPolicyManagedRuleOverrideRuleArgs.builder()
.ruleId("933100")
.enabled(false)
.action("Block")
.build())
.build(),
FirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("SQLI")
.exclusions(FirewallPolicyManagedRuleOverrideExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("really_not_suspicious")
.build())
.rules(FirewallPolicyManagedRuleOverrideRuleArgs.builder()
.ruleId("942200")
.action("Block")
.exclusions(FirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("innocent")
.build())
.build())
.build())
.build(),
FirewallPolicyManagedRuleArgs.builder()
.type("Microsoft_BotManagerRuleSet")
.version("1.0")
.build())
.build());
}
}
import pulumi
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_firewall_policy = azure.frontdoor.FirewallPolicy("exampleFirewallPolicy",
resource_group_name=example_resource_group.name,
enabled=True,
mode="Prevention",
redirect_url="https://www.contoso.com",
custom_block_response_status_code=403,
custom_block_response_body="PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
custom_rules=[
azure.frontdoor.FirewallPolicyCustomRuleArgs(
name="Rule1",
enabled=True,
priority=1,
rate_limit_duration_in_minutes=1,
rate_limit_threshold=10,
type="MatchRule",
action="Block",
match_conditions=[azure.frontdoor.FirewallPolicyCustomRuleMatchConditionArgs(
match_variable="RemoteAddr",
operator="IPMatch",
negation_condition=False,
match_values=[
"192.168.1.0/24",
"10.0.0.0/24",
],
)],
),
azure.frontdoor.FirewallPolicyCustomRuleArgs(
name="Rule2",
enabled=True,
priority=2,
rate_limit_duration_in_minutes=1,
rate_limit_threshold=10,
type="MatchRule",
action="Block",
match_conditions=[
azure.frontdoor.FirewallPolicyCustomRuleMatchConditionArgs(
match_variable="RemoteAddr",
operator="IPMatch",
negation_condition=False,
match_values=["192.168.1.0/24"],
),
azure.frontdoor.FirewallPolicyCustomRuleMatchConditionArgs(
match_variable="RequestHeader",
selector="UserAgent",
operator="Contains",
negation_condition=False,
match_values=["windows"],
transforms=[
"Lowercase",
"Trim",
],
),
],
),
],
managed_rules=[
azure.frontdoor.FirewallPolicyManagedRuleArgs(
type="DefaultRuleSet",
version="1.0",
exclusions=[azure.frontdoor.FirewallPolicyManagedRuleExclusionArgs(
match_variable="QueryStringArgNames",
operator="Equals",
selector="not_suspicious",
)],
overrides=[
azure.frontdoor.FirewallPolicyManagedRuleOverrideArgs(
rule_group_name="PHP",
rules=[azure.frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs(
rule_id="933100",
enabled=False,
action="Block",
)],
),
azure.frontdoor.FirewallPolicyManagedRuleOverrideArgs(
rule_group_name="SQLI",
exclusions=[azure.frontdoor.FirewallPolicyManagedRuleOverrideExclusionArgs(
match_variable="QueryStringArgNames",
operator="Equals",
selector="really_not_suspicious",
)],
rules=[azure.frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs(
rule_id="942200",
action="Block",
exclusions=[azure.frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArgs(
match_variable="QueryStringArgNames",
operator="Equals",
selector="innocent",
)],
)],
),
],
),
azure.frontdoor.FirewallPolicyManagedRuleArgs(
type="Microsoft_BotManagerRuleSet",
version="1.0",
),
])
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleFirewallPolicy = new azure.frontdoor.FirewallPolicy("exampleFirewallPolicy", {
resourceGroupName: exampleResourceGroup.name,
enabled: true,
mode: "Prevention",
redirectUrl: "https://www.contoso.com",
customBlockResponseStatusCode: 403,
customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
customRules: [
{
name: "Rule1",
enabled: true,
priority: 1,
rateLimitDurationInMinutes: 1,
rateLimitThreshold: 10,
type: "MatchRule",
action: "Block",
matchConditions: [{
matchVariable: "RemoteAddr",
operator: "IPMatch",
negationCondition: false,
matchValues: [
"192.168.1.0/24",
"10.0.0.0/24",
],
}],
},
{
name: "Rule2",
enabled: true,
priority: 2,
