Azure Classic v5.49.0, Aug 29 23

We recommend using Azure Native.

Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi

pulumi/pulumi-azure

azure.frontdoor.FirewallPolicy

Explore with Pulumi AI

We recommend using Azure Native.

Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi

pulumi/pulumi-azure

Import

FrontDoor Web Application Firewall Policy can be imported using the resource id, e.g.

 $ pulumi import azure:frontdoor/firewallPolicy:FirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/examplefdwafpolicy

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
    {
        Location = "West Europe",
    });

    var exampleFirewallPolicy = new Azure.FrontDoor.FirewallPolicy("exampleFirewallPolicy", new()
    {
        ResourceGroupName = exampleResourceGroup.Name,
        Enabled = true,
        Mode = "Prevention",
        RedirectUrl = "https://www.contoso.com",
        CustomBlockResponseStatusCode = 403,
        CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
        CustomRules = new[]
        {
            new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleArgs
            {
                Name = "Rule1",
                Enabled = true,
                Priority = 1,
                RateLimitDurationInMinutes = 1,
                RateLimitThreshold = 10,
                Type = "MatchRule",
                Action = "Block",
                MatchConditions = new[]
                {
                    new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariable = "RemoteAddr",
                        Operator = "IPMatch",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "192.168.1.0/24",
                            "10.0.0.0/24",
                        },
                    },
                },
            },
            new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleArgs
            {
                Name = "Rule2",
                Enabled = true,
                Priority = 2,
                RateLimitDurationInMinutes = 1,
                RateLimitThreshold = 10,
                Type = "MatchRule",
                Action = "Block",
                MatchConditions = new[]
                {
                    new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariable = "RemoteAddr",
                        Operator = "IPMatch",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "192.168.1.0/24",
                        },
                    },
                    new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariable = "RequestHeader",
                        Selector = "UserAgent",
                        Operator = "Contains",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "windows",
                        },
                        Transforms = new[]
                        {
                            "Lowercase",
                            "Trim",
                        },
                    },
                },
            },
        },
        ManagedRules = new[]
        {
            new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleArgs
            {
                Type = "DefaultRuleSet",
                Version = "1.0",
                Exclusions = new[]
                {
                    new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleExclusionArgs
                    {
                        MatchVariable = "QueryStringArgNames",
                        Operator = "Equals",
                        Selector = "not_suspicious",
                    },
                },
                Overrides = new[]
                {
                    new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideArgs
                    {
                        RuleGroupName = "PHP",
                        Rules = new[]
                        {
                            new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleArgs
                            {
                                RuleId = "933100",
                                Enabled = false,
                                Action = "Block",
                            },
                        },
                    },
                    new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideArgs
                    {
                        RuleGroupName = "SQLI",
                        Exclusions = new[]
                        {
                            new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideExclusionArgs
                            {
                                MatchVariable = "QueryStringArgNames",
                                Operator = "Equals",
                                Selector = "really_not_suspicious",
                            },
                        },
                        Rules = new[]
                        {
                            new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleArgs
                            {
                                RuleId = "942200",
                                Action = "Block",
                                Exclusions = new[]
                                {
                                    new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleExclusionArgs
                                    {
                                        MatchVariable = "QueryStringArgNames",
                                        Operator = "Equals",
                                        Selector = "innocent",
                                    },
                                },
                            },
                        },
                    },
                },
            },
            new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleArgs
            {
                Type = "Microsoft_BotManagerRuleSet",
                Version = "1.0",
            },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/frontdoor"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		_, err = frontdoor.NewFirewallPolicy(ctx, "exampleFirewallPolicy", &frontdoor.FirewallPolicyArgs{
			ResourceGroupName:             exampleResourceGroup.Name,
			Enabled:                       pulumi.Bool(true),
			Mode:                          pulumi.String("Prevention"),
			RedirectUrl:                   pulumi.String("https://www.contoso.com"),
			CustomBlockResponseStatusCode: pulumi.Int(403),
			CustomBlockResponseBody:       pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
			CustomRules: frontdoor.FirewallPolicyCustomRuleArray{
				&frontdoor.FirewallPolicyCustomRuleArgs{
					Name:                       pulumi.String("Rule1"),
					Enabled:                    pulumi.Bool(true),
					Priority:                   pulumi.Int(1),
					RateLimitDurationInMinutes: pulumi.Int(1),
					RateLimitThreshold:         pulumi.Int(10),
					Type:                       pulumi.String("MatchRule"),
					Action:                     pulumi.String("Block"),
					MatchConditions: frontdoor.FirewallPolicyCustomRuleMatchConditionArray{
						&frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
							MatchVariable:     pulumi.String("RemoteAddr"),
							Operator:          pulumi.String("IPMatch"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("192.168.1.0/24"),
								pulumi.String("10.0.0.0/24"),
							},
						},
					},
				},
				&frontdoor.FirewallPolicyCustomRuleArgs{
					Name:                       pulumi.String("Rule2"),
					Enabled:                    pulumi.Bool(true),
					Priority:                   pulumi.Int(2),
					RateLimitDurationInMinutes: pulumi.Int(1),
					RateLimitThreshold:         pulumi.Int(10),
					Type:                       pulumi.String("MatchRule"),
					Action:                     pulumi.String("Block"),
					MatchConditions: frontdoor.FirewallPolicyCustomRuleMatchConditionArray{
