1. Pulumi Registry
  2. Azure Classic
  3. API Docs
  4. waf
  5. Policy
azure logo
Azure Classic v5.37.0, Mar 15 23

azure.waf.Policy

Manages a Azure Web Application Firewall Policy instance.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
    {
        Location = "West Europe",
    });

    var examplePolicy = new Azure.Waf.Policy("examplePolicy", new()
    {
        ResourceGroupName = exampleResourceGroup.Name,
        Location = exampleResourceGroup.Location,
        CustomRules = new[]
        {
            new Azure.Waf.Inputs.PolicyCustomRuleArgs
            {
                Name = "Rule1",
                Priority = 1,
                RuleType = "MatchRule",
                MatchConditions = new[]
                {
                    new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariables = new[]
                        {
                            new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionMatchVariableArgs
                            {
                                VariableName = "RemoteAddr",
                            },
                        },
                        Operator = "IPMatch",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "192.168.1.0/24",
                            "10.0.0.0/24",
                        },
                    },
                },
                Action = "Block",
            },
            new Azure.Waf.Inputs.PolicyCustomRuleArgs
            {
                Name = "Rule2",
                Priority = 2,
                RuleType = "MatchRule",
                MatchConditions = new[]
                {
                    new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariables = new[]
                        {
                            new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionMatchVariableArgs
                            {
                                VariableName = "RemoteAddr",
                            },
                        },
                        Operator = "IPMatch",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "192.168.1.0/24",
                        },
                    },
                    new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariables = new[]
                        {
                            new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionMatchVariableArgs
                            {
                                VariableName = "RequestHeaders",
                                Selector = "UserAgent",
                            },
                        },
                        Operator = "Contains",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "Windows",
                        },
                    },
                },
                Action = "Block",
            },
        },
        PolicySettings = new Azure.Waf.Inputs.PolicyPolicySettingsArgs
        {
            Enabled = true,
            Mode = "Prevention",
            RequestBodyCheck = true,
            FileUploadLimitInMb = 100,
            MaxRequestBodySizeInKb = 128,
        },
        ManagedRules = new Azure.Waf.Inputs.PolicyManagedRulesArgs
        {
            Exclusions = new[]
            {
                new Azure.Waf.Inputs.PolicyManagedRulesExclusionArgs
                {
                    MatchVariable = "RequestHeaderNames",
                    Selector = "x-company-secret-header",
                    SelectorMatchOperator = "Equals",
                },
                new Azure.Waf.Inputs.PolicyManagedRulesExclusionArgs
                {
                    MatchVariable = "RequestCookieNames",
                    Selector = "too-tasty",
                    SelectorMatchOperator = "EndsWith",
                },
            },
            ManagedRuleSets = new[]
            {
                new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetArgs
                {
                    Type = "OWASP",
                    Version = "3.2",
                    RuleGroupOverrides = new[]
                    {
                        new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs
                        {
                            RuleGroupName = "REQUEST-920-PROTOCOL-ENFORCEMENT",
                            Rules = new[]
                            {
                                new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs
                                {
                                    Id = "920300",
                                    Enabled = true,
                                    Action = "Log",
                                },
                                new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs
                                {
                                    Id = "920440",
                                    Enabled = true,
                                    Action = "Block",
                                },
                            },
                        },
                    },
                },
            },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/waf"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		_, err = waf.NewPolicy(ctx, "examplePolicy", &waf.PolicyArgs{
			ResourceGroupName: exampleResourceGroup.Name,
			Location:          exampleResourceGroup.Location,
			CustomRules: waf.PolicyCustomRuleArray{
				&waf.PolicyCustomRuleArgs{
					Name:     pulumi.String("Rule1"),
					Priority: pulumi.Int(1),
					RuleType: pulumi.String("MatchRule"),
					MatchConditions: waf.PolicyCustomRuleMatchConditionArray{
						&waf.PolicyCustomRuleMatchConditionArgs{
							MatchVariables: waf.PolicyCustomRuleMatchConditionMatchVariableArray{
								&waf.PolicyCustomRuleMatchConditionMatchVariableArgs{
									VariableName: pulumi.String("RemoteAddr"),
								},
							},
							Operator:          pulumi.String("IPMatch"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("192.168.1.0/24"),
								pulumi.String("10.0.0.0/24"),
							},
						},
					},
					Action: pulumi.String("Block"),
				},
				&waf.PolicyCustomRuleArgs{
					Name:     pulumi.String("Rule2"),
					Priority: pulumi.Int(2),
					RuleType: pulumi.String("MatchRule"),
					MatchConditions: waf.PolicyCustomRuleMatchConditionArray{
						&waf.PolicyCustomRuleMatchConditionArgs{
							MatchVariables: waf.PolicyCustomRuleMatchConditionMatchVariableArray{
								&waf.PolicyCustomRuleMatchConditionMatchVariableArgs{
									VariableName: pulumi.String("RemoteAddr"),
								},
							},
							Operator:          pulumi.String("IPMatch"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("192.168.1.0/24"),
							},
						},
						&waf.PolicyCustomRuleMatchConditionArgs{
							MatchVariables: waf.PolicyCustomRuleMatchConditionMatchVariableArray{
								&waf.PolicyCustomRuleMatchConditionMatchVariableArgs{
									VariableName: pulumi.String("RequestHeaders"),
									Selector:     pulumi.String("UserAgent"),
								},
							},
							Operator:          pulumi.String("Contains"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("Windows"),
							},
						},
					},
					Action: pulumi.String("Block"),
				},
			},
			PolicySettings: &waf.PolicyPolicySettingsArgs{
				Enabled:                pulumi.Bool(true),
				Mode:                   pulumi.String("Prevention"),
				RequestBodyCheck:       pulumi.Bool(true),
				FileUploadLimitInMb:    pulumi.Int(100),
				MaxRequestBodySizeInKb: pulumi.Int(128),
			},
			ManagedRules: &waf.PolicyManagedRulesArgs{
				Exclusions: waf.PolicyManagedRulesExclusionArray{
					&waf.PolicyManagedRulesExclusionArgs{
						MatchVariable:         pulumi.String("RequestHeaderNames"),
						Selector:              pulumi.String("x-company-secret-header"),
						SelectorMatchOperator: pulumi.String("Equals"),
					},
					&waf.PolicyManagedRulesExclusionArgs{
						MatchVariable:         pulumi.String("RequestCookieNames"),
						Selector:              pulumi.String("too-tasty"),
						SelectorMatchOperator: pulumi.String("EndsWith"),
					},
				},
				ManagedRuleSets: waf.PolicyManagedRulesManagedRuleSetArray{
					&waf.PolicyManagedRulesManagedRuleSetArgs{
						Type:    pulumi.String("OWASP"),
						Version: pulumi.String("3.2"),
						RuleGroupOverrides: waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArray{
							&waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs{
								RuleGroupName: pulumi.String("REQUEST-920-PROTOCOL-ENFORCEMENT"),
								Rules: waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArray{
									&waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs{
										Id:      pulumi.String("920300"),
										Enabled: pulumi.Bool(true),
										Action:  pulumi.String("Log"),
									},
									&waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs{
										Id:      pulumi.String("920440"),
										Enabled: pulumi.Bool(true),
										Action:  pulumi.String("Block"),
									},
								},
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.waf.Policy;
import com.pulumi.azure.waf.PolicyArgs;
import com.pulumi.azure.waf.inputs.PolicyCustomRuleArgs;
import com.pulumi.azure.waf.inputs.PolicyPolicySettingsArgs;
import com.pulumi.azure.waf.inputs.PolicyManagedRulesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var examplePolicy = new Policy("examplePolicy", PolicyArgs.builder()        
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .customRules(            
                PolicyCustomRuleArgs.builder()
                    .name("Rule1")
                    .priority(1)
                    .ruleType("MatchRule")
                    .matchConditions(PolicyCustomRuleMatchConditionArgs.builder()
                        .matchVariables(PolicyCustomRuleMatchConditionMatchVariableArgs.builder()
                            .variableName("RemoteAddr")
                            .build())
                        .operator("IPMatch")
                        .negationCondition(false)
                        .matchValues(                        
                            "192.168.1.0/24",
                            "10.0.0.0/24")
                        .build())
                    .action("Block")
                    .build(),
                PolicyCustomRuleArgs.builder()
                    .name("Rule2")
                    .priority(2)
                    .ruleType("MatchRule")
                    .matchConditions(                    
                        PolicyCustomRuleMatchConditionArgs.builder()
                            .matchVariables(PolicyCustomRuleMatchConditionMatchVariableArgs.builder()
                                .variableName("RemoteAddr")
                                .build())
                            .operator("IPMatch")
                            .negationCondition(false)
                            .matchValues("192.168.1.0/24")
                            .build(),
                        PolicyCustomRuleMatchConditionArgs.builder()
                            .matchVariables(PolicyCustomRuleMatchConditionMatchVariableArgs.builder()
                                .variableName("RequestHeaders")
                                .selector("UserAgent")
                                .build())
                            .operator("Contains")
                            .negationCondition(false)
                            .matchValues("Windows")
                            .build())
                    .action("Block")
                    .build())
            .policySettings(PolicyPolicySettingsArgs.builder()
                .enabled(true)
                .mode("Prevention")
                .requestBodyCheck(true)
                .fileUploadLimitInMb(100)
                .maxRequestBodySizeInKb(128)
                .build())
            .managedRules(PolicyManagedRulesArgs.builder()
                .exclusions(                
                    PolicyManagedRulesExclusionArgs.builder()
                        .matchVariable("RequestHeaderNames")
                        .selector("x-company-secret-header")
                        .selectorMatchOperator("Equals")
                        .build(),
                    PolicyManagedRulesExclusionArgs.builder()
                        .matchVariable("RequestCookieNames")
                        .selector("too-tasty")
                        .selectorMatchOperator("EndsWith")
                        .build())
                .managedRuleSets(PolicyManagedRulesManagedRuleSetArgs.builder()
                    .type("OWASP")
                    .version("3.2")
                    .ruleGroupOverrides(PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs.builder()
                        .ruleGroupName("REQUEST-920-PROTOCOL-ENFORCEMENT")
                        .rules(                        
                            PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs.builder()
                                .id("920300")
                                .enabled(true)
                                .action("Log")
                                .build(),
                            PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs.builder()
                                .id("920440")
                                .enabled(true)
                                .action("Block")
                                .build())
                        .build())
                    .build())
                .build())
            .build());

