We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Manages a Azure Web Application Firewall Policy instance.
Example Usage
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
{
Location = "West Europe",
});
var examplePolicy = new Azure.Waf.Policy("examplePolicy", new Azure.Waf.PolicyArgs
{
ResourceGroupName = exampleResourceGroup.Name,
Location = exampleResourceGroup.Location,
CustomRules =
{
new Azure.Waf.Inputs.PolicyCustomRuleArgs
{
Name = "Rule1",
Priority = 1,
RuleType = "MatchRule",
MatchConditions =
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionArgs
{
MatchVariables =
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionMatchVariableArgs
{
VariableName = "RemoteAddr",
},
},
Operator = "IPMatch",
NegationCondition = false,
MatchValues =
{
"192.168.1.0/24",
"10.0.0.0/24",
},
},
},
Action = "Block",
},
new Azure.Waf.Inputs.PolicyCustomRuleArgs
{
Name = "Rule2",
Priority = 2,
RuleType = "MatchRule",
MatchConditions =
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionArgs
{
MatchVariables =
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionMatchVariableArgs
{
VariableName = "RemoteAddr",
},
},
Operator = "IPMatch",
NegationCondition = false,
MatchValues =
{
"192.168.1.0/24",
},
},
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionArgs
{
MatchVariables =
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionMatchVariableArgs
{
VariableName = "RequestHeaders",
Selector = "UserAgent",
},
},
Operator = "Contains",
NegationCondition = false,
MatchValues =
{
"Windows",
},
},
},
Action = "Block",
},
},
PolicySettings = new Azure.Waf.Inputs.PolicyPolicySettingsArgs
{
Enabled = true,
Mode = "Prevention",
RequestBodyCheck = true,
FileUploadLimitInMb = 100,
MaxRequestBodySizeInKb = 128,
},
ManagedRules = new Azure.Waf.Inputs.PolicyManagedRulesArgs
{
Exclusions =
{
new Azure.Waf.Inputs.PolicyManagedRulesExclusionArgs
{
MatchVariable = "RequestHeaderNames",
Selector = "x-company-secret-header",
SelectorMatchOperator = "Equals",
},
new Azure.Waf.Inputs.PolicyManagedRulesExclusionArgs
{
MatchVariable = "RequestCookieNames",
Selector = "too-tasty",
SelectorMatchOperator = "EndsWith",
},
},
ManagedRuleSets =
{
new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetArgs
{
Type = "OWASP",
Version = "3.1",
RuleGroupOverrides =
{
new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs
{
RuleGroupName = "REQUEST-920-PROTOCOL-ENFORCEMENT",
DisabledRules =
{
"920300",
"920440",
},
},
},
},
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/waf"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
_, err = waf.NewPolicy(ctx, "examplePolicy", &waf.PolicyArgs{
ResourceGroupName: exampleResourceGroup.Name,
Location: exampleResourceGroup.Location,
CustomRules: waf.PolicyCustomRuleArray{
&waf.PolicyCustomRuleArgs{
Name: pulumi.String("Rule1"),
Priority: pulumi.Int(1),
RuleType: pulumi.String("MatchRule"),
MatchConditions: waf.PolicyCustomRuleMatchConditionArray{
&waf.PolicyCustomRuleMatchConditionArgs{
MatchVariables: waf.PolicyCustomRuleMatchConditionMatchVariableArray{
&waf.PolicyCustomRuleMatchConditionMatchVariableArgs{
VariableName: pulumi.String("RemoteAddr"),
},
},
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
pulumi.String("10.0.0.0/24"),
},
},
},
Action: pulumi.String("Block"),
},
&waf.PolicyCustomRuleArgs{
Name: pulumi.String("Rule2"),
Priority: pulumi.Int(2),
RuleType: pulumi.String("MatchRule"),
MatchConditions: waf.PolicyCustomRuleMatchConditionArray{
&waf.PolicyCustomRuleMatchConditionArgs{
MatchVariables: waf.PolicyCustomRuleMatchConditionMatchVariableArray{
&waf.PolicyCustomRuleMatchConditionMatchVariableArgs{
VariableName: pulumi.String("RemoteAddr"),
},
},
Operator: pulumi.String("IPMatch"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
},
},
&waf.PolicyCustomRuleMatchConditionArgs{
MatchVariables: waf.PolicyCustomRuleMatchConditionMatchVariableArray{
&waf.PolicyCustomRuleMatchConditionMatchVariableArgs{
VariableName: pulumi.String("RequestHeaders"),
Selector: pulumi.String("UserAgent"),