rateLimitDurationInMinutes: 1,
rateLimitThreshold: 10,
type: "MatchRule",
action: "Block",
matchConditions: [
{
matchVariable: "RemoteAddr",
operator: "IPMatch",
negationCondition: false,
matchValues: ["192.168.1.0/24"],
},
{
matchVariable: "RequestHeader",
selector: "UserAgent",
operator: "Contains",
negationCondition: false,
matchValues: ["windows"],
transforms: [
"Lowercase",
"Trim",
],
},
],
},
],
managedRules: [
{
type: "DefaultRuleSet",
version: "1.0",
exclusions: [{
matchVariable: "QueryStringArgNames",
operator: "Equals",
selector: "not_suspicious",
}],
overrides: [
{
ruleGroupName: "PHP",
rules: [{
ruleId: "933100",
enabled: false,
action: "Block",
}],
},
{
ruleGroupName: "SQLI",
exclusions: [{
matchVariable: "QueryStringArgNames",
operator: "Equals",
selector: "really_not_suspicious",
}],
rules: [{
ruleId: "942200",
action: "Block",
exclusions: [{
matchVariable: "QueryStringArgNames",
operator: "Equals",
selector: "innocent",
}],
}],
},
],
},
{
type: "Microsoft_BotManagerRuleSet",
version: "1.0",
},
],
});
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
properties:
location: West Europe
exampleFirewallPolicy:
type: azure:frontdoor:FirewallPolicy
properties:
resourceGroupName: ${exampleResourceGroup.name}
enabled: true
mode: Prevention
redirectUrl: https://www.contoso.com
customBlockResponseStatusCode: 403
customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
customRules:
- name: Rule1
enabled: true
priority: 1
rateLimitDurationInMinutes: 1
rateLimitThreshold: 10
type: MatchRule
action: Block
matchConditions:
- matchVariable: RemoteAddr
operator: IPMatch
negationCondition: false
matchValues:
- 192.168.1.0/24
- 10.0.0.0/24
- name: Rule2
enabled: true
priority: 2
rateLimitDurationInMinutes: 1
rateLimitThreshold: 10
type: MatchRule
action: Block
matchConditions:
- matchVariable: RemoteAddr
operator: IPMatch
negationCondition: false
matchValues:
- 192.168.1.0/24
- matchVariable: RequestHeader
selector: UserAgent
operator: Contains
negationCondition: false
matchValues:
- windows
transforms:
- Lowercase
- Trim
managedRules:
- type: DefaultRuleSet
version: '1.0'
exclusions:
- matchVariable: QueryStringArgNames
operator: Equals
selector: not_suspicious
overrides:
- ruleGroupName: PHP
rules:
- ruleId: '933100'
enabled: false
action: Block
- ruleGroupName: SQLI
exclusions:
- matchVariable: QueryStringArgNames
operator: Equals
selector: really_not_suspicious
rules:
- ruleId: '942200'
action: Block
exclusions:
- matchVariable: QueryStringArgNames
operator: Equals
selector: innocent
- type: Microsoft_BotManagerRuleSet
version: '1.0'
Create FirewallPolicy Resource
new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);
@overload
def FirewallPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
custom_block_response_body: Optional[str] = None,
custom_block_response_status_code: Optional[int] = None,
custom_rules: Optional[Sequence[FirewallPolicyCustomRuleArgs]] = None,
enabled: Optional[bool] = None,
managed_rules: Optional[Sequence[FirewallPolicyManagedRuleArgs]] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
redirect_url: Optional[str] = None,
resource_group_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
@overload
def FirewallPolicy(resource_name: str,
args: FirewallPolicyArgs,
opts: Optional[ResourceOptions] = None)
func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)
public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)
public FirewallPolicy(String name, FirewallPolicyArgs args)
public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)
type: azure:frontdoor:FirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
FirewallPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The FirewallPolicy resource accepts the following input properties:
- Resource
Group stringName The name of the resource group. Changing this forces a new resource to be created.