    }
}

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_policy = azure.waf.Policy("examplePolicy",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    custom_rules=[
        azure.waf.PolicyCustomRuleArgs(
            name="Rule1",
            priority=1,
            rule_type="MatchRule",
            match_conditions=[azure.waf.PolicyCustomRuleMatchConditionArgs(
                match_variables=[azure.waf.PolicyCustomRuleMatchConditionMatchVariableArgs(
                    variable_name="RemoteAddr",
                )],
                operator="IPMatch",
                negation_condition=False,
                match_values=[
                    "192.168.1.0/24",
                    "10.0.0.0/24",
                ],
            )],
            action="Block",
        ),
        azure.waf.PolicyCustomRuleArgs(
            name="Rule2",
            priority=2,
            rule_type="MatchRule",
            match_conditions=[
                azure.waf.PolicyCustomRuleMatchConditionArgs(
                    match_variables=[azure.waf.PolicyCustomRuleMatchConditionMatchVariableArgs(
                        variable_name="RemoteAddr",
                    )],
                    operator="IPMatch",
                    negation_condition=False,
                    match_values=["192.168.1.0/24"],
                ),
                azure.waf.PolicyCustomRuleMatchConditionArgs(
                    match_variables=[azure.waf.PolicyCustomRuleMatchConditionMatchVariableArgs(
                        variable_name="RequestHeaders",
                        selector="UserAgent",
                    )],
                    operator="Contains",
                    negation_condition=False,
                    match_values=["Windows"],
                ),
            ],
            action="Block",
        ),
    ],
    policy_settings=azure.waf.PolicyPolicySettingsArgs(
        enabled=True,
        mode="Prevention",
        request_body_check=True,
        file_upload_limit_in_mb=100,
        max_request_body_size_in_kb=128,
    ),
    managed_rules=azure.waf.PolicyManagedRulesArgs(
        exclusions=[
            azure.waf.PolicyManagedRulesExclusionArgs(
                match_variable="RequestHeaderNames",
                selector="x-company-secret-header",
                selector_match_operator="Equals",
            ),
            azure.waf.PolicyManagedRulesExclusionArgs(
                match_variable="RequestCookieNames",
                selector="too-tasty",
                selector_match_operator="EndsWith",
            ),
        ],
        managed_rule_sets=[azure.waf.PolicyManagedRulesManagedRuleSetArgs(
            type="OWASP",
            version="3.2",
            rule_group_overrides=[azure.waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs(
                rule_group_name="REQUEST-920-PROTOCOL-ENFORCEMENT",
                rules=[
                    azure.waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs(
                        id="920300",
                        enabled=True,
                        action="Log",
                    ),
                    azure.waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs(
                        id="920440",
                        enabled=True,
                        action="Block",
                    ),
                ],
            )],
        )],
    ))

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const examplePolicy = new azure.waf.Policy("examplePolicy", {
    resourceGroupName: exampleResourceGroup.name,
    location: exampleResourceGroup.location,
    customRules: [
        {
            name: "Rule1",
            priority: 1,
            ruleType: "MatchRule",
            matchConditions: [{
                matchVariables: [{
                    variableName: "RemoteAddr",
                }],
                operator: "IPMatch",
                negationCondition: false,
                matchValues: [
                    "192.168.1.0/24",
                    "10.0.0.0/24",
                ],
            }],
            action: "Block",
        },
        {
            name: "Rule2",
            priority: 2,
            ruleType: "MatchRule",
            matchConditions: [
                {
                    matchVariables: [{
                        variableName: "RemoteAddr",
                    }],
                    operator: "IPMatch",
                    negationCondition: false,
                    matchValues: ["192.168.1.0/24"],
                },
                {
                    matchVariables: [{
                        variableName: "RequestHeaders",
                        selector: "UserAgent",
                    }],
                    operator: "Contains",
                    negationCondition: false,
                    matchValues: ["Windows"],
                },
            ],
            action: "Block",
        },
    ],
    policySettings: {
        enabled: true,
        mode: "Prevention",
        requestBodyCheck: true,
        fileUploadLimitInMb: 100,
        maxRequestBodySizeInKb: 128,
    },
    managedRules: {
        exclusions: [
            {
                matchVariable: "RequestHeaderNames",
                selector: "x-company-secret-header",
                selectorMatchOperator: "Equals",
            },
            {
                matchVariable: "RequestCookieNames",
                selector: "too-tasty",
                selectorMatchOperator: "EndsWith",
            },
        ],
        managedRuleSets: [{
            type: "OWASP",
            version: "3.2",
            ruleGroupOverrides: [{
                ruleGroupName: "REQUEST-920-PROTOCOL-ENFORCEMENT",
                rules: [
                    {
                        id: "920300",
                        enabled: true,
                        action: "Log",
                    },
                    {
                        id: "920440",
                        enabled: true,
                        action: "Block",
                    },
                ],
            }],
        }],
    },
});