},
},
Operator: pulumi.String("Contains"),
NegationCondition: pulumi.Bool(false),
MatchValues: pulumi.StringArray{
pulumi.String("Windows"),
},
},
},
Action: pulumi.String("Block"),
},
},
PolicySettings: &waf.PolicyPolicySettingsArgs{
Enabled: pulumi.Bool(true),
Mode: pulumi.String("Prevention"),
RequestBodyCheck: pulumi.Bool(true),
FileUploadLimitInMb: pulumi.Int(100),
MaxRequestBodySizeInKb: pulumi.Int(128),
},
ManagedRules: &waf.PolicyManagedRulesArgs{
Exclusions: waf.PolicyManagedRulesExclusionArray{
&waf.PolicyManagedRulesExclusionArgs{
MatchVariable: pulumi.String("RequestHeaderNames"),
Selector: pulumi.String("x-company-secret-header"),
SelectorMatchOperator: pulumi.String("Equals"),
},
&waf.PolicyManagedRulesExclusionArgs{
MatchVariable: pulumi.String("RequestCookieNames"),
Selector: pulumi.String("too-tasty"),
SelectorMatchOperator: pulumi.String("EndsWith"),
},
},
ManagedRuleSets: waf.PolicyManagedRulesManagedRuleSetArray{
&waf.PolicyManagedRulesManagedRuleSetArgs{
Type: pulumi.String("OWASP"),
Version: pulumi.String("3.1"),
RuleGroupOverrides: waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArray{
&waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs{
RuleGroupName: pulumi.String("REQUEST-920-PROTOCOL-ENFORCEMENT"),
DisabledRules: pulumi.StringArray{
pulumi.String("920300"),
pulumi.String("920440"),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const examplePolicy = new azure.waf.Policy("examplePolicy", {
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
customRules: [
{
name: "Rule1",
priority: 1,
ruleType: "MatchRule",
matchConditions: [{
matchVariables: [{
variableName: "RemoteAddr",
}],
operator: "IPMatch",
negationCondition: false,
matchValues: [
"192.168.1.0/24",
"10.0.0.0/24",
],
}],
action: "Block",
},
{
name: "Rule2",
priority: 2,
ruleType: "MatchRule",
matchConditions: [
{
matchVariables: [{
variableName: "RemoteAddr",
}],
operator: "IPMatch",
negationCondition: false,
matchValues: ["192.168.1.0/24"],
},
{
matchVariables: [{
variableName: "RequestHeaders",
selector: "UserAgent",
}],
operator: "Contains",
negationCondition: false,
matchValues: ["Windows"],
},
],
action: "Block",
},
],
policySettings: {
enabled: true,
mode: "Prevention",
requestBodyCheck: true,
fileUploadLimitInMb: 100,
maxRequestBodySizeInKb: 128,
},
managedRules: {
exclusions: [
{
matchVariable: "RequestHeaderNames",
selector: "x-company-secret-header",
selectorMatchOperator: "Equals",
},
{
matchVariable: "RequestCookieNames",
selector: "too-tasty",
selectorMatchOperator: "EndsWith",
},
],
managedRuleSets: [{
type: "OWASP",
version: "3.1",
ruleGroupOverrides: [{
ruleGroupName: "REQUEST-920-PROTOCOL-ENFORCEMENT",
disabledRules: [
"920300",
"920440",
],
}],
}],
},
});
import pulumi
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_policy = azure.waf.Policy("examplePolicy",
resource_group_name=example_resource_group.name,
location=example_resource_group.location,
custom_rules=[
azure.waf.PolicyCustomRuleArgs(
name="Rule1",
priority=1,
rule_type="MatchRule",
match_conditions=[azure.waf.PolicyCustomRuleMatchConditionArgs(
match_variables=[azure.waf.PolicyCustomRuleMatchConditionMatchVariableArgs(
variable_name="RemoteAddr",
)],
operator="IPMatch",
negation_condition=False,
match_values=[
"192.168.1.0/24",
"10.0.0.0/24",
],
)],
action="Block",
),
azure.waf.PolicyCustomRuleArgs(
name="Rule2",
priority=2,
rule_type="MatchRule",
match_conditions=[
azure.waf.PolicyCustomRuleMatchConditionArgs(
match_variables=[azure.waf.PolicyCustomRuleMatchConditionMatchVariableArgs(
variable_name="RemoteAddr",
)],
operator="IPMatch",
negation_condition=False,
match_values=["192.168.1.0/24"],
),
azure.waf.PolicyCustomRuleMatchConditionArgs(
match_variables=[azure.waf.PolicyCustomRuleMatchConditionMatchVariableArgs(
variable_name="RequestHeaders",
selector="UserAgent",
)],
operator="Contains",
negation_condition=False,
match_values=["Windows"],
),
],
action="Block",
),
],
policy_settings=azure.waf.PolicyPolicySettingsArgs(
enabled=True,
mode="Prevention",