						&frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
							MatchVariable:     pulumi.String("RemoteAddr"),
							Operator:          pulumi.String("IPMatch"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("192.168.1.0/24"),
							},
						},
						&frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
							MatchVariable:     pulumi.String("RequestHeader"),
							Selector:          pulumi.String("UserAgent"),
							Operator:          pulumi.String("Contains"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("windows"),
							},
							Transforms: pulumi.StringArray{
								pulumi.String("Lowercase"),
								pulumi.String("Trim"),
							},
						},
					},
				},
			},
			ManagedRules: frontdoor.FirewallPolicyManagedRuleArray{
				&frontdoor.FirewallPolicyManagedRuleArgs{
					Type:    pulumi.String("DefaultRuleSet"),
					Version: pulumi.String("1.0"),
					Exclusions: frontdoor.FirewallPolicyManagedRuleExclusionArray{
						&frontdoor.FirewallPolicyManagedRuleExclusionArgs{
							MatchVariable: pulumi.String("QueryStringArgNames"),
							Operator:      pulumi.String("Equals"),
							Selector:      pulumi.String("not_suspicious"),
						},
					},
					Overrides: frontdoor.FirewallPolicyManagedRuleOverrideArray{
						&frontdoor.FirewallPolicyManagedRuleOverrideArgs{
							RuleGroupName: pulumi.String("PHP"),
							Rules: frontdoor.FirewallPolicyManagedRuleOverrideRuleArray{
								&frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs{
									RuleId:  pulumi.String("933100"),
									Enabled: pulumi.Bool(false),
									Action:  pulumi.String("Block"),
								},
							},
						},
						&frontdoor.FirewallPolicyManagedRuleOverrideArgs{
							RuleGroupName: pulumi.String("SQLI"),
							Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideExclusionArray{
								&frontdoor.FirewallPolicyManagedRuleOverrideExclusionArgs{
									MatchVariable: pulumi.String("QueryStringArgNames"),
									Operator:      pulumi.String("Equals"),
									Selector:      pulumi.String("really_not_suspicious"),
								},
							},
							Rules: frontdoor.FirewallPolicyManagedRuleOverrideRuleArray{
								&frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs{
									RuleId: pulumi.String("942200"),
									Action: pulumi.String("Block"),
									Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArray{
										&frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArgs{
											MatchVariable: pulumi.String("QueryStringArgNames"),
											Operator:      pulumi.String("Equals"),
											Selector:      pulumi.String("innocent"),
										},
									},
								},
							},
						},
					},
				},
				&frontdoor.FirewallPolicyManagedRuleArgs{
					Type:    pulumi.String("Microsoft_BotManagerRuleSet"),
					Version: pulumi.String("1.0"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.frontdoor.FirewallPolicy;
import com.pulumi.azure.frontdoor.FirewallPolicyArgs;
import com.pulumi.azure.frontdoor.inputs.FirewallPolicyCustomRuleArgs;
import com.pulumi.azure.frontdoor.inputs.FirewallPolicyManagedRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var exampleFirewallPolicy = new FirewallPolicy("exampleFirewallPolicy", FirewallPolicyArgs.builder()        
            .resourceGroupName(exampleResourceGroup.name())
            .enabled(true)
            .mode("Prevention")
            .redirectUrl("https://www.contoso.com")
            .customBlockResponseStatusCode(403)
            .customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
            .customRules(            
                FirewallPolicyCustomRuleArgs.builder()
                    .name("Rule1")
                    .enabled(true)
                    .priority(1)
                    .rateLimitDurationInMinutes(1)
                    .rateLimitThreshold(10)
                    .type("MatchRule")
                    .action("Block")
                    .matchConditions(FirewallPolicyCustomRuleMatchConditionArgs.builder()
                        .matchVariable("RemoteAddr")
                        .operator("IPMatch")
                        .negationCondition(false)
                        .matchValues(                        
                            "192.168.1.0/24",
                            "10.0.0.0/24")
                        .build())
                    .build(),
                FirewallPolicyCustomRuleArgs.builder()
                    .name("Rule2")
                    .enabled(true)
                    .priority(2)
                    .rateLimitDurationInMinutes(1)
                    .rateLimitThreshold(10)
                    .type("MatchRule")
                    .action("Block")
                    .matchConditions(                    
                        FirewallPolicyCustomRuleMatchConditionArgs.builder()
                            .matchVariable("RemoteAddr")
                            .operator("IPMatch")
                            .negationCondition(false)
                            .matchValues("192.168.1.0/24")
                            .build(),
                        FirewallPolicyCustomRuleMatchConditionArgs.builder()
                            .matchVariable("RequestHeader")
                            .selector("UserAgent")
                            .operator("Contains")
                            .negationCondition(false)
                            .matchValues("windows")
                            .transforms(                            
                                "Lowercase",
                                "Trim")
                            .build())
                    .build())
            .managedRules(            
                FirewallPolicyManagedRuleArgs.builder()
                    .type("DefaultRuleSet")
                    .version("1.0")
                    .exclusions(FirewallPolicyManagedRuleExclusionArgs.builder()
                        .matchVariable("QueryStringArgNames")
                        .operator("Equals")
                        .selector("not_suspicious")
                        .build())
                    .overrides(                    
                        FirewallPolicyManagedRuleOverrideArgs.builder()
                            .ruleGroupName("PHP")
                            .rules(FirewallPolicyManagedRuleOverrideRuleArgs.builder()
                                .ruleId("933100")
                                .enabled(false)
                                .action("Block")
                                .build())
                            .build(),
                        FirewallPolicyManagedRuleOverrideArgs.builder()
                            .ruleGroupName("SQLI")
                            .exclusions(FirewallPolicyManagedRuleOverrideExclusionArgs.builder()
                                .matchVariable("QueryStringArgNames")
                                .operator("Equals")
                                .selector("really_not_suspicious")
                                .build())
                            .rules(FirewallPolicyManagedRuleOverrideRuleArgs.builder()
                                .ruleId("942200")
                                .action("Block")
                                .exclusions(FirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
                                    .matchVariable("QueryStringArgNames")
                                    .operator("Equals")
                                    .selector("innocent")
                                    .build())
                                .build())
                            .build())
                    .build(),
                FirewallPolicyManagedRuleArgs.builder()
                    .type("Microsoft_BotManagerRuleSet")
                    .version("1.0")
                    .build())
            .build());