resources:
  exampleResourceGroup:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  examplePolicy:
    type: azure:waf:Policy
    properties:
      resourceGroupName: ${exampleResourceGroup.name}
      location: ${exampleResourceGroup.location}
      customRules:
        - name: Rule1
          priority: 1
          ruleType: MatchRule
          matchConditions:
            - matchVariables:
                - variableName: RemoteAddr
              operator: IPMatch
              negationCondition: false
              matchValues:
                - 192.168.1.0/24
                - 10.0.0.0/24
          action: Block
        - name: Rule2
          priority: 2
          ruleType: MatchRule
          matchConditions:
            - matchVariables:
                - variableName: RemoteAddr
              operator: IPMatch
              negationCondition: false
              matchValues:
                - 192.168.1.0/24
            - matchVariables:
                - variableName: RequestHeaders
                  selector: UserAgent
              operator: Contains
              negationCondition: false
              matchValues:
                - Windows
          action: Block
      policySettings:
        enabled: true
        mode: Prevention
        requestBodyCheck: true
        fileUploadLimitInMb: 100
        maxRequestBodySizeInKb: 128
      managedRules:
        exclusions:
          - matchVariable: RequestHeaderNames
            selector: x-company-secret-header
            selectorMatchOperator: Equals
          - matchVariable: RequestCookieNames
            selector: too-tasty
            selectorMatchOperator: EndsWith
        managedRuleSets:
          - type: OWASP
            version: '3.2'
            ruleGroupOverrides:
              - ruleGroupName: REQUEST-920-PROTOCOL-ENFORCEMENT
                rules:
                  - id: '920300'
                    enabled: true
                    action: Log
                  - id: '920440'
                    enabled: true
                    action: Block

Create Policy Resource

new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);
@overload
def Policy(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           custom_rules: Optional[Sequence[PolicyCustomRuleArgs]] = None,
           location: Optional[str] = None,
           managed_rules: Optional[PolicyManagedRulesArgs] = None,
           name: Optional[str] = None,
           policy_settings: Optional[PolicyPolicySettingsArgs] = None,
           resource_group_name: Optional[str] = None,
           tags: Optional[Mapping[str, str]] = None)
@overload
def Policy(resource_name: str,
           args: PolicyArgs,
           opts: Optional[ResourceOptions] = None)
func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)
public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)

type: azure:waf:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
name string
The unique name of the resource.
args PolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args PolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args PolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args PolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args PolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Policy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Policy resource accepts the following input properties:

ManagedRules PolicyManagedRulesArgs

A managed_rules blocks as defined below.

ResourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

CustomRules List<PolicyCustomRuleArgs>

One or more custom_rules blocks as defined below.

Location string

Resource location. Changing this forces a new resource to be created.

Name string

The name of the policy. Changing this forces a new resource to be created.

PolicySettings PolicyPolicySettingsArgs

A policy_settings block as defined below.

Tags Dictionary<string, string>

A mapping of tags to assign to the Web Application Firewall Policy.

ManagedRules PolicyManagedRulesArgs

A managed_rules blocks as defined below.

ResourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

CustomRules []PolicyCustomRuleArgs

One or more custom_rules blocks as defined below.

Location string

Resource location. Changing this forces a new resource to be created.

Name string

The name of the policy. Changing this forces a new resource to be created.

PolicySettings PolicyPolicySettingsArgs

A policy_settings block as defined below.

Tags map[string]string

A mapping of tags to assign to the Web Application Firewall Policy.

managedRules PolicyManagedRulesArgs

A managed_rules blocks as defined below.

resourceGroupName String

The name of the resource group. Changing this forces a new resource to be created.

customRules List<PolicyCustomRuleArgs>

One or more custom_rules blocks as defined below.

location String

Resource location. Changing this forces a new resource to be created.

name String

The name of the policy. Changing this forces a new resource to be created.

policySettings PolicyPolicySettingsArgs

A policy_settings block as defined below.

tags Map<String,String>

A mapping of tags to assign to the Web Application Firewall Policy.

managedRules PolicyManagedRulesArgs

A managed_rules blocks as defined below.

resourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

customRules PolicyCustomRuleArgs[]

One or more custom_rules blocks as defined below.

location string

Resource location. Changing this forces a new resource to be created.

name string

The name of the policy. Changing this forces a new resource to be created.

policySettings PolicyPolicySettingsArgs

A policy_settings block as defined below.

tags {[key: string]: string}

A mapping of tags to assign to the Web Application Firewall Policy.

managed_rules PolicyManagedRulesArgs

A managed_rules blocks as defined below.

resource_group_name str

The name of the resource group. Changing this forces a new resource to be created.

custom_rules Sequence[PolicyCustomRuleArgs]

One or more custom_rules blocks as defined below.

location str

Resource location. Changing this forces a new resource to be created.

name str

The name of the policy. Changing this forces a new resource to be created.

policy_settings PolicyPolicySettingsArgs

A policy_settings block as defined below.

tags Mapping[str, str]

A mapping of tags to assign to the Web Application Firewall Policy.

managedRules Property Map

A managed_rules blocks as defined below.

resourceGroupName String

The name of the resource group. Changing this forces a new resource to be created.

customRules List<Property Map>

One or more custom_rules blocks as defined below.

location String

Resource location. Changing this forces a new resource to be created.

name String

The name of the policy. Changing this forces a new resource to be created.

policySettings Property Map

A policy_settings block as defined below.

tags Map<String>

A mapping of tags to assign to the Web Application Firewall Policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:

HttpListenerIds List<string>

A list of HTTP Listener IDs from an azure.network.ApplicationGateway.

Id string

The provider-assigned unique ID for this managed resource.

PathBasedRuleIds List<string>

A list of URL Path Map Path Rule IDs from an azure.network.ApplicationGateway.

HttpListenerIds []string

A list of HTTP Listener IDs from an azure.network.ApplicationGateway.

Id string

The provider-assigned unique ID for this managed resource.

PathBasedRuleIds []string

A list of URL Path Map Path Rule IDs from an azure.network.ApplicationGateway.

httpListenerIds List<String>

A list of HTTP Listener IDs from an azure.network.ApplicationGateway.

id String

The provider-assigned unique ID for this managed resource.

pathBasedRuleIds List<String>

A list of URL Path Map Path Rule IDs from an azure.network.ApplicationGateway.

httpListenerIds string[]

A list of HTTP Listener IDs from an azure.network.ApplicationGateway.

id string

The provider-assigned unique ID for this managed resource.

pathBasedRuleIds string[]

A list of URL Path Map Path Rule IDs from an azure.network.ApplicationGateway.

http_listener_ids Sequence[str]

A list of HTTP Listener IDs from an azure.network.ApplicationGateway.

id str

The provider-assigned unique ID for this managed resource.

path_based_rule_ids Sequence[str]

A list of URL Path Map Path Rule IDs from an azure.network.ApplicationGateway.

httpListenerIds List<String>

A list of HTTP Listener IDs from an azure.network.ApplicationGateway.

id String

The provider-assigned unique ID for this managed resource.

pathBasedRuleIds List<String>

A list of URL Path Map Path Rule IDs from an azure.network.ApplicationGateway.

Look up Existing Policy Resource

Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        custom_rules: Optional[Sequence[PolicyCustomRuleArgs]] = None,
        http_listener_ids: Optional[Sequence[str]] = None,
        location: Optional[str] = None,
        managed_rules: Optional[PolicyManagedRulesArgs] = None,
        name: Optional[str] = None,
        path_based_rule_ids: Optional[Sequence[str]] = None,
        policy_settings: Optional[PolicyPolicySettingsArgs] = None,
        resource_group_name: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None) -> Policy
func GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)
public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)
public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
CustomRules List<PolicyCustomRuleArgs>

One or more custom_rules blocks as defined below.