request_body_check=True,
file_upload_limit_in_mb=100,
max_request_body_size_in_kb=128,
),
managed_rules=azure.waf.PolicyManagedRulesArgs(
exclusions=[
azure.waf.PolicyManagedRulesExclusionArgs(
match_variable="RequestHeaderNames",
selector="x-company-secret-header",
selector_match_operator="Equals",
),
azure.waf.PolicyManagedRulesExclusionArgs(
match_variable="RequestCookieNames",
selector="too-tasty",
selector_match_operator="EndsWith",
),
],
managed_rule_sets=[azure.waf.PolicyManagedRulesManagedRuleSetArgs(
type="OWASP",
version="3.1",
rule_group_overrides=[azure.waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs(
rule_group_name="REQUEST-920-PROTOCOL-ENFORCEMENT",
disabled_rules=[
"920300",
"920440",
],
)],
)],
))
Example coming soon!
Create Policy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);@overload
def Policy(resource_name: str,
args: PolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Policy(resource_name: str,
opts: Optional[ResourceOptions] = None,
managed_rules: Optional[PolicyManagedRulesArgs] = None,
resource_group_name: Optional[str] = None,
custom_rules: Optional[Sequence[PolicyCustomRuleArgs]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
policy_settings: Optional[PolicyPolicySettingsArgs] = None,
tags: Optional[Mapping[str, str]] = None)func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)
type: azure:waf:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplepolicyResourceResourceFromWafpolicy = new Azure.Waf.Policy("examplepolicyResourceResourceFromWafpolicy", new()
{
ManagedRules = new Azure.Waf.Inputs.PolicyManagedRulesArgs
{
ManagedRuleSets = new[]
{
new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetArgs
{
Version = "string",
RuleGroupOverrides = new[]
{
new Azure.Waf.Inputs.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs
{
RuleGroupName = "string",
DisabledRules = new[]
{
"string",
},
},
},
Type = "string",
},
},
Exclusions = new[]
{
new Azure.Waf.Inputs.PolicyManagedRulesExclusionArgs
{
MatchVariable = "string",
Selector = "string",
SelectorMatchOperator = "string",
},
},
},
ResourceGroupName = "string",
CustomRules = new[]
{
new Azure.Waf.Inputs.PolicyCustomRuleArgs
{
Action = "string",
MatchConditions = new[]
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionArgs
{
MatchValues = new[]
{
"string",
},
MatchVariables = new[]
{
new Azure.Waf.Inputs.PolicyCustomRuleMatchConditionMatchVariableArgs
{
VariableName = "string",
Selector = "string",
},
},
Operator = "string",
NegationCondition = false,
Transforms = new[]
{
"string",
},
},
},
Priority = 0,
RuleType = "string",
Name = "string",
},
},
Location = "string",
Name = "string",
PolicySettings = new Azure.Waf.Inputs.PolicyPolicySettingsArgs
{
Enabled = false,
FileUploadLimitInMb = 0,
MaxRequestBodySizeInKb = 0,
Mode = "string",
RequestBodyCheck = false,
},
Tags =
{
{ "string", "string" },
},
});
example, err := waf.NewPolicy(ctx, "examplepolicyResourceResourceFromWafpolicy", &waf.PolicyArgs{
ManagedRules: &waf.PolicyManagedRulesArgs{
ManagedRuleSets: waf.PolicyManagedRulesManagedRuleSetArray{
&waf.PolicyManagedRulesManagedRuleSetArgs{
Version: pulumi.String("string"),
RuleGroupOverrides: waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArray{
&waf.PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs{
RuleGroupName: pulumi.String("string"),
DisabledRules: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Type: pulumi.String("string"),
},
},
Exclusions: waf.PolicyManagedRulesExclusionArray{
&waf.PolicyManagedRulesExclusionArgs{
MatchVariable: pulumi.String("string"),
Selector: pulumi.String("string"),
SelectorMatchOperator: pulumi.String("string"),
},
},
},
ResourceGroupName: pulumi.String("string"),
CustomRules: waf.PolicyCustomRuleArray{
&waf.PolicyCustomRuleArgs{
Action: pulumi.String("string"),
MatchConditions: waf.PolicyCustomRuleMatchConditionArray{
&waf.PolicyCustomRuleMatchConditionArgs{
MatchValues: pulumi.StringArray{
pulumi.String("string"),
},
MatchVariables: waf.PolicyCustomRuleMatchConditionMatchVariableArray{