- Custom
Block stringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- Custom
Block intResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- Custom
Rules List<FirewallPolicy Custom Rule> One or more
custom_rule
blocks as defined below.- Enabled bool
Is the policy a enabled state or disabled state. Defaults to
true
.- Managed
Rules List<FirewallPolicy Managed Rule> One or more
managed_rule
blocks as defined below.- Mode string
The firewall policy mode. Possible values are
Detection
,Prevention
and defaults toPrevention
.- Name string
The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string If action type is redirect, this field represents redirect URL for the client.
- Dictionary<string, string>
A mapping of tags to assign to the Web Application Firewall Policy.
- Resource
Group stringName The name of the resource group. Changing this forces a new resource to be created.
- Custom
Block stringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- Custom
Block intResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- Custom
Rules []FirewallPolicy Custom Rule Args One or more
custom_rule
blocks as defined below.- Enabled bool
Is the policy a enabled state or disabled state. Defaults to
true
.- Managed
Rules []FirewallPolicy Managed Rule Args One or more
managed_rule
blocks as defined below.- Mode string
The firewall policy mode. Possible values are
Detection
,Prevention
and defaults toPrevention
.- Name string
The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string If action type is redirect, this field represents redirect URL for the client.
- map[string]string
A mapping of tags to assign to the Web Application Firewall Policy.
- resource
Group StringName The name of the resource group. Changing this forces a new resource to be created.
- custom
Block StringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom
Block IntegerResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom
Rules List<FirewallPolicy Custom Rule> One or more
custom_rule
blocks as defined below.- enabled Boolean
Is the policy a enabled state or disabled state. Defaults to
true
.- managed
Rules List<FirewallPolicy Managed Rule> One or more
managed_rule
blocks as defined below.- mode String
The firewall policy mode. Possible values are
Detection
,Prevention
and defaults toPrevention
.- name String
The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String If action type is redirect, this field represents redirect URL for the client.
- Map<String,String>
A mapping of tags to assign to the Web Application Firewall Policy.
- resource
Group stringName The name of the resource group. Changing this forces a new resource to be created.
- custom
Block stringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom
Block numberResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom
Rules FirewallPolicy Custom Rule[] One or more
custom_rule
blocks as defined below.- enabled boolean
Is the policy a enabled state or disabled state. Defaults to
true
.- managed
Rules FirewallPolicy Managed Rule[] One or more
managed_rule
blocks as defined below.- mode string
The firewall policy mode. Possible values are
Detection
,Prevention
and defaults toPrevention
.- name string
The name of the policy. Changing this forces a new resource to be created.
- redirect
Url string If action type is redirect, this field represents redirect URL for the client.
- {[key: string]: string}
A mapping of tags to assign to the Web Application Firewall Policy.
- resource_
group_ strname The name of the resource group. Changing this forces a new resource to be created.
- custom_
block_ strresponse_ body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom_
block_ intresponse_ status_ code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom_
rules Sequence[FirewallPolicy Custom Rule Args] One or more
custom_rule
blocks as defined below.- enabled bool
Is the policy a enabled state or disabled state. Defaults to
true
.- managed_
rules Sequence[FirewallPolicy Managed Rule Args] One or more
managed_rule
blocks as defined below.- mode str
The firewall policy mode. Possible values are
Detection
,Prevention
and defaults toPrevention
.- name str
The name of the policy. Changing this forces a new resource to be created.
- redirect_
url str If action type is redirect, this field represents redirect URL for the client.
- Mapping[str, str]
A mapping of tags to assign to the Web Application Firewall Policy.
- resource
Group StringName The name of the resource group. Changing this forces a new resource to be created.
- custom
Block StringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom
Block NumberResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom
Rules List<Property Map> One or more
custom_rule
blocks as defined below.- enabled Boolean
Is the policy a enabled state or disabled state. Defaults to
true
.- managed
Rules List<Property Map> One or more
managed_rule
blocks as defined below.- mode String
The firewall policy mode. Possible values are
Detection
,Prevention
and defaults toPrevention
.- name String
The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String If action type is redirect, this field represents redirect URL for the client.