HttpListenerIds List<string>

A list of HTTP Listener IDs from an azure.network.ApplicationGateway.

Location string

Resource location. Changing this forces a new resource to be created.

ManagedRules PolicyManagedRulesArgs

A managed_rules blocks as defined below.

Name string

The name of the policy. Changing this forces a new resource to be created.

PathBasedRuleIds List<string>

A list of URL Path Map Path Rule IDs from an azure.network.ApplicationGateway.

PolicySettings PolicyPolicySettingsArgs

A policy_settings block as defined below.

ResourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

Tags Dictionary<string, string>

A mapping of tags to assign to the Web Application Firewall Policy.

CustomRules []PolicyCustomRuleArgs

One or more custom_rules blocks as defined below.

HttpListenerIds []string

A list of HTTP Listener IDs from an azure.network.ApplicationGateway.

Location string

Resource location. Changing this forces a new resource to be created.

ManagedRules PolicyManagedRulesArgs

A managed_rules blocks as defined below.

Name string

The name of the policy. Changing this forces a new resource to be created.

PathBasedRuleIds []string

A list of URL Path Map Path Rule IDs from an azure.network.ApplicationGateway.

PolicySettings PolicyPolicySettingsArgs

A policy_settings block as defined below.

ResourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

Tags map[string]string

A mapping of tags to assign to the Web Application Firewall Policy.

customRules List<PolicyCustomRuleArgs>

One or more custom_rules blocks as defined below.

httpListenerIds List<String>

A list of HTTP Listener IDs from an azure.network.ApplicationGateway.

location String

Resource location. Changing this forces a new resource to be created.

managedRules PolicyManagedRulesArgs

A managed_rules blocks as defined below.

name String

The name of the policy. Changing this forces a new resource to be created.

pathBasedRuleIds List<String>

A list of URL Path Map Path Rule IDs from an azure.network.ApplicationGateway.

policySettings PolicyPolicySettingsArgs

A policy_settings block as defined below.

resourceGroupName String

The name of the resource group. Changing this forces a new resource to be created.

tags Map<String,String>

A mapping of tags to assign to the Web Application Firewall Policy.

customRules PolicyCustomRuleArgs[]

One or more custom_rules blocks as defined below.

httpListenerIds string[]

A list of HTTP Listener IDs from an azure.network.ApplicationGateway.

location string

Resource location. Changing this forces a new resource to be created.

managedRules PolicyManagedRulesArgs

A managed_rules blocks as defined below.

name string

The name of the policy. Changing this forces a new resource to be created.

pathBasedRuleIds string[]

A list of URL Path Map Path Rule IDs from an azure.network.ApplicationGateway.

policySettings PolicyPolicySettingsArgs

A policy_settings block as defined below.

resourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

tags {[key: string]: string}

A mapping of tags to assign to the Web Application Firewall Policy.

custom_rules Sequence[PolicyCustomRuleArgs]

One or more custom_rules blocks as defined below.

http_listener_ids Sequence[str]

A list of HTTP Listener IDs from an azure.network.ApplicationGateway.

location str

Resource location. Changing this forces a new resource to be created.

managed_rules PolicyManagedRulesArgs

A managed_rules blocks as defined below.

name str

The name of the policy. Changing this forces a new resource to be created.

path_based_rule_ids Sequence[str]

A list of URL Path Map Path Rule IDs from an azure.network.ApplicationGateway.

policy_settings PolicyPolicySettingsArgs

A policy_settings block as defined below.

resource_group_name str

The name of the resource group. Changing this forces a new resource to be created.

tags Mapping[str, str]

A mapping of tags to assign to the Web Application Firewall Policy.

customRules List<Property Map>

One or more custom_rules blocks as defined below.

httpListenerIds List<String>

A list of HTTP Listener IDs from an azure.network.ApplicationGateway.

location String

Resource location. Changing this forces a new resource to be created.

managedRules Property Map

A managed_rules blocks as defined below.

name String

The name of the policy. Changing this forces a new resource to be created.

pathBasedRuleIds List<String>

A list of URL Path Map Path Rule IDs from an azure.network.ApplicationGateway.

policySettings Property Map

A policy_settings block as defined below.

resourceGroupName String

The name of the resource group. Changing this forces a new resource to be created.

tags Map<String>

A mapping of tags to assign to the Web Application Firewall Policy.

Supporting Types

PolicyCustomRule

Action string

Type of action. Possible values are Allow, Block and Log.

MatchConditions List<PolicyCustomRuleMatchCondition>

One or more match_conditions blocks as defined below.

Priority int

Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

RuleType string

Describes the type of rule. Possible values are MatchRule and Invalid.

Name string

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

Action string

Type of action. Possible values are Allow, Block and Log.

MatchConditions []PolicyCustomRuleMatchCondition

One or more match_conditions blocks as defined below.

Priority int

Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

RuleType string

Describes the type of rule. Possible values are MatchRule and Invalid.

Name string

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

action String

Type of action. Possible values are Allow, Block and Log.

matchConditions List<PolicyCustomRuleMatchCondition>

One or more match_conditions blocks as defined below.

priority Integer

Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

ruleType String

Describes the type of rule. Possible values are MatchRule and Invalid.

name String

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

action string

Type of action. Possible values are Allow, Block and Log.

matchConditions PolicyCustomRuleMatchCondition[]

One or more match_conditions blocks as defined below.

priority number

Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

ruleType string

Describes the type of rule. Possible values are MatchRule and Invalid.

name string

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

action str

Type of action. Possible values are Allow, Block and Log.

match_conditions Sequence[PolicyCustomRuleMatchCondition]

One or more match_conditions blocks as defined below.

priority int

Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

rule_type str

Describes the type of rule. Possible values are MatchRule and Invalid.

name str

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

action String

Type of action. Possible values are Allow, Block and Log.

matchConditions List<Property Map>

One or more match_conditions blocks as defined below.

priority Number

Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

ruleType String

Describes the type of rule. Possible values are MatchRule and Invalid.

name String

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

PolicyCustomRuleMatchCondition

MatchValues List<string>

A list of match values.

MatchVariables List<PolicyCustomRuleMatchConditionMatchVariable>

One or more match_variables blocks as defined below.

Operator string

Describes operator to be matched. Possible values are IPMatch, GeoMatch, Equal, Contains, LessThan, GreaterThan, LessThanOrEqual, GreaterThanOrEqual, BeginsWith, EndsWith and Regex.

NegationCondition bool

Describes if this is negate condition or not

Transforms List<string>

A list of transformations to do before the match is attempted. Possible values are HtmlEntityDecode, Lowercase, RemoveNulls, Trim, UrlDecode and UrlEncode.

MatchValues []string

A list of match values.

MatchVariables []PolicyCustomRuleMatchConditionMatchVariable

One or more match_variables blocks as defined below.

Operator string

Describes operator to be matched. Possible values are IPMatch, GeoMatch, Equal, Contains, LessThan, GreaterThan, LessThanOrEqual, GreaterThanOrEqual, BeginsWith, EndsWith and Regex.