&waf.PolicyCustomRuleMatchConditionMatchVariableArgs{
VariableName: pulumi.String("string"),
Selector: pulumi.String("string"),
},
},
Operator: pulumi.String("string"),
NegationCondition: pulumi.Bool(false),
Transforms: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Priority: pulumi.Int(0),
RuleType: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
Location: pulumi.String("string"),
Name: pulumi.String("string"),
PolicySettings: &waf.PolicyPolicySettingsArgs{
Enabled: pulumi.Bool(false),
FileUploadLimitInMb: pulumi.Int(0),
MaxRequestBodySizeInKb: pulumi.Int(0),
Mode: pulumi.String("string"),
RequestBodyCheck: pulumi.Bool(false),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var examplepolicyResourceResourceFromWafpolicy = new com.pulumi.azure.waf.Policy("examplepolicyResourceResourceFromWafpolicy", com.pulumi.azure.waf.PolicyArgs.builder()
.managedRules(PolicyManagedRulesArgs.builder()
.managedRuleSets(PolicyManagedRulesManagedRuleSetArgs.builder()
.version("string")
.ruleGroupOverrides(PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs.builder()
.ruleGroupName("string")
.disabledRules("string")
.build())
.type("string")
.build())
.exclusions(PolicyManagedRulesExclusionArgs.builder()
.matchVariable("string")
.selector("string")
.selectorMatchOperator("string")
.build())
.build())
.resourceGroupName("string")
.customRules(PolicyCustomRuleArgs.builder()
.action("string")
.matchConditions(PolicyCustomRuleMatchConditionArgs.builder()
.matchValues("string")
.matchVariables(PolicyCustomRuleMatchConditionMatchVariableArgs.builder()
.variableName("string")
.selector("string")
.build())
.operator("string")
.negationCondition(false)
.transforms("string")
.build())
.priority(0)
.ruleType("string")
.name("string")
.build())
.location("string")
.name("string")
.policySettings(PolicyPolicySettingsArgs.builder()
.enabled(false)
.fileUploadLimitInMb(0)
.maxRequestBodySizeInKb(0)
.mode("string")
.requestBodyCheck(false)
.build())
.tags(Map.of("string", "string"))
.build());
examplepolicy_resource_resource_from_wafpolicy = azure.waf.Policy("examplepolicyResourceResourceFromWafpolicy",
managed_rules={
"managed_rule_sets": [{
"version": "string",
"rule_group_overrides": [{
"rule_group_name": "string",
"disabled_rules": ["string"],
}],
"type": "string",
}],
"exclusions": [{
"match_variable": "string",
"selector": "string",
"selector_match_operator": "string",
}],
},
resource_group_name="string",
custom_rules=[{
"action": "string",
"match_conditions": [{
"match_values": ["string"],
"match_variables": [{
"variable_name": "string",
"selector": "string",
}],
"operator": "string",
"negation_condition": False,
"transforms": ["string"],
}],
"priority": 0,
"rule_type": "string",
"name": "string",
}],
location="string",
name="string",
policy_settings={
"enabled": False,
"file_upload_limit_in_mb": 0,
"max_request_body_size_in_kb": 0,
"mode": "string",
"request_body_check": False,
},
tags={
"string": "string",
})
const examplepolicyResourceResourceFromWafpolicy = new azure.waf.Policy("examplepolicyResourceResourceFromWafpolicy", {
managedRules: {
managedRuleSets: [{
version: "string",
ruleGroupOverrides: [{
ruleGroupName: "string",
disabledRules: ["string"],
}],
type: "string",
}],
exclusions: [{
matchVariable: "string",
selector: "string",
selectorMatchOperator: "string",
}],
},
resourceGroupName: "string",
customRules: [{
action: "string",
matchConditions: [{
matchValues: ["string"],
matchVariables: [{
variableName: "string",
selector: "string",
}],
operator: "string",
negationCondition: false,
transforms: ["string"],
}],
priority: 0,
ruleType: "string",
name: "string",
}],
location: "string",
name: "string",
policySettings: {
enabled: false,
fileUploadLimitInMb: 0,
maxRequestBodySizeInKb: 0,
mode: "string",
requestBodyCheck: false,
},
tags: {
string: "string",
},
});
type: azure:waf:Policy
properties:
customRules:
- action: string
matchConditions:
- matchValues:
- string
matchVariables:
- selector: string
variableName: string