    }
}

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_firewall_policy = azure.frontdoor.FirewallPolicy("exampleFirewallPolicy",
    resource_group_name=example_resource_group.name,
    enabled=True,
    mode="Prevention",
    redirect_url="https://www.contoso.com",
    custom_block_response_status_code=403,
    custom_block_response_body="PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
    custom_rules=[
        azure.frontdoor.FirewallPolicyCustomRuleArgs(
            name="Rule1",
            enabled=True,
            priority=1,
            rate_limit_duration_in_minutes=1,
            rate_limit_threshold=10,
            type="MatchRule",
            action="Block",
            match_conditions=[azure.frontdoor.FirewallPolicyCustomRuleMatchConditionArgs(
                match_variable="RemoteAddr",
                operator="IPMatch",
                negation_condition=False,
                match_values=[
                    "192.168.1.0/24",
                    "10.0.0.0/24",
                ],
            )],
        ),
        azure.frontdoor.FirewallPolicyCustomRuleArgs(
            name="Rule2",
            enabled=True,
            priority=2,
            rate_limit_duration_in_minutes=1,
            rate_limit_threshold=10,
            type="MatchRule",
            action="Block",
            match_conditions=[
                azure.frontdoor.FirewallPolicyCustomRuleMatchConditionArgs(
                    match_variable="RemoteAddr",
                    operator="IPMatch",
                    negation_condition=False,
                    match_values=["192.168.1.0/24"],
                ),
                azure.frontdoor.FirewallPolicyCustomRuleMatchConditionArgs(
                    match_variable="RequestHeader",
                    selector="UserAgent",
                    operator="Contains",
                    negation_condition=False,
                    match_values=["windows"],
                    transforms=[
                        "Lowercase",
                        "Trim",
                    ],
                ),
            ],
        ),
    ],
    managed_rules=[
        azure.frontdoor.FirewallPolicyManagedRuleArgs(
            type="DefaultRuleSet",
            version="1.0",
            exclusions=[azure.frontdoor.FirewallPolicyManagedRuleExclusionArgs(
                match_variable="QueryStringArgNames",
                operator="Equals",
                selector="not_suspicious",
            )],
            overrides=[
                azure.frontdoor.FirewallPolicyManagedRuleOverrideArgs(
                    rule_group_name="PHP",
                    rules=[azure.frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs(
                        rule_id="933100",
                        enabled=False,
                        action="Block",
                    )],
                ),
                azure.frontdoor.FirewallPolicyManagedRuleOverrideArgs(
                    rule_group_name="SQLI",
                    exclusions=[azure.frontdoor.FirewallPolicyManagedRuleOverrideExclusionArgs(
                        match_variable="QueryStringArgNames",
                        operator="Equals",
                        selector="really_not_suspicious",
                    )],
                    rules=[azure.frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs(
                        rule_id="942200",
                        action="Block",
                        exclusions=[azure.frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArgs(
                            match_variable="QueryStringArgNames",
                            operator="Equals",
                            selector="innocent",
                        )],
                    )],
                ),
            ],
        ),
        azure.frontdoor.FirewallPolicyManagedRuleArgs(
            type="Microsoft_BotManagerRuleSet",
            version="1.0",
        ),
    ])

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleFirewallPolicy = new azure.frontdoor.FirewallPolicy("exampleFirewallPolicy", {
    resourceGroupName: exampleResourceGroup.name,
    enabled: true,
    mode: "Prevention",
    redirectUrl: "https://www.contoso.com",
    customBlockResponseStatusCode: 403,
    customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
    customRules: [
        {
            name: "Rule1",
            enabled: true,
            priority: 1,
            rateLimitDurationInMinutes: 1,
            rateLimitThreshold: 10,
            type: "MatchRule",
            action: "Block",
            matchConditions: [{
                matchVariable: "RemoteAddr",
                operator: "IPMatch",
                negationCondition: false,
                matchValues: [
                    "192.168.1.0/24",
                    "10.0.0.0/24",
                ],
            }],
        },
        {
            name: "Rule2",
            enabled: true,
            priority: 2,
            rateLimitDurationInMinutes: 1,
            rateLimitThreshold: 10,
            type: "MatchRule",
            action: "Block",
            matchConditions: [
                {
                    matchVariable: "RemoteAddr",
                    operator: "IPMatch",
                    negationCondition: false,
                    matchValues: ["192.168.1.0/24"],
                },
                {
                    matchVariable: "RequestHeader",
                    selector: "UserAgent",
                    operator: "Contains",
                    negationCondition: false,
                    matchValues: ["windows"],
                    transforms: [
                        "Lowercase",
                        "Trim",
                    ],
                },
            ],
        },
    ],
    managedRules: [
        {
            type: "DefaultRuleSet",
            version: "1.0",
            exclusions: [{
                matchVariable: "QueryStringArgNames",
                operator: "Equals",
                selector: "not_suspicious",
            }],
            overrides: [
                {
                    ruleGroupName: "PHP",
                    rules: [{
                        ruleId: "933100",
                        enabled: false,
                        action: "Block",
                    }],
                },
                {
                    ruleGroupName: "SQLI",
                    exclusions: [{
                        matchVariable: "QueryStringArgNames",
                        operator: "Equals",
                        selector: "really_not_suspicious",
                    }],
                    rules: [{
                        ruleId: "942200",
                        action: "Block",
                        exclusions: [{
                            matchVariable: "QueryStringArgNames",
                            operator: "Equals",
                            selector: "innocent",
                        }],
                    }],
                },
            ],
        },
        {
            type: "Microsoft_BotManagerRuleSet",
            version: "1.0",
        },
    ],
});