NegationCondition bool

Describes if this is negate condition or not

Transforms []string

A list of transformations to do before the match is attempted. Possible values are HtmlEntityDecode, Lowercase, RemoveNulls, Trim, UrlDecode and UrlEncode.

matchValues List<String>

A list of match values.

matchVariables List<PolicyCustomRuleMatchConditionMatchVariable>

One or more match_variables blocks as defined below.

operator String

Describes operator to be matched. Possible values are IPMatch, GeoMatch, Equal, Contains, LessThan, GreaterThan, LessThanOrEqual, GreaterThanOrEqual, BeginsWith, EndsWith and Regex.

negationCondition Boolean

Describes if this is negate condition or not

transforms List<String>

A list of transformations to do before the match is attempted. Possible values are HtmlEntityDecode, Lowercase, RemoveNulls, Trim, UrlDecode and UrlEncode.

matchValues string[]

A list of match values.

matchVariables PolicyCustomRuleMatchConditionMatchVariable[]

One or more match_variables blocks as defined below.

operator string

Describes operator to be matched. Possible values are IPMatch, GeoMatch, Equal, Contains, LessThan, GreaterThan, LessThanOrEqual, GreaterThanOrEqual, BeginsWith, EndsWith and Regex.

negationCondition boolean

Describes if this is negate condition or not

transforms string[]

A list of transformations to do before the match is attempted. Possible values are HtmlEntityDecode, Lowercase, RemoveNulls, Trim, UrlDecode and UrlEncode.

match_values Sequence[str]

A list of match values.

match_variables Sequence[PolicyCustomRuleMatchConditionMatchVariable]

One or more match_variables blocks as defined below.

operator str

Describes operator to be matched. Possible values are IPMatch, GeoMatch, Equal, Contains, LessThan, GreaterThan, LessThanOrEqual, GreaterThanOrEqual, BeginsWith, EndsWith and Regex.

negation_condition bool

Describes if this is negate condition or not

transforms Sequence[str]

A list of transformations to do before the match is attempted. Possible values are HtmlEntityDecode, Lowercase, RemoveNulls, Trim, UrlDecode and UrlEncode.

matchValues List<String>

A list of match values.

matchVariables List<Property Map>

One or more match_variables blocks as defined below.

operator String

Describes operator to be matched. Possible values are IPMatch, GeoMatch, Equal, Contains, LessThan, GreaterThan, LessThanOrEqual, GreaterThanOrEqual, BeginsWith, EndsWith and Regex.

negationCondition Boolean

Describes if this is negate condition or not

transforms List<String>

A list of transformations to do before the match is attempted. Possible values are HtmlEntityDecode, Lowercase, RemoveNulls, Trim, UrlDecode and UrlEncode.

PolicyCustomRuleMatchConditionMatchVariable

VariableName string

The name of the Match Variable. Possible values are RemoteAddr, RequestMethod, QueryString, PostArgs, RequestUri, RequestHeaders, RequestBody and RequestCookies.

Selector string

Describes field of the matchVariable collection

VariableName string

The name of the Match Variable. Possible values are RemoteAddr, RequestMethod, QueryString, PostArgs, RequestUri, RequestHeaders, RequestBody and RequestCookies.

Selector string

Describes field of the matchVariable collection

variableName String

The name of the Match Variable. Possible values are RemoteAddr, RequestMethod, QueryString, PostArgs, RequestUri, RequestHeaders, RequestBody and RequestCookies.

selector String

Describes field of the matchVariable collection

variableName string

The name of the Match Variable. Possible values are RemoteAddr, RequestMethod, QueryString, PostArgs, RequestUri, RequestHeaders, RequestBody and RequestCookies.

selector string

Describes field of the matchVariable collection

variable_name str

The name of the Match Variable. Possible values are RemoteAddr, RequestMethod, QueryString, PostArgs, RequestUri, RequestHeaders, RequestBody and RequestCookies.

selector str

Describes field of the matchVariable collection

variableName String

The name of the Match Variable. Possible values are RemoteAddr, RequestMethod, QueryString, PostArgs, RequestUri, RequestHeaders, RequestBody and RequestCookies.

selector String

Describes field of the matchVariable collection

PolicyManagedRules

ManagedRuleSets List<PolicyManagedRulesManagedRuleSet>

One or more managed_rule_set block defined below.

Exclusions List<PolicyManagedRulesExclusion>

One or more exclusion block defined below.

ManagedRuleSets []PolicyManagedRulesManagedRuleSet

One or more managed_rule_set block defined below.

Exclusions []PolicyManagedRulesExclusion

One or more exclusion block defined below.

managedRuleSets List<PolicyManagedRulesManagedRuleSet>

One or more managed_rule_set block defined below.

exclusions List<PolicyManagedRulesExclusion>

One or more exclusion block defined below.

managedRuleSets PolicyManagedRulesManagedRuleSet[]

One or more managed_rule_set block defined below.

exclusions PolicyManagedRulesExclusion[]

One or more exclusion block defined below.

managed_rule_sets Sequence[PolicyManagedRulesManagedRuleSet]

One or more managed_rule_set block defined below.

exclusions Sequence[PolicyManagedRulesExclusion]

One or more exclusion block defined below.

managedRuleSets List<Property Map>

One or more managed_rule_set block defined below.

exclusions List<Property Map>

One or more exclusion block defined below.

PolicyManagedRulesExclusion

MatchVariable string

The name of the Match Variable. Possible values: RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues.

Selector string

Describes field of the matchVariable collection.

SelectorMatchOperator string

Describes operator to be matched. Possible values: Contains, EndsWith, Equals, EqualsAny, StartsWith.

ExcludedRuleSet PolicyManagedRulesExclusionExcludedRuleSet

One or more excluded_rule_set block defined below.

MatchVariable string

The name of the Match Variable. Possible values: RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues.

Selector string

Describes field of the matchVariable collection.

SelectorMatchOperator string

Describes operator to be matched. Possible values: Contains, EndsWith, Equals, EqualsAny, StartsWith.

ExcludedRuleSet PolicyManagedRulesExclusionExcludedRuleSet

One or more excluded_rule_set block defined below.

matchVariable String

The name of the Match Variable. Possible values: RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues.

selector String

Describes field of the matchVariable collection.

selectorMatchOperator String

Describes operator to be matched. Possible values: Contains, EndsWith, Equals, EqualsAny, StartsWith.

excludedRuleSet PolicyManagedRulesExclusionExcludedRuleSet

One or more excluded_rule_set block defined below.

matchVariable string

The name of the Match Variable. Possible values: RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues.

selector string

Describes field of the matchVariable collection.

selectorMatchOperator string

Describes operator to be matched. Possible values: Contains, EndsWith, Equals, EqualsAny, StartsWith.

excludedRuleSet PolicyManagedRulesExclusionExcludedRuleSet

One or more excluded_rule_set block defined below.

match_variable str

The name of the Match Variable. Possible values: RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues.

selector str

Describes field of the matchVariable collection.

selector_match_operator str

Describes operator to be matched. Possible values: Contains, EndsWith, Equals, EqualsAny, StartsWith.

excluded_rule_set PolicyManagedRulesExclusionExcludedRuleSet

One or more excluded_rule_set block defined below.

matchVariable String

The name of the Match Variable. Possible values: RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues.

selector String

Describes field of the matchVariable collection.

selectorMatchOperator String

Describes operator to be matched. Possible values: Contains, EndsWith, Equals, EqualsAny, StartsWith.

excludedRuleSet Property Map

One or more excluded_rule_set block defined below.

PolicyManagedRulesExclusionExcludedRuleSet

RuleGroups List<PolicyManagedRulesExclusionExcludedRuleSetRuleGroup>

One or more rule_group block defined below.

Type string

The rule set type. The only possible value is OWASP . Defaults to OWASP.

Version string

The rule set version. The only possible value is 3.2 . Defaults to 3.2.

RuleGroups []PolicyManagedRulesExclusionExcludedRuleSetRuleGroup

One or more rule_group block defined below.

Type string

The rule set type. The only possible value is OWASP . Defaults to OWASP.