negationCondition: false
operator: string
transforms:
- string
name: string
priority: 0
ruleType: string
location: string
managedRules:
exclusions:
- matchVariable: string
selector: string
selectorMatchOperator: string
managedRuleSets:
- ruleGroupOverrides:
- disabledRules:
- string
ruleGroupName: string
type: string
version: string
name: string
policySettings:
enabled: false
fileUploadLimitInMb: 0
maxRequestBodySizeInKb: 0
mode: string
requestBodyCheck: false
resourceGroupName: string
tags:
string: string
Policy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Policy resource accepts the following input properties:
- Managed
Rules PolicyManaged Rules - A
managed_rulesblocks as defined below. - Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Custom
Rules List<PolicyCustom Rule> - One or more
custom_rulesblocks as defined below. - Location string
- Resource location. Changing this forces a new resource to be created.
- Name string
- The name of the policy. Changing this forces a new resource to be created.
- Policy
Settings PolicyPolicy Settings - A
policy_settingsblock as defined below. - Dictionary<string, string>
- A mapping of tags to assign to the Web Application Firewall Policy.
- Managed
Rules PolicyManaged Rules Args - A
managed_rulesblocks as defined below. - Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Custom
Rules []PolicyCustom Rule Args - One or more
custom_rulesblocks as defined below. - Location string
- Resource location. Changing this forces a new resource to be created.
- Name string
- The name of the policy. Changing this forces a new resource to be created.
- Policy
Settings PolicyPolicy Settings Args - A
policy_settingsblock as defined below. - map[string]string
- A mapping of tags to assign to the Web Application Firewall Policy.
- managed
Rules PolicyManaged Rules - A
managed_rulesblocks as defined below. - resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- custom
Rules List<PolicyCustom Rule> - One or more
custom_rulesblocks as defined below. - location String
- Resource location. Changing this forces a new resource to be created.
- name String
- The name of the policy. Changing this forces a new resource to be created.
- policy
Settings PolicyPolicy Settings - A
policy_settingsblock as defined below. - Map<String,String>
- A mapping of tags to assign to the Web Application Firewall Policy.
- managed
Rules PolicyManaged Rules - A
managed_rulesblocks as defined below. - resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- custom
Rules PolicyCustom Rule[] - One or more
custom_rulesblocks as defined below. - location string
- Resource location. Changing this forces a new resource to be created.
- name string
- The name of the policy. Changing this forces a new resource to be created.
- policy
Settings PolicyPolicy Settings - A
policy_settingsblock as defined below. - {[key: string]: string}
- A mapping of tags to assign to the Web Application Firewall Policy.
- managed_
rules PolicyManaged Rules Args - A
managed_rulesblocks as defined below. - resource_
group_ strname - The name of the resource group. Changing this forces a new resource to be created.
- custom_
rules Sequence[PolicyCustom Rule Args] - One or more
custom_rulesblocks as defined below. - location str
- Resource location. Changing this forces a new resource to be created.
- name str
- The name of the policy. Changing this forces a new resource to be created.
- policy_
settings PolicyPolicy Settings Args - A
policy_settingsblock as defined below. - Mapping[str, str]
- A mapping of tags to assign to the Web Application Firewall Policy.
- managed
Rules Property Map - A
managed_rulesblocks as defined below. - resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- custom
Rules List<Property Map> - One or more
custom_rulesblocks as defined below. - location String
- Resource location. Changing this forces a new resource to be created.
- name String
- The name of the policy. Changing this forces a new resource to be created.