- Map<String>
A mapping of tags to assign to the Web Application Firewall Policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:
- Frontend
Endpoint List<string>Ids The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- Id string
The provider-assigned unique ID for this managed resource.
- Location string
The Azure Region where this Front Door Firewall Policy exists.
- Frontend
Endpoint []stringIds The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- Id string
The provider-assigned unique ID for this managed resource.
- Location string
The Azure Region where this Front Door Firewall Policy exists.
- frontend
Endpoint List<String>Ids The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- id String
The provider-assigned unique ID for this managed resource.
- location String
The Azure Region where this Front Door Firewall Policy exists.
- frontend
Endpoint string[]Ids The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- id string
The provider-assigned unique ID for this managed resource.
- location string
The Azure Region where this Front Door Firewall Policy exists.
- frontend_
endpoint_ Sequence[str]ids The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- id str
The provider-assigned unique ID for this managed resource.
- location str
The Azure Region where this Front Door Firewall Policy exists.
- frontend
Endpoint List<String>Ids The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- id String
The provider-assigned unique ID for this managed resource.
- location String
The Azure Region where this Front Door Firewall Policy exists.
Look up Existing FirewallPolicy Resource
Get an existing FirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallPolicyState, opts?: CustomResourceOptions): FirewallPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
custom_block_response_body: Optional[str] = None,
custom_block_response_status_code: Optional[int] = None,
custom_rules: Optional[Sequence[FirewallPolicyCustomRuleArgs]] = None,
enabled: Optional[bool] = None,
frontend_endpoint_ids: Optional[Sequence[str]] = None,
location: Optional[str] = None,
managed_rules: Optional[Sequence[FirewallPolicyManagedRuleArgs]] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
redirect_url: Optional[str] = None,
resource_group_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None) -> FirewallPolicy
func GetFirewallPolicy(ctx *Context, name string, id IDInput, state *FirewallPolicyState, opts ...ResourceOption) (*FirewallPolicy, error)
public static FirewallPolicy Get(string name, Input<string> id, FirewallPolicyState? state, CustomResourceOptions? opts = null)
public static FirewallPolicy get(String name, Output<String> id, FirewallPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Custom
Block stringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- Custom
Block intResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- Custom
Rules List<FirewallPolicy Custom Rule> One or more
custom_rule
blocks as defined below.- Enabled bool
Is the policy a enabled state or disabled state. Defaults to
true
.- Frontend
Endpoint List<string>Ids The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- Location string
The Azure Region where this Front Door Firewall Policy exists.
- Managed
Rules List<FirewallPolicy Managed Rule> One or more
managed_rule
blocks as defined below.- Mode string
The firewall policy mode. Possible values are
Detection
,Prevention
and defaults toPrevention
.- Name string
The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string If action type is redirect, this field represents redirect URL for the client.
- Resource
Group stringName The name of the resource group. Changing this forces a new resource to be created.
- Dictionary<string, string>
A mapping of tags to assign to the Web Application Firewall Policy.
- Custom
Block stringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- Custom
Block intResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- Custom
Rules []FirewallPolicy Custom Rule Args One or more
custom_rule
blocks as defined below.- Enabled bool
Is the policy a enabled state or disabled state. Defaults to
true
.- Frontend
Endpoint []stringIds The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- Location string
The Azure Region where this Front Door Firewall Policy exists.
- Managed
Rules []FirewallPolicy Managed Rule Args One or more
managed_rule
blocks as defined below.- Mode string
The firewall policy mode. Possible values are
Detection
,Prevention
and defaults toPrevention
.- Name string
The name of the policy. Changing this forces a new resource to be created.
- Redirect
Url string If action type is redirect, this field represents redirect URL for the client.
- Resource
Group stringName The name of the resource group. Changing this forces a new resource to be created.
- map[string]string
A mapping of tags to assign to the Web Application Firewall Policy.