Version string

The rule set version. The only possible value is 3.2 . Defaults to 3.2.

ruleGroups List<PolicyManagedRulesExclusionExcludedRuleSetRuleGroup>

One or more rule_group block defined below.

type String

The rule set type. The only possible value is OWASP . Defaults to OWASP.

version String

The rule set version. The only possible value is 3.2 . Defaults to 3.2.

ruleGroups PolicyManagedRulesExclusionExcludedRuleSetRuleGroup[]

One or more rule_group block defined below.

type string

The rule set type. The only possible value is OWASP . Defaults to OWASP.

version string

The rule set version. The only possible value is 3.2 . Defaults to 3.2.

rule_groups Sequence[PolicyManagedRulesExclusionExcludedRuleSetRuleGroup]

One or more rule_group block defined below.

type str

The rule set type. The only possible value is OWASP . Defaults to OWASP.

version str

The rule set version. The only possible value is 3.2 . Defaults to 3.2.

ruleGroups List<Property Map>

One or more rule_group block defined below.

type String

The rule set type. The only possible value is OWASP . Defaults to OWASP.

version String

The rule set version. The only possible value is 3.2 . Defaults to 3.2.

PolicyManagedRulesExclusionExcludedRuleSetRuleGroup

RuleGroupName string

The name of rule group for exclusion. Possible values are BadBots, crs_20_protocol_violations, crs_21_protocol_anomalies, crs_23_request_limits, crs_30_http_policy, crs_35_bad_robots, crs_40_generic_attacks, crs_41_sql_injection_attacks, crs_41_xss_attacks, crs_42_tight_security, crs_45_trojans, General, GoodBots, Known-CVEs, REQUEST-911-METHOD-ENFORCEMENT, REQUEST-913-SCANNER-DETECTION, REQUEST-920-PROTOCOL-ENFORCEMENT, REQUEST-921-PROTOCOL-ATTACK, REQUEST-930-APPLICATION-ATTACK-LFI, REQUEST-931-APPLICATION-ATTACK-RFI, REQUEST-932-APPLICATION-ATTACK-RCE, REQUEST-933-APPLICATION-ATTACK-PHP, REQUEST-941-APPLICATION-ATTACK-XSS, REQUEST-942-APPLICATION-ATTACK-SQLI, REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION, REQUEST-944-APPLICATION-ATTACK-JAVA and UnknownBots.

ExcludedRules List<string>

One or more Rule IDs for exclusion.

RuleGroupName string

The name of rule group for exclusion. Possible values are BadBots, crs_20_protocol_violations, crs_21_protocol_anomalies, crs_23_request_limits, crs_30_http_policy, crs_35_bad_robots, crs_40_generic_attacks, crs_41_sql_injection_attacks, crs_41_xss_attacks, crs_42_tight_security, crs_45_trojans, General, GoodBots, Known-CVEs, REQUEST-911-METHOD-ENFORCEMENT, REQUEST-913-SCANNER-DETECTION, REQUEST-920-PROTOCOL-ENFORCEMENT, REQUEST-921-PROTOCOL-ATTACK, REQUEST-930-APPLICATION-ATTACK-LFI, REQUEST-931-APPLICATION-ATTACK-RFI, REQUEST-932-APPLICATION-ATTACK-RCE, REQUEST-933-APPLICATION-ATTACK-PHP, REQUEST-941-APPLICATION-ATTACK-XSS, REQUEST-942-APPLICATION-ATTACK-SQLI, REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION, REQUEST-944-APPLICATION-ATTACK-JAVA and UnknownBots.

ExcludedRules []string

One or more Rule IDs for exclusion.

ruleGroupName String

The name of rule group for exclusion. Possible values are BadBots, crs_20_protocol_violations, crs_21_protocol_anomalies, crs_23_request_limits, crs_30_http_policy, crs_35_bad_robots, crs_40_generic_attacks, crs_41_sql_injection_attacks, crs_41_xss_attacks, crs_42_tight_security, crs_45_trojans, General, GoodBots, Known-CVEs, REQUEST-911-METHOD-ENFORCEMENT, REQUEST-913-SCANNER-DETECTION, REQUEST-920-PROTOCOL-ENFORCEMENT, REQUEST-921-PROTOCOL-ATTACK, REQUEST-930-APPLICATION-ATTACK-LFI, REQUEST-931-APPLICATION-ATTACK-RFI, REQUEST-932-APPLICATION-ATTACK-RCE, REQUEST-933-APPLICATION-ATTACK-PHP, REQUEST-941-APPLICATION-ATTACK-XSS, REQUEST-942-APPLICATION-ATTACK-SQLI, REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION, REQUEST-944-APPLICATION-ATTACK-JAVA and UnknownBots.

excludedRules List<String>

One or more Rule IDs for exclusion.

ruleGroupName string

The name of rule group for exclusion. Possible values are BadBots, crs_20_protocol_violations, crs_21_protocol_anomalies, crs_23_request_limits, crs_30_http_policy, crs_35_bad_robots, crs_40_generic_attacks, crs_41_sql_injection_attacks, crs_41_xss_attacks, crs_42_tight_security, crs_45_trojans, General, GoodBots, Known-CVEs, REQUEST-911-METHOD-ENFORCEMENT, REQUEST-913-SCANNER-DETECTION, REQUEST-920-PROTOCOL-ENFORCEMENT, REQUEST-921-PROTOCOL-ATTACK, REQUEST-930-APPLICATION-ATTACK-LFI, REQUEST-931-APPLICATION-ATTACK-RFI, REQUEST-932-APPLICATION-ATTACK-RCE, REQUEST-933-APPLICATION-ATTACK-PHP, REQUEST-941-APPLICATION-ATTACK-XSS, REQUEST-942-APPLICATION-ATTACK-SQLI, REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION, REQUEST-944-APPLICATION-ATTACK-JAVA and UnknownBots.

excludedRules string[]

One or more Rule IDs for exclusion.

rule_group_name str

The name of rule group for exclusion. Possible values are BadBots, crs_20_protocol_violations, crs_21_protocol_anomalies, crs_23_request_limits, crs_30_http_policy, crs_35_bad_robots, crs_40_generic_attacks, crs_41_sql_injection_attacks, crs_41_xss_attacks, crs_42_tight_security, crs_45_trojans, General, GoodBots, Known-CVEs, REQUEST-911-METHOD-ENFORCEMENT, REQUEST-913-SCANNER-DETECTION, REQUEST-920-PROTOCOL-ENFORCEMENT, REQUEST-921-PROTOCOL-ATTACK, REQUEST-930-APPLICATION-ATTACK-LFI, REQUEST-931-APPLICATION-ATTACK-RFI, REQUEST-932-APPLICATION-ATTACK-RCE, REQUEST-933-APPLICATION-ATTACK-PHP, REQUEST-941-APPLICATION-ATTACK-XSS, REQUEST-942-APPLICATION-ATTACK-SQLI, REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION, REQUEST-944-APPLICATION-ATTACK-JAVA and UnknownBots.

excluded_rules Sequence[str]

One or more Rule IDs for exclusion.

ruleGroupName String

The name of rule group for exclusion. Possible values are BadBots, crs_20_protocol_violations, crs_21_protocol_anomalies, crs_23_request_limits, crs_30_http_policy, crs_35_bad_robots, crs_40_generic_attacks, crs_41_sql_injection_attacks, crs_41_xss_attacks, crs_42_tight_security, crs_45_trojans, General, GoodBots, Known-CVEs, REQUEST-911-METHOD-ENFORCEMENT, REQUEST-913-SCANNER-DETECTION, REQUEST-920-PROTOCOL-ENFORCEMENT, REQUEST-921-PROTOCOL-ATTACK, REQUEST-930-APPLICATION-ATTACK-LFI, REQUEST-931-APPLICATION-ATTACK-RFI, REQUEST-932-APPLICATION-ATTACK-RCE, REQUEST-933-APPLICATION-ATTACK-PHP, REQUEST-941-APPLICATION-ATTACK-XSS, REQUEST-942-APPLICATION-ATTACK-SQLI, REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION, REQUEST-944-APPLICATION-ATTACK-JAVA and UnknownBots.

excludedRules List<String>

One or more Rule IDs for exclusion.