resources:
  exampleResourceGroup:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  exampleFirewallPolicy:
    type: azure:frontdoor:FirewallPolicy
    properties:
      resourceGroupName: ${exampleResourceGroup.name}
      enabled: true
      mode: Prevention
      redirectUrl: https://www.contoso.com
      customBlockResponseStatusCode: 403
      customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
      customRules:
        - name: Rule1
          enabled: true
          priority: 1
          rateLimitDurationInMinutes: 1
          rateLimitThreshold: 10
          type: MatchRule
          action: Block
          matchConditions:
            - matchVariable: RemoteAddr
              operator: IPMatch
              negationCondition: false
              matchValues:
                - 192.168.1.0/24
                - 10.0.0.0/24
        - name: Rule2
          enabled: true
          priority: 2
          rateLimitDurationInMinutes: 1
          rateLimitThreshold: 10
          type: MatchRule
          action: Block
          matchConditions:
            - matchVariable: RemoteAddr
              operator: IPMatch
              negationCondition: false
              matchValues:
                - 192.168.1.0/24
            - matchVariable: RequestHeader
              selector: UserAgent
              operator: Contains
              negationCondition: false
              matchValues:
                - windows
              transforms:
                - Lowercase
                - Trim
      managedRules:
        - type: DefaultRuleSet
          version: '1.0'
          exclusions:
            - matchVariable: QueryStringArgNames
              operator: Equals
              selector: not_suspicious
          overrides:
            - ruleGroupName: PHP
              rules:
                - ruleId: '933100'
                  enabled: false
                  action: Block
            - ruleGroupName: SQLI
              exclusions:
                - matchVariable: QueryStringArgNames
                  operator: Equals
                  selector: really_not_suspicious
              rules:
                - ruleId: '942200'
                  action: Block
                  exclusions:
                    - matchVariable: QueryStringArgNames
                      operator: Equals
                      selector: innocent
        - type: Microsoft_BotManagerRuleSet
          version: '1.0'

Create FirewallPolicy Resource

new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);

@overload
def FirewallPolicy(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   custom_block_response_body: Optional[str] = None,
                   custom_block_response_status_code: Optional[int] = None,
                   custom_rules: Optional[Sequence[FirewallPolicyCustomRuleArgs]] = None,
                   enabled: Optional[bool] = None,
                   managed_rules: Optional[Sequence[FirewallPolicyManagedRuleArgs]] = None,
                   mode: Optional[str] = None,
                   name: Optional[str] = None,
                   redirect_url: Optional[str] = None,
                   resource_group_name: Optional[str] = None,
                   tags: Optional[Mapping[str, str]] = None)
@overload
def FirewallPolicy(resource_name: str,
                   args: FirewallPolicyArgs,
                   opts: Optional[ResourceOptions] = None)

func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)

public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)

public FirewallPolicy(String name, FirewallPolicyArgs args)
public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)

type: azure:frontdoor:FirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

FirewallPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The FirewallPolicy resource accepts the following input properties:

ResourceGroupName string: The name of the resource group. Changing this forces a new resource to be created.
CustomBlockResponseBody string: If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
CustomBlockResponseStatusCode int: If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
CustomRules List<FirewallPolicyCustomRule>: One or more custom_rule blocks as defined below.
Enabled bool: Is the policy a enabled state or disabled state. Defaults to true.
ManagedRules List<FirewallPolicyManagedRule>: One or more managed_rule blocks as defined below.
Mode string: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
Name string: The name of the policy. Changing this forces a new resource to be created.
RedirectUrl string: If action type is redirect, this field represents redirect URL for the client.
Tags Dictionary<string, string>: A mapping of tags to assign to the Web Application Firewall Policy.