- custom
Block StringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom
Block IntegerResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom
Rules List<FirewallPolicy Custom Rule> One or more
custom_rule
blocks as defined below.- enabled Boolean
Is the policy a enabled state or disabled state. Defaults to
true
.- frontend
Endpoint List<String>Ids The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- location String
The Azure Region where this Front Door Firewall Policy exists.
- managed
Rules List<FirewallPolicy Managed Rule> One or more
managed_rule
blocks as defined below.- mode String
The firewall policy mode. Possible values are
Detection
,Prevention
and defaults toPrevention
.- name String
The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String If action type is redirect, this field represents redirect URL for the client.
- resource
Group StringName The name of the resource group. Changing this forces a new resource to be created.
- Map<String,String>
A mapping of tags to assign to the Web Application Firewall Policy.
- custom
Block stringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom
Block numberResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom
Rules FirewallPolicy Custom Rule[] One or more
custom_rule
blocks as defined below.- enabled boolean
Is the policy a enabled state or disabled state. Defaults to
true
.- frontend
Endpoint string[]Ids The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- location string
The Azure Region where this Front Door Firewall Policy exists.
- managed
Rules FirewallPolicy Managed Rule[] One or more
managed_rule
blocks as defined below.- mode string
The firewall policy mode. Possible values are
Detection
,Prevention
and defaults toPrevention
.- name string
The name of the policy. Changing this forces a new resource to be created.
- redirect
Url string If action type is redirect, this field represents redirect URL for the client.
- resource
Group stringName The name of the resource group. Changing this forces a new resource to be created.
- {[key: string]: string}
A mapping of tags to assign to the Web Application Firewall Policy.
- custom_
block_ strresponse_ body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom_
block_ intresponse_ status_ code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom_
rules Sequence[FirewallPolicy Custom Rule Args] One or more
custom_rule
blocks as defined below.- enabled bool
Is the policy a enabled state or disabled state. Defaults to
true
.- frontend_
endpoint_ Sequence[str]ids The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- location str
The Azure Region where this Front Door Firewall Policy exists.
- managed_
rules Sequence[FirewallPolicy Managed Rule Args] One or more
managed_rule
blocks as defined below.- mode str
The firewall policy mode. Possible values are
Detection
,Prevention
and defaults toPrevention
.- name str
The name of the policy. Changing this forces a new resource to be created.
- redirect_
url str If action type is redirect, this field represents redirect URL for the client.
- resource_
group_ strname The name of the resource group. Changing this forces a new resource to be created.
- Mapping[str, str]
A mapping of tags to assign to the Web Application Firewall Policy.
- custom
Block StringResponse Body If a
custom_rule
block's action type isblock
, this is the response body. The body must be specified in base64 encoding.- custom
Block NumberResponse Status Code If a
custom_rule
block's action type isblock
, this is the response status code. Possible values are200
,403
,405
,406
, or429
.- custom
Rules List<Property Map> One or more
custom_rule
blocks as defined below.- enabled Boolean
Is the policy a enabled state or disabled state. Defaults to
true
.- frontend
Endpoint List<String>Ids The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
- location String
The Azure Region where this Front Door Firewall Policy exists.
- managed
Rules List<Property Map> One or more
managed_rule
blocks as defined below.- mode String
The firewall policy mode. Possible values are
Detection
,Prevention
and defaults toPrevention
.- name String
The name of the policy. Changing this forces a new resource to be created.
- redirect
Url String If action type is redirect, this field represents redirect URL for the client.
- resource
Group StringName The name of the resource group. Changing this forces a new resource to be created.
- Map<String>
A mapping of tags to assign to the Web Application Firewall Policy.
Supporting Types
FirewallPolicyCustomRule, FirewallPolicyCustomRuleArgs
- Action string
The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
.- Name string
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- Type string
The type of rule. Possible values are
MatchRule
orRateLimitRule
.- Enabled bool
Is the rule is enabled or disabled? Defaults to
true
.- Match
Conditions List<FirewallPolicy Custom Rule Match Condition> One or more
match_condition
block defined below. Can support up to10
match_condition
blocks.- Priority int
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
.- Rate
Limit intDuration In Minutes The rate limit duration in minutes. Defaults to
1
.- Rate
Limit intThreshold The rate limit threshold. Defaults to
10
.