PolicyManagedRulesManagedRuleSet

Version string

The rule set version. Possible values: 0.1, 1.0, 2.2.9, 3.0, 3.1 and 3.2.

RuleGroupOverrides List<PolicyManagedRulesManagedRuleSetRuleGroupOverride>

One or more rule_group_override block defined below.

Type string

The rule set type. Possible values: Microsoft_BotManagerRuleSet and OWASP.

Version string

The rule set version. Possible values: 0.1, 1.0, 2.2.9, 3.0, 3.1 and 3.2.

RuleGroupOverrides []PolicyManagedRulesManagedRuleSetRuleGroupOverride

One or more rule_group_override block defined below.

Type string

The rule set type. Possible values: Microsoft_BotManagerRuleSet and OWASP.

version String

The rule set version. Possible values: 0.1, 1.0, 2.2.9, 3.0, 3.1 and 3.2.

ruleGroupOverrides List<PolicyManagedRulesManagedRuleSetRuleGroupOverride>

One or more rule_group_override block defined below.

type String

The rule set type. Possible values: Microsoft_BotManagerRuleSet and OWASP.

version string

The rule set version. Possible values: 0.1, 1.0, 2.2.9, 3.0, 3.1 and 3.2.

ruleGroupOverrides PolicyManagedRulesManagedRuleSetRuleGroupOverride[]

One or more rule_group_override block defined below.

type string

The rule set type. Possible values: Microsoft_BotManagerRuleSet and OWASP.

version str

The rule set version. Possible values: 0.1, 1.0, 2.2.9, 3.0, 3.1 and 3.2.

rule_group_overrides Sequence[PolicyManagedRulesManagedRuleSetRuleGroupOverride]

One or more rule_group_override block defined below.

type str

The rule set type. Possible values: Microsoft_BotManagerRuleSet and OWASP.

version String

The rule set version. Possible values: 0.1, 1.0, 2.2.9, 3.0, 3.1 and 3.2.

ruleGroupOverrides List<Property Map>

One or more rule_group_override block defined below.

type String

The rule set type. Possible values: Microsoft_BotManagerRuleSet and OWASP.

PolicyManagedRulesManagedRuleSetRuleGroupOverride

RuleGroupName string

The name of the Rule Group. Possible values are BadBots, crs_20_protocol_violations, crs_21_protocol_anomalies, crs_23_request_limits, crs_30_http_policy, crs_35_bad_robots, crs_40_generic_attacks, crs_41_sql_injection_attacks, crs_41_xss_attacks, crs_42_tight_security, crs_45_trojans, General, GoodBots, Known-CVEs, REQUEST-911-METHOD-ENFORCEMENT, REQUEST-913-SCANNER-DETECTION, REQUEST-920-PROTOCOL-ENFORCEMENT, REQUEST-921-PROTOCOL-ATTACK, REQUEST-930-APPLICATION-ATTACK-LFI, REQUEST-931-APPLICATION-ATTACK-RFI, REQUEST-932-APPLICATION-ATTACK-RCE, REQUEST-933-APPLICATION-ATTACK-PHP, REQUEST-941-APPLICATION-ATTACK-XSS, REQUEST-942-APPLICATION-ATTACK-SQLI, REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION, REQUEST-944-APPLICATION-ATTACK-JAVA and UnknownBots.

DisabledRules List<string>

Deprecated:

disabled_rules will be removed in favour of the rule property in version 4.0 of the AzureRM Provider.

Rules List<PolicyManagedRulesManagedRuleSetRuleGroupOverrideRule>

One or more rule block defined below.

RuleGroupName string

The name of the Rule Group. Possible values are BadBots, crs_20_protocol_violations, crs_21_protocol_anomalies, crs_23_request_limits, crs_30_http_policy, crs_35_bad_robots, crs_40_generic_attacks, crs_41_sql_injection_attacks, crs_41_xss_attacks, crs_42_tight_security, crs_45_trojans, General, GoodBots, Known-CVEs, REQUEST-911-METHOD-ENFORCEMENT, REQUEST-913-SCANNER-DETECTION, REQUEST-920-PROTOCOL-ENFORCEMENT, REQUEST-921-PROTOCOL-ATTACK, REQUEST-930-APPLICATION-ATTACK-LFI, REQUEST-931-APPLICATION-ATTACK-RFI, REQUEST-932-APPLICATION-ATTACK-RCE, REQUEST-933-APPLICATION-ATTACK-PHP, REQUEST-941-APPLICATION-ATTACK-XSS, REQUEST-942-APPLICATION-ATTACK-SQLI, REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION, REQUEST-944-APPLICATION-ATTACK-JAVA and UnknownBots.

DisabledRules []string

Deprecated:

disabled_rules will be removed in favour of the rule property in version 4.0 of the AzureRM Provider.

Rules []PolicyManagedRulesManagedRuleSetRuleGroupOverrideRule

One or more rule block defined below.

ruleGroupName String

The name of the Rule Group. Possible values are BadBots, crs_20_protocol_violations, crs_21_protocol_anomalies, crs_23_request_limits, crs_30_http_policy, crs_35_bad_robots, crs_40_generic_attacks, crs_41_sql_injection_attacks, crs_41_xss_attacks, crs_42_tight_security, crs_45_trojans, General, GoodBots, Known-CVEs, REQUEST-911-METHOD-ENFORCEMENT, REQUEST-913-SCANNER-DETECTION, REQUEST-920-PROTOCOL-ENFORCEMENT, REQUEST-921-PROTOCOL-ATTACK, REQUEST-930-APPLICATION-ATTACK-LFI, REQUEST-931-APPLICATION-ATTACK-RFI, REQUEST-932-APPLICATION-ATTACK-RCE, REQUEST-933-APPLICATION-ATTACK-PHP, REQUEST-941-APPLICATION-ATTACK-XSS, REQUEST-942-APPLICATION-ATTACK-SQLI, REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION, REQUEST-944-APPLICATION-ATTACK-JAVA and UnknownBots.

disabledRules List<String>

Deprecated:

disabled_rules will be removed in favour of the rule property in version 4.0 of the AzureRM Provider.

rules List<PolicyManagedRulesManagedRuleSetRuleGroupOverrideRule>

One or more rule block defined below.

ruleGroupName string

The name of the Rule Group. Possible values are BadBots, crs_20_protocol_violations, crs_21_protocol_anomalies, crs_23_request_limits, crs_30_http_policy, crs_35_bad_robots, crs_40_generic_attacks, crs_41_sql_injection_attacks, crs_41_xss_attacks, crs_42_tight_security, crs_45_trojans, General, GoodBots, Known-CVEs, REQUEST-911-METHOD-ENFORCEMENT, REQUEST-913-SCANNER-DETECTION, REQUEST-920-PROTOCOL-ENFORCEMENT, REQUEST-921-PROTOCOL-ATTACK, REQUEST-930-APPLICATION-ATTACK-LFI, REQUEST-931-APPLICATION-ATTACK-RFI, REQUEST-932-APPLICATION-ATTACK-RCE, REQUEST-933-APPLICATION-ATTACK-PHP, REQUEST-941-APPLICATION-ATTACK-XSS, REQUEST-942-APPLICATION-ATTACK-SQLI, REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION, REQUEST-944-APPLICATION-ATTACK-JAVA and UnknownBots.

disabledRules string[]

Deprecated:

disabled_rules will be removed in favour of the rule property in version 4.0 of the AzureRM Provider.

rules PolicyManagedRulesManagedRuleSetRuleGroupOverrideRule[]

One or more rule block defined below.