ResourceGroupName string: The name of the resource group. Changing this forces a new resource to be created.
CustomBlockResponseBody string: If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
CustomBlockResponseStatusCode int: If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
CustomRules []FirewallPolicyCustomRuleArgs: One or more custom_rule blocks as defined below.
Enabled bool: Is the policy a enabled state or disabled state. Defaults to true.
ManagedRules []FirewallPolicyManagedRuleArgs: One or more managed_rule blocks as defined below.
Mode string: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
Name string: The name of the policy. Changing this forces a new resource to be created.
RedirectUrl string: If action type is redirect, this field represents redirect URL for the client.
Tags map[string]string: A mapping of tags to assign to the Web Application Firewall Policy.

resourceGroupName String: The name of the resource group. Changing this forces a new resource to be created.
customBlockResponseBody String: If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode Integer: If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules List<FirewallPolicyCustomRule>: One or more custom_rule blocks as defined below.
enabled Boolean: Is the policy a enabled state or disabled state. Defaults to true.
managedRules List<FirewallPolicyManagedRule>: One or more managed_rule blocks as defined below.
mode String: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
name String: The name of the policy. Changing this forces a new resource to be created.
redirectUrl String: If action type is redirect, this field represents redirect URL for the client.
tags Map<String,String>: A mapping of tags to assign to the Web Application Firewall Policy.

resourceGroupName string: The name of the resource group. Changing this forces a new resource to be created.
customBlockResponseBody string: If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode number: If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules FirewallPolicyCustomRule[]: One or more custom_rule blocks as defined below.
enabled boolean: Is the policy a enabled state or disabled state. Defaults to true.
managedRules FirewallPolicyManagedRule[]: One or more managed_rule blocks as defined below.
mode string: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
name string: The name of the policy. Changing this forces a new resource to be created.
redirectUrl string: If action type is redirect, this field represents redirect URL for the client.
tags {[key: string]: string}: A mapping of tags to assign to the Web Application Firewall Policy.

resource_group_name str: The name of the resource group. Changing this forces a new resource to be created.
custom_block_response_body str: If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
custom_block_response_status_code int: If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
custom_rules Sequence[FirewallPolicyCustomRuleArgs]: One or more custom_rule blocks as defined below.
enabled bool: Is the policy a enabled state or disabled state. Defaults to true.
managed_rules Sequence[FirewallPolicyManagedRuleArgs]: One or more managed_rule blocks as defined below.
mode str: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
name str: The name of the policy. Changing this forces a new resource to be created.
redirect_url str: If action type is redirect, this field represents redirect URL for the client.
tags Mapping[str, str]: A mapping of tags to assign to the Web Application Firewall Policy.

resourceGroupName String: The name of the resource group. Changing this forces a new resource to be created.
customBlockResponseBody String: If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode Number: If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules List<Property Map>: One or more custom_rule blocks as defined below.
enabled Boolean: Is the policy a enabled state or disabled state. Defaults to true.
managedRules List<Property Map>: One or more managed_rule blocks as defined below.
mode String: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
name String: The name of the policy. Changing this forces a new resource to be created.
redirectUrl String: If action type is redirect, this field represents redirect URL for the client.
tags Map<String>: A mapping of tags to assign to the Web Application Firewall Policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:

FrontendEndpointIds List<string>: The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
Id string: The provider-assigned unique ID for this managed resource.
Location string: The Azure Region where this Front Door Firewall Policy exists.

FrontendEndpointIds []string: The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
Id string: The provider-assigned unique ID for this managed resource.
Location string: The Azure Region where this Front Door Firewall Policy exists.

frontendEndpointIds List<String>: The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
id String: The provider-assigned unique ID for this managed resource.
location String: The Azure Region where this Front Door Firewall Policy exists.

frontendEndpointIds string[]: The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
id string: The provider-assigned unique ID for this managed resource.
location string: The Azure Region where this Front Door Firewall Policy exists.

frontend_endpoint_ids Sequence[str]: The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
id str: The provider-assigned unique ID for this managed resource.
location str: The Azure Region where this Front Door Firewall Policy exists.

frontendEndpointIds List<String>: The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
id String: The provider-assigned unique ID for this managed resource.
location String: The Azure Region where this Front Door Firewall Policy exists.

Look up Existing FirewallPolicy Resource

Get an existing FirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallPolicyState, opts?: CustomResourceOptions): FirewallPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        custom_block_response_body: Optional[str] = None,
        custom_block_response_status_code: Optional[int] = None,
        custom_rules: Optional[Sequence[FirewallPolicyCustomRuleArgs]] = None,
        enabled: Optional[bool] = None,
        frontend_endpoint_ids: Optional[Sequence[str]] = None,
        location: Optional[str] = None,
        managed_rules: Optional[Sequence[FirewallPolicyManagedRuleArgs]] = None,
        mode: Optional[str] = None,
        name: Optional[str] = None,
        redirect_url: Optional[str] = None,
        resource_group_name: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None) -> FirewallPolicy

func GetFirewallPolicy(ctx *Context, name string, id IDInput, state *FirewallPolicyState, opts ...ResourceOption) (*FirewallPolicy, error)

public static FirewallPolicy Get(string name, Input<string> id, FirewallPolicyState? state, CustomResourceOptions? opts = null)

public static FirewallPolicy get(String name, Output<String> id, FirewallPolicyState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CustomBlockResponseBody string: If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
CustomBlockResponseStatusCode int: If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
CustomRules List<FirewallPolicyCustomRule>: One or more custom_rule blocks as defined below.
Enabled bool: Is the policy a enabled state or disabled state. Defaults to true.
FrontendEndpointIds List<string>: The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
Location string: The Azure Region where this Front Door Firewall Policy exists.
ManagedRules List<FirewallPolicyManagedRule>: One or more managed_rule blocks as defined below.
Mode string: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
Name string: The name of the policy. Changing this forces a new resource to be created.
RedirectUrl string: If action type is redirect, this field represents redirect URL for the client.
ResourceGroupName string: The name of the resource group. Changing this forces a new resource to be created.
Tags Dictionary<string, string>: A mapping of tags to assign to the Web Application Firewall Policy.