- Action string
The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
.- Name string
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- Type string
The type of rule. Possible values are
MatchRule
orRateLimitRule
.- Enabled bool
Is the rule is enabled or disabled? Defaults to
true
.- Match
Conditions []FirewallPolicy Custom Rule Match Condition One or more
match_condition
block defined below. Can support up to10
match_condition
blocks.- Priority int
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
.- Rate
Limit intDuration In Minutes The rate limit duration in minutes. Defaults to
1
.- Rate
Limit intThreshold The rate limit threshold. Defaults to
10
.
- action String
The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
.- name String
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type String
The type of rule. Possible values are
MatchRule
orRateLimitRule
.- enabled Boolean
Is the rule is enabled or disabled? Defaults to
true
.- match
Conditions List<FirewallPolicy Custom Rule Match Condition> One or more
match_condition
block defined below. Can support up to10
match_condition
blocks.- priority Integer
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
.- rate
Limit IntegerDuration In Minutes The rate limit duration in minutes. Defaults to
1
.- rate
Limit IntegerThreshold The rate limit threshold. Defaults to
10
.
- action string
The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
.- name string
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type string
The type of rule. Possible values are
MatchRule
orRateLimitRule
.- enabled boolean
Is the rule is enabled or disabled? Defaults to
true
.- match
Conditions FirewallPolicy Custom Rule Match Condition[] One or more
match_condition
block defined below. Can support up to10
match_condition
blocks.- priority number
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
.- rate
Limit numberDuration In Minutes The rate limit duration in minutes. Defaults to
1
.- rate
Limit numberThreshold The rate limit threshold. Defaults to
10
.
- action str
The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
.- name str
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type str
The type of rule. Possible values are
MatchRule
orRateLimitRule
.- enabled bool
Is the rule is enabled or disabled? Defaults to
true
.- match_
conditions Sequence[FirewallPolicy Custom Rule Match Condition] One or more
match_condition
block defined below. Can support up to10
match_condition
blocks.- priority int
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
.- rate_
limit_ intduration_ in_ minutes The rate limit duration in minutes. Defaults to
1
.- rate_
limit_ intthreshold The rate limit threshold. Defaults to
10
.
- action String
The action to perform when the rule is matched. Possible values are
Allow
,Block
,Log
, orRedirect
.- name String
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- type String
The type of rule. Possible values are
MatchRule
orRateLimitRule
.- enabled Boolean
Is the rule is enabled or disabled? Defaults to
true
.- match
Conditions List<Property Map> One or more
match_condition
block defined below. Can support up to10
match_condition
blocks.- priority Number
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to
1
.- rate
Limit NumberDuration In Minutes The rate limit duration in minutes. Defaults to
1
.- rate
Limit NumberThreshold The rate limit threshold. Defaults to
10
.
FirewallPolicyCustomRuleMatchCondition, FirewallPolicyCustomRuleMatchConditionArgs
- Match
Values List<string> Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters long.- Match
Variable string The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
.- Operator string
Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
.- Negation
Condition bool Should the result of the condition be negated.
- Selector string
Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
.- Transforms List<string>
Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- Match
Values []string Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters long.- Match
Variable string The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
.- Operator string
Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
.- Negation
Condition bool Should the result of the condition be negated.
- Selector string
Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
.- Transforms []string
Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- match
Values List<String> Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters long.- match
Variable String The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
.- operator String
Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
.- negation
Condition Boolean Should the result of the condition be negated.
- selector String
Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
.- transforms List<String>
Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- match
Values string[] Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters long.- match
Variable string The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
.- operator string
Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
.- negation
Condition boolean Should the result of the condition be negated.
- selector string
Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
.- transforms string[]
Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- match_
values Sequence[str] Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters long.- match_
variable str The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
.- operator str
Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
.- negation_
condition bool Should the result of the condition be negated.