rule_group_name str

The name of the Rule Group. Possible values are BadBots, crs_20_protocol_violations, crs_21_protocol_anomalies, crs_23_request_limits, crs_30_http_policy, crs_35_bad_robots, crs_40_generic_attacks, crs_41_sql_injection_attacks, crs_41_xss_attacks, crs_42_tight_security, crs_45_trojans, General, GoodBots, Known-CVEs, REQUEST-911-METHOD-ENFORCEMENT, REQUEST-913-SCANNER-DETECTION, REQUEST-920-PROTOCOL-ENFORCEMENT, REQUEST-921-PROTOCOL-ATTACK, REQUEST-930-APPLICATION-ATTACK-LFI, REQUEST-931-APPLICATION-ATTACK-RFI, REQUEST-932-APPLICATION-ATTACK-RCE, REQUEST-933-APPLICATION-ATTACK-PHP, REQUEST-941-APPLICATION-ATTACK-XSS, REQUEST-942-APPLICATION-ATTACK-SQLI, REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION, REQUEST-944-APPLICATION-ATTACK-JAVA and UnknownBots.

disabled_rules Sequence[str]

Deprecated:

disabled_rules will be removed in favour of the rule property in version 4.0 of the AzureRM Provider.

rules Sequence[PolicyManagedRulesManagedRuleSetRuleGroupOverrideRule]

One or more rule block defined below.

ruleGroupName String

The name of the Rule Group. Possible values are BadBots, crs_20_protocol_violations, crs_21_protocol_anomalies, crs_23_request_limits, crs_30_http_policy, crs_35_bad_robots, crs_40_generic_attacks, crs_41_sql_injection_attacks, crs_41_xss_attacks, crs_42_tight_security, crs_45_trojans, General, GoodBots, Known-CVEs, REQUEST-911-METHOD-ENFORCEMENT, REQUEST-913-SCANNER-DETECTION, REQUEST-920-PROTOCOL-ENFORCEMENT, REQUEST-921-PROTOCOL-ATTACK, REQUEST-930-APPLICATION-ATTACK-LFI, REQUEST-931-APPLICATION-ATTACK-RFI, REQUEST-932-APPLICATION-ATTACK-RCE, REQUEST-933-APPLICATION-ATTACK-PHP, REQUEST-941-APPLICATION-ATTACK-XSS, REQUEST-942-APPLICATION-ATTACK-SQLI, REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION, REQUEST-944-APPLICATION-ATTACK-JAVA and UnknownBots.

disabledRules List<String>

Deprecated:

disabled_rules will be removed in favour of the rule property in version 4.0 of the AzureRM Provider.

rules List<Property Map>

One or more rule block defined below.

PolicyManagedRulesManagedRuleSetRuleGroupOverrideRule

Id string

Identifier for the managed rule.

Action string

Describes the override action to be applied when rule matches. Possible values are Allow, AnomalyScoring, Block and Log.

Enabled bool

Describes if the managed rule is in enabled state or disabled state.

Id string

Identifier for the managed rule.

Action string

Describes the override action to be applied when rule matches. Possible values are Allow, AnomalyScoring, Block and Log.

Enabled bool

Describes if the managed rule is in enabled state or disabled state.

id String

Identifier for the managed rule.

action String

Describes the override action to be applied when rule matches. Possible values are Allow, AnomalyScoring, Block and Log.

enabled Boolean

Describes if the managed rule is in enabled state or disabled state.

id string

Identifier for the managed rule.

action string

Describes the override action to be applied when rule matches. Possible values are Allow, AnomalyScoring, Block and Log.

enabled boolean

Describes if the managed rule is in enabled state or disabled state.

id str

Identifier for the managed rule.

action str

Describes the override action to be applied when rule matches. Possible values are Allow, AnomalyScoring, Block and Log.

enabled bool

Describes if the managed rule is in enabled state or disabled state.

id String

Identifier for the managed rule.

action String

Describes the override action to be applied when rule matches. Possible values are Allow, AnomalyScoring, Block and Log.

enabled Boolean

Describes if the managed rule is in enabled state or disabled state.

PolicyPolicySettings

Enabled bool

Describes if the policy is in enabled state or disabled state. Defaults to true.

FileUploadLimitInMb int

The File Upload Limit in MB. Accepted values are in the range 1 to 4000. Defaults to 100.

MaxRequestBodySizeInKb int

The Maximum Request Body Size in KB. Accepted values are in the range 8 to 2000. Defaults to 128.

Mode string

Describes if it is in detection mode or prevention mode at the policy level. Valid values are Detection and Prevention. Defaults to Prevention.

RequestBodyCheck bool

Is Request Body Inspection enabled? Defaults to true.

Enabled bool

Describes if the policy is in enabled state or disabled state. Defaults to true.

FileUploadLimitInMb int

The File Upload Limit in MB. Accepted values are in the range 1 to 4000. Defaults to 100.

MaxRequestBodySizeInKb int

The Maximum Request Body Size in KB. Accepted values are in the range 8 to 2000. Defaults to 128.

Mode string

Describes if it is in detection mode or prevention mode at the policy level. Valid values are Detection and Prevention. Defaults to Prevention.

RequestBodyCheck bool

Is Request Body Inspection enabled? Defaults to true.

enabled Boolean

Describes if the policy is in enabled state or disabled state. Defaults to true.

fileUploadLimitInMb Integer

The File Upload Limit in MB. Accepted values are in the range 1 to 4000. Defaults to 100.

maxRequestBodySizeInKb Integer

The Maximum Request Body Size in KB. Accepted values are in the range 8 to 2000. Defaults to 128.

mode String

Describes if it is in detection mode or prevention mode at the policy level. Valid values are Detection and Prevention. Defaults to Prevention.

requestBodyCheck Boolean

Is Request Body Inspection enabled? Defaults to true.

enabled boolean

Describes if the policy is in enabled state or disabled state. Defaults to true.

fileUploadLimitInMb number

The File Upload Limit in MB. Accepted values are in the range 1 to 4000. Defaults to 100.

maxRequestBodySizeInKb number

The Maximum Request Body Size in KB. Accepted values are in the range 8 to 2000. Defaults to 128.

mode string

Describes if it is in detection mode or prevention mode at the policy level. Valid values are Detection and Prevention. Defaults to Prevention.

requestBodyCheck boolean

Is Request Body Inspection enabled? Defaults to true.

enabled bool

Describes if the policy is in enabled state or disabled state. Defaults to true.

file_upload_limit_in_mb int

The File Upload Limit in MB. Accepted values are in the range 1 to 4000. Defaults to 100.

max_request_body_size_in_kb int

The Maximum Request Body Size in KB. Accepted values are in the range 8 to 2000. Defaults to 128.

mode str

Describes if it is in detection mode or prevention mode at the policy level. Valid values are Detection and Prevention. Defaults to Prevention.

request_body_check bool

Is Request Body Inspection enabled? Defaults to true.

enabled Boolean

Describes if the policy is in enabled state or disabled state. Defaults to true.

fileUploadLimitInMb Number

The File Upload Limit in MB. Accepted values are in the range 1 to 4000. Defaults to 100.

maxRequestBodySizeInKb Number

The Maximum Request Body Size in KB. Accepted values are in the range 8 to 2000. Defaults to 128.

mode String

Describes if it is in detection mode or prevention mode at the policy level. Valid values are Detection and Prevention. Defaults to Prevention.

requestBodyCheck Boolean

Is Request Body Inspection enabled? Defaults to true.

Import

Web Application Firewall Policy can be imported using the resource id, e.g.

 $ pulumi import azure:waf/policy:Policy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/example-wafpolicy

Package Details

Repository
Azure Classic pulumi/pulumi-azure
License
Apache-2.0
Notes

This Pulumi package is based on the azurerm Terraform Provider.