CustomBlockResponseBody string: If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
CustomBlockResponseStatusCode int: If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
CustomRules []FirewallPolicyCustomRuleArgs: One or more custom_rule blocks as defined below.
Enabled bool: Is the policy a enabled state or disabled state. Defaults to true.
FrontendEndpointIds []string: The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
Location string: The Azure Region where this Front Door Firewall Policy exists.
ManagedRules []FirewallPolicyManagedRuleArgs: One or more managed_rule blocks as defined below.
Mode string: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
Name string: The name of the policy. Changing this forces a new resource to be created.
RedirectUrl string: If action type is redirect, this field represents redirect URL for the client.
ResourceGroupName string: The name of the resource group. Changing this forces a new resource to be created.
Tags map[string]string: A mapping of tags to assign to the Web Application Firewall Policy.

customBlockResponseBody String: If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode Integer: If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules List<FirewallPolicyCustomRule>: One or more custom_rule blocks as defined below.
enabled Boolean: Is the policy a enabled state or disabled state. Defaults to true.
frontendEndpointIds List<String>: The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
location String: The Azure Region where this Front Door Firewall Policy exists.
managedRules List<FirewallPolicyManagedRule>: One or more managed_rule blocks as defined below.
mode String: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
name String: The name of the policy. Changing this forces a new resource to be created.
redirectUrl String: If action type is redirect, this field represents redirect URL for the client.
resourceGroupName String: The name of the resource group. Changing this forces a new resource to be created.
tags Map<String,String>: A mapping of tags to assign to the Web Application Firewall Policy.

customBlockResponseBody string: If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode number: If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules FirewallPolicyCustomRule[]: One or more custom_rule blocks as defined below.
enabled boolean: Is the policy a enabled state or disabled state. Defaults to true.
frontendEndpointIds string[]: The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
location string: The Azure Region where this Front Door Firewall Policy exists.
managedRules FirewallPolicyManagedRule[]: One or more managed_rule blocks as defined below.
mode string: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
name string: The name of the policy. Changing this forces a new resource to be created.
redirectUrl string: If action type is redirect, this field represents redirect URL for the client.
resourceGroupName string: The name of the resource group. Changing this forces a new resource to be created.
tags {[key: string]: string}: A mapping of tags to assign to the Web Application Firewall Policy.

custom_block_response_body str: If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
custom_block_response_status_code int: If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
custom_rules Sequence[FirewallPolicyCustomRuleArgs]: One or more custom_rule blocks as defined below.
enabled bool: Is the policy a enabled state or disabled state. Defaults to true.
frontend_endpoint_ids Sequence[str]: The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
location str: The Azure Region where this Front Door Firewall Policy exists.
managed_rules Sequence[FirewallPolicyManagedRuleArgs]: One or more managed_rule blocks as defined below.
mode str: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
name str: The name of the policy. Changing this forces a new resource to be created.
redirect_url str: If action type is redirect, this field represents redirect URL for the client.
resource_group_name str: The name of the resource group. Changing this forces a new resource to be created.
tags Mapping[str, str]: A mapping of tags to assign to the Web Application Firewall Policy.

customBlockResponseBody String: If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode Number: If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules List<Property Map>: One or more custom_rule blocks as defined below.
enabled Boolean: Is the policy a enabled state or disabled state. Defaults to true.
frontendEndpointIds List<String>: The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
location String: The Azure Region where this Front Door Firewall Policy exists.
managedRules List<Property Map>: One or more managed_rule blocks as defined below.
mode String: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
name String: The name of the policy. Changing this forces a new resource to be created.
redirectUrl String: If action type is redirect, this field represents redirect URL for the client.
resourceGroupName String: The name of the resource group. Changing this forces a new resource to be created.
tags Map<String>: A mapping of tags to assign to the Web Application Firewall Policy.

Supporting Types

FirewallPolicyCustomRule, FirewallPolicyCustomRuleArgs

Action string: The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
Name string: Gets name of the resource that is unique within a policy. This name can be used to access the resource.
Type string: The type of rule. Possible values are MatchRule or RateLimitRule.
Enabled bool: Is the rule is enabled or disabled? Defaults to true.
MatchConditions List<FirewallPolicyCustomRuleMatchCondition>: One or more match_condition block defined below. Can support up to 10 match_condition blocks.
Priority int: The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
RateLimitDurationInMinutes int: The rate limit duration in minutes. Defaults to 1.
RateLimitThreshold int: The rate limit threshold. Defaults to 10.