- selector str
Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
.- transforms Sequence[str]
Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
- match
Values List<String> Up to
600
possible values to match. Limit is in total across allmatch_condition
blocks andmatch_values
arguments. String value itself can be up to256
characters long.- match
Variable String The request variable to compare with. Possible values are
Cookies
,PostArgs
,QueryString
,RemoteAddr
,RequestBody
,RequestHeader
,RequestMethod
,RequestUri
, orSocketAddr
.- operator String
Comparison type to use for matching with the variable value. Possible values are
Any
,BeginsWith
,Contains
,EndsWith
,Equal
,GeoMatch
,GreaterThan
,GreaterThanOrEqual
,IPMatch
,LessThan
,LessThanOrEqual
orRegEx
.- negation
Condition Boolean Should the result of the condition be negated.
- selector String
Match against a specific key if the
match_variable
isQueryString
,PostArgs
,RequestHeader
orCookies
.- transforms List<String>
Up to
5
transforms to apply. Possible values areLowercase
,RemoveNulls
,Trim
,Uppercase
,URLDecode
orURLEncode
.
FirewallPolicyManagedRule, FirewallPolicyManagedRuleArgs
- Type string
The name of the managed rule to use with this resource.
- Version string
The version on the managed rule to use with this resource.
- Exclusions
List<Firewall
Policy Managed Rule Exclusion> One or more
exclusion
blocks as defined below.- Overrides
List<Firewall
Policy Managed Rule Override> One or more
override
blocks as defined below.
- Type string
The name of the managed rule to use with this resource.
- Version string
The version on the managed rule to use with this resource.
- Exclusions
[]Firewall
Policy Managed Rule Exclusion One or more
exclusion
blocks as defined below.- Overrides
[]Firewall
Policy Managed Rule Override One or more
override
blocks as defined below.
- type String
The name of the managed rule to use with this resource.
- version String
The version on the managed rule to use with this resource.
- exclusions
List<Firewall
Policy Managed Rule Exclusion> One or more
exclusion
blocks as defined below.- overrides
List<Firewall
Policy Managed Rule Override> One or more
override
blocks as defined below.
- type string
The name of the managed rule to use with this resource.
- version string
The version on the managed rule to use with this resource.
- exclusions
Firewall
Policy Managed Rule Exclusion[] One or more
exclusion
blocks as defined below.- overrides
Firewall
Policy Managed Rule Override[] One or more
override
blocks as defined below.
- type str
The name of the managed rule to use with this resource.
- version str
The version on the managed rule to use with this resource.
- exclusions
Sequence[Firewall
Policy Managed Rule Exclusion] One or more
exclusion
blocks as defined below.- overrides
Sequence[Firewall
Policy Managed Rule Override] One or more
override
blocks as defined below.
- type String
The name of the managed rule to use with this resource.
- version String
The version on the managed rule to use with this resource.
- exclusions List<Property Map>
One or more
exclusion
blocks as defined below.- overrides List<Property Map>
One or more
override
blocks as defined below.
FirewallPolicyManagedRuleExclusion, FirewallPolicyManagedRuleExclusionArgs
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- Operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- Selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- Operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- Selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- operator String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector String
Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.
- match_
variable str The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- operator str
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector str
Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- operator String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector String
Selector for the value in the
match_variable
attribute this exclusion applies to.
FirewallPolicyManagedRuleOverride, FirewallPolicyManagedRuleOverrideArgs
- Rule
Group stringName The managed rule group to override.
- Exclusions
List<Firewall
Policy Managed Rule Override Exclusion> One or more
exclusion
blocks as defined below.- Rules
List<Firewall
Policy Managed Rule Override Rule> One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- Rule
Group stringName The managed rule group to override.
- Exclusions
[]Firewall
Policy Managed Rule Override Exclusion One or more
exclusion
blocks as defined below.- Rules
[]Firewall
Policy Managed Rule Override Rule One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule
Group StringName The managed rule group to override.
- exclusions
List<Firewall
Policy Managed Rule Override Exclusion> One or more
exclusion
blocks as defined below.- rules
List<Firewall
Policy Managed Rule Override Rule> One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule
Group stringName The managed rule group to override.
- exclusions
Firewall
Policy Managed Rule Override Exclusion[] One or more
exclusion
blocks as defined below.- rules
Firewall
Policy Managed Rule Override Rule[] One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule_
group_ strname The managed rule group to override.
- exclusions
Sequence[Firewall
Policy Managed Rule Override Exclusion] One or more
exclusion
blocks as defined below.- rules
Sequence[Firewall
Policy Managed Rule Override Rule] One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
- rule
Group StringName The managed rule group to override.
- exclusions List<Property Map>
One or more
exclusion
blocks as defined below.- rules List<Property Map>
One or more
rule
blocks as defined below. If none are specified, all of the rules in the group will be disabled.
FirewallPolicyManagedRuleOverrideExclusion, FirewallPolicyManagedRuleOverrideExclusionArgs
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- Operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- Selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- Operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- Selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- operator String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector String
Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.
- match_
variable str The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- operator str
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector str
Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- operator String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector String
Selector for the value in the
match_variable
attribute this exclusion applies to.
FirewallPolicyManagedRuleOverrideRule, FirewallPolicyManagedRuleOverrideRuleArgs
- Action string
The action to be applied when the rule matches. Possible values are
Allow
,Block
,Log
, orRedirect
.- Rule
Id string Identifier for the managed rule.
- Enabled bool
Is the managed rule override enabled or disabled. Defaults to
false
- Exclusions
List<Firewall
Policy Managed Rule Override Rule Exclusion> One or more
exclusion
blocks as defined below.
- Action string
The action to be applied when the rule matches. Possible values are
Allow
,Block
,Log
, orRedirect
.- Rule
Id string Identifier for the managed rule.
- Enabled bool
Is the managed rule override enabled or disabled. Defaults to
false
- Exclusions
[]Firewall
Policy Managed Rule Override Rule Exclusion One or more
exclusion
blocks as defined below.
- action String
The action to be applied when the rule matches. Possible values are
Allow
,Block
,Log
, orRedirect
.- rule
Id String Identifier for the managed rule.
- enabled Boolean
Is the managed rule override enabled or disabled. Defaults to
false
- exclusions
List<Firewall
Policy Managed Rule Override Rule Exclusion> One or more
exclusion
blocks as defined below.
- action string
The action to be applied when the rule matches. Possible values are
Allow
,Block
,Log
, orRedirect
.- rule
Id string Identifier for the managed rule.
- enabled boolean
Is the managed rule override enabled or disabled. Defaults to
false
- exclusions
Firewall
Policy Managed Rule Override Rule Exclusion[] One or more
exclusion
blocks as defined below.
- action str
The action to be applied when the rule matches. Possible values are
Allow
,Block
,Log
, orRedirect
.- rule_
id str Identifier for the managed rule.
- enabled bool
Is the managed rule override enabled or disabled. Defaults to
false
- exclusions
Sequence[Firewall
Policy Managed Rule Override Rule Exclusion] One or more
exclusion
blocks as defined below.
- action String
The action to be applied when the rule matches. Possible values are
Allow
,Block
,Log
, orRedirect
.- rule
Id String Identifier for the managed rule.
- enabled Boolean
Is the managed rule override enabled or disabled. Defaults to
false
- exclusions List<Property Map>
One or more
exclusion
blocks as defined below.
FirewallPolicyManagedRuleOverrideRuleExclusion, FirewallPolicyManagedRuleOverrideRuleExclusionArgs
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- Operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- Selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.
- Match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- Operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- Selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- operator String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector String
Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable string The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- operator string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector string
Selector for the value in the
match_variable
attribute this exclusion applies to.
- match_
variable str The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- operator str
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector str
Selector for the value in the
match_variable
attribute this exclusion applies to.
- match
Variable String The variable type to be excluded. Possible values are
QueryStringArgNames
,RequestBodyPostArgNames
,RequestCookieNames
,RequestHeaderNames
.- operator String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are:
Equals
,Contains
,StartsWith
,EndsWith
,EqualsAny
.- selector String
Selector for the value in the
match_variable
attribute this exclusion applies to.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurerm
Terraform Provider.