Action string: The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
Name string: Gets name of the resource that is unique within a policy. This name can be used to access the resource.
Type string: The type of rule. Possible values are MatchRule or RateLimitRule.
Enabled bool: Is the rule is enabled or disabled? Defaults to true.
MatchConditions []FirewallPolicyCustomRuleMatchCondition: One or more match_condition block defined below. Can support up to 10 match_condition blocks.
Priority int: The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
RateLimitDurationInMinutes int: The rate limit duration in minutes. Defaults to 1.
RateLimitThreshold int: The rate limit threshold. Defaults to 10.

action String: The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
name String: Gets name of the resource that is unique within a policy. This name can be used to access the resource.
type String: The type of rule. Possible values are MatchRule or RateLimitRule.
enabled Boolean: Is the rule is enabled or disabled? Defaults to true.
matchConditions List<FirewallPolicyCustomRuleMatchCondition>: One or more match_condition block defined below. Can support up to 10 match_condition blocks.
priority Integer: The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
rateLimitDurationInMinutes Integer: The rate limit duration in minutes. Defaults to 1.
rateLimitThreshold Integer: The rate limit threshold. Defaults to 10.

action string: The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
name string: Gets name of the resource that is unique within a policy. This name can be used to access the resource.
type string: The type of rule. Possible values are MatchRule or RateLimitRule.
enabled boolean: Is the rule is enabled or disabled? Defaults to true.
matchConditions FirewallPolicyCustomRuleMatchCondition[]: One or more match_condition block defined below. Can support up to 10 match_condition blocks.
priority number: The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
rateLimitDurationInMinutes number: The rate limit duration in minutes. Defaults to 1.
rateLimitThreshold number: The rate limit threshold. Defaults to 10.

action str: The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
name str: Gets name of the resource that is unique within a policy. This name can be used to access the resource.
type str: The type of rule. Possible values are MatchRule or RateLimitRule.
enabled bool: Is the rule is enabled or disabled? Defaults to true.
match_conditions Sequence[FirewallPolicyCustomRuleMatchCondition]: One or more match_condition block defined below. Can support up to 10 match_condition blocks.
priority int: The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
rate_limit_duration_in_minutes int: The rate limit duration in minutes. Defaults to 1.
rate_limit_threshold int: The rate limit threshold. Defaults to 10.

action String: The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
name String: Gets name of the resource that is unique within a policy. This name can be used to access the resource.
type String: The type of rule. Possible values are MatchRule or RateLimitRule.
enabled Boolean: Is the rule is enabled or disabled? Defaults to true.
matchConditions List<Property Map>: One or more match_condition block defined below. Can support up to 10 match_condition blocks.
priority Number: The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
rateLimitDurationInMinutes Number: The rate limit duration in minutes. Defaults to 1.
rateLimitThreshold Number: The rate limit threshold. Defaults to 10.

FirewallPolicyCustomRuleMatchCondition, FirewallPolicyCustomRuleMatchConditionArgs

MatchValues List<string>: Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters long.
MatchVariable string: The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
Operator string: Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
NegationCondition bool: Should the result of the condition be negated.
Selector string: Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
Transforms List<string>: Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.

MatchValues []string: Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters long.
MatchVariable string: The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
Operator string: Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
NegationCondition bool: Should the result of the condition be negated.
Selector string: Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
Transforms []string: Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.

matchValues List<String>: Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters long.
matchVariable String: The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
operator String: Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
negationCondition Boolean: Should the result of the condition be negated.
selector String: Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
transforms List<String>: Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.

matchValues string[]: Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters long.
matchVariable string: The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
operator string: Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
negationCondition boolean: Should the result of the condition be negated.
selector string: Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
transforms string[]: Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.

match_values Sequence[str]: Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters long.
match_variable str: The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
operator str: Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
negation_condition bool: Should the result of the condition be negated.
selector str: Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
transforms Sequence[str]: Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.

matchValues List<String>: Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters long.
matchVariable String: The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
operator String: Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
negationCondition Boolean: Should the result of the condition be negated.
selector String: Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
transforms List<String>: Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.

FirewallPolicyManagedRule, FirewallPolicyManagedRuleArgs

Type string: The name of the managed rule to use with this resource.
Version string: The version on the managed rule to use with this resource.
Exclusions List<FirewallPolicyManagedRuleExclusion>: One or more exclusion blocks as defined below.
Overrides List<FirewallPolicyManagedRuleOverride>: One or more override blocks as defined below.

Type string: The name of the managed rule to use with this resource.
Version string: The version on the managed rule to use with this resource.
Exclusions []FirewallPolicyManagedRuleExclusion: One or more exclusion blocks as defined below.
Overrides []FirewallPolicyManagedRuleOverride: One or more override blocks as defined below.

type String: The name of the managed rule to use with this resource.
version String: The version on the managed rule to use with this resource.
exclusions List<FirewallPolicyManagedRuleExclusion>: One or more exclusion blocks as defined below.
overrides List<FirewallPolicyManagedRuleOverride>: One or more override blocks as defined below.

type string: The name of the managed rule to use with this resource.
version string: The version on the managed rule to use with this resource.
exclusions FirewallPolicyManagedRuleExclusion[]: One or more exclusion blocks as defined below.
overrides FirewallPolicyManagedRuleOverride[]: One or more override blocks as defined below.

type str: The name of the managed rule to use with this resource.
version str: The version on the managed rule to use with this resource.
exclusions Sequence[FirewallPolicyManagedRuleExclusion]: One or more exclusion blocks as defined below.
overrides Sequence[FirewallPolicyManagedRuleOverride]: One or more override blocks as defined below.

type String: The name of the managed rule to use with this resource.
version String: The version on the managed rule to use with this resource.
exclusions List<Property Map>: One or more exclusion blocks as defined below.
overrides List<Property Map>: One or more override blocks as defined below.

FirewallPolicyManagedRuleExclusion, FirewallPolicyManagedRuleExclusionArgs

MatchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
Operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
Selector string: Selector for the value in the match_variable attribute this exclusion applies to.

MatchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
Operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
Selector string: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable String: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator String: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector String: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector string: Selector for the value in the match_variable attribute this exclusion applies to.

match_variable str: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator str: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector str: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable String: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator String: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector String: Selector for the value in the match_variable attribute this exclusion applies to.

FirewallPolicyManagedRuleOverride, FirewallPolicyManagedRuleOverrideArgs

RuleGroupName string: The managed rule group to override.
Exclusions List<FirewallPolicyManagedRuleOverrideExclusion>: One or more exclusion blocks as defined below.
Rules List<FirewallPolicyManagedRuleOverrideRule>: One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

RuleGroupName string: The managed rule group to override.
Exclusions []FirewallPolicyManagedRuleOverrideExclusion: One or more exclusion blocks as defined below.
Rules []FirewallPolicyManagedRuleOverrideRule: One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

ruleGroupName String: The managed rule group to override.
exclusions List<FirewallPolicyManagedRuleOverrideExclusion>: One or more exclusion blocks as defined below.
rules List<FirewallPolicyManagedRuleOverrideRule>: One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

ruleGroupName string: The managed rule group to override.
exclusions FirewallPolicyManagedRuleOverrideExclusion[]: One or more exclusion blocks as defined below.
rules FirewallPolicyManagedRuleOverrideRule[]: One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

rule_group_name str: The managed rule group to override.
exclusions Sequence[FirewallPolicyManagedRuleOverrideExclusion]: One or more exclusion blocks as defined below.
rules Sequence[FirewallPolicyManagedRuleOverrideRule]: One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

ruleGroupName String: The managed rule group to override.
exclusions List<Property Map>: One or more exclusion blocks as defined below.
rules List<Property Map>: One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

FirewallPolicyManagedRuleOverrideExclusion, FirewallPolicyManagedRuleOverrideExclusionArgs

MatchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
Operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
Selector string: Selector for the value in the match_variable attribute this exclusion applies to.

MatchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
Operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
Selector string: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable String: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator String: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector String: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector string: Selector for the value in the match_variable attribute this exclusion applies to.

match_variable str: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator str: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector str: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable String: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator String: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector String: Selector for the value in the match_variable attribute this exclusion applies to.

FirewallPolicyManagedRuleOverrideRule, FirewallPolicyManagedRuleOverrideRuleArgs

Action string: The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
RuleId string: Identifier for the managed rule.
Enabled bool: Is the managed rule override enabled or disabled. Defaults to false
Exclusions List<FirewallPolicyManagedRuleOverrideRuleExclusion>: One or more exclusion blocks as defined below.

Action string: The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
RuleId string: Identifier for the managed rule.
Enabled bool: Is the managed rule override enabled or disabled. Defaults to false
Exclusions []FirewallPolicyManagedRuleOverrideRuleExclusion: One or more exclusion blocks as defined below.

action String: The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
ruleId String: Identifier for the managed rule.
enabled Boolean: Is the managed rule override enabled or disabled. Defaults to false
exclusions List<FirewallPolicyManagedRuleOverrideRuleExclusion>: One or more exclusion blocks as defined below.

action string: The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
ruleId string: Identifier for the managed rule.
enabled boolean: Is the managed rule override enabled or disabled. Defaults to false
exclusions FirewallPolicyManagedRuleOverrideRuleExclusion[]: One or more exclusion blocks as defined below.

action str: The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
rule_id str: Identifier for the managed rule.
enabled bool: Is the managed rule override enabled or disabled. Defaults to false
exclusions Sequence[FirewallPolicyManagedRuleOverrideRuleExclusion]: One or more exclusion blocks as defined below.

action String: The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
ruleId String: Identifier for the managed rule.
enabled Boolean: Is the managed rule override enabled or disabled. Defaults to false
exclusions List<Property Map>: One or more exclusion blocks as defined below.

FirewallPolicyManagedRuleOverrideRuleExclusion, FirewallPolicyManagedRuleOverrideRuleExclusionArgs

MatchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
Operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
Selector string: Selector for the value in the match_variable attribute this exclusion applies to.

MatchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
Operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
Selector string: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable String: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator String: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector String: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector string: Selector for the value in the match_variable attribute this exclusion applies to.

match_variable str: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator str: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector str: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable String: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator String: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector String: Selector for the value in the match_variable attribute this exclusion applies to.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi

pulumi/pulumi-azure

azure.frontdoor.FirewallPolicy

On this page

On this page

Import

Example Usage

Create FirewallPolicy Resource

FirewallPolicy Resource Properties

Inputs

Outputs

Look up Existing FirewallPolicy Resource

Supporting Types

FirewallPolicyCustomRule, FirewallPolicyCustomRuleArgs

FirewallPolicyCustomRuleMatchCondition, FirewallPolicyCustomRuleMatchConditionArgs

FirewallPolicyManagedRule, FirewallPolicyManagedRuleArgs

FirewallPolicyManagedRuleExclusion, FirewallPolicyManagedRuleExclusionArgs

FirewallPolicyManagedRuleOverride, FirewallPolicyManagedRuleOverrideArgs

FirewallPolicyManagedRuleOverrideExclusion, FirewallPolicyManagedRuleOverrideExclusionArgs

FirewallPolicyManagedRuleOverrideRule, FirewallPolicyManagedRuleOverrideRuleArgs

FirewallPolicyManagedRuleOverrideRuleExclusion, FirewallPolicyManagedRuleOverrideRuleExclusionArgs

Package Details

On this page

On this page