- policy
Settings Property Map - A
policy_settingsblock as defined below. - Map<String>
- A mapping of tags to assign to the Web Application Firewall Policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:
- Http
Listener List<string>Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway. - Id string
- The provider-assigned unique ID for this managed resource.
- Path
Based List<string>Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway.
- Http
Listener []stringIds - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway. - Id string
- The provider-assigned unique ID for this managed resource.
- Path
Based []stringRule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway.
- http
Listener List<String>Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway. - id String
- The provider-assigned unique ID for this managed resource.
- path
Based List<String>Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway.
- http
Listener string[]Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway. - id string
- The provider-assigned unique ID for this managed resource.
- path
Based string[]Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway.
- http_
listener_ Sequence[str]ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway. - id str
- The provider-assigned unique ID for this managed resource.
- path_
based_ Sequence[str]rule_ ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway.
- http
Listener List<String>Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway. - id String
- The provider-assigned unique ID for this managed resource.
- path
Based List<String>Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway.
Look up Existing Policy Resource
Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
custom_rules: Optional[Sequence[PolicyCustomRuleArgs]] = None,
http_listener_ids: Optional[Sequence[str]] = None,
location: Optional[str] = None,
managed_rules: Optional[PolicyManagedRulesArgs] = None,
name: Optional[str] = None,
path_based_rule_ids: Optional[Sequence[str]] = None,
policy_settings: Optional[PolicyPolicySettingsArgs] = None,
resource_group_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None) -> Policyfunc GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)resources: _: type: azure:waf:Policy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Custom
Rules List<PolicyCustom Rule> - One or more
custom_rulesblocks as defined below. - Http
Listener List<string>Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway. - Location string
- Resource location. Changing this forces a new resource to be created.
- Managed
Rules PolicyManaged Rules - A
managed_rulesblocks as defined below. - Name string
- The name of the policy. Changing this forces a new resource to be created.
- Path
Based List<string>Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway. - Policy
Settings PolicyPolicy Settings - A
policy_settingsblock as defined below. - Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- Dictionary<string, string>
- A mapping of tags to assign to the Web Application Firewall Policy.
- Custom
Rules []PolicyCustom Rule Args - One or more
custom_rulesblocks as defined below. - Http
Listener []stringIds - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway. - Location string
- Resource location. Changing this forces a new resource to be created.
- Managed
Rules PolicyManaged Rules Args - A
managed_rulesblocks as defined below. - Name string
- The name of the policy. Changing this forces a new resource to be created.
- Path
Based []stringRule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway. - Policy
Settings PolicyPolicy Settings Args - A
policy_settingsblock as defined below. - Resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- map[string]string
- A mapping of tags to assign to the Web Application Firewall Policy.
- custom
Rules List<PolicyCustom Rule> - One or more
custom_rulesblocks as defined below. - http
Listener List<String>Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway. - location String
- Resource location. Changing this forces a new resource to be created.
- managed
Rules PolicyManaged Rules - A
managed_rulesblocks as defined below. - name String
- The name of the policy. Changing this forces a new resource to be created.
- path
Based List<String>Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway. - policy
Settings PolicyPolicy Settings - A
policy_settingsblock as defined below. - resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- Map<String,String>
- A mapping of tags to assign to the Web Application Firewall Policy.
- custom
Rules PolicyCustom Rule[] - One or more
custom_rulesblocks as defined below. - http
Listener string[]Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway. - location string
- Resource location. Changing this forces a new resource to be created.
- managed
Rules PolicyManaged Rules - A
managed_rulesblocks as defined below. - name string
- The name of the policy. Changing this forces a new resource to be created.
- path
Based string[]Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway. - policy
Settings PolicyPolicy Settings - A
policy_settingsblock as defined below. - resource
Group stringName - The name of the resource group. Changing this forces a new resource to be created.
- {[key: string]: string}
- A mapping of tags to assign to the Web Application Firewall Policy.
- custom_
rules Sequence[PolicyCustom Rule Args] - One or more
custom_rulesblocks as defined below. - http_
listener_ Sequence[str]ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway. - location str
- Resource location. Changing this forces a new resource to be created.
- managed_
rules PolicyManaged Rules Args - A
managed_rulesblocks as defined below. - name str
- The name of the policy. Changing this forces a new resource to be created.
- path_
based_ Sequence[str]rule_ ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway. - policy_
settings PolicyPolicy Settings Args - A
policy_settingsblock as defined below. - resource_
group_ strname - The name of the resource group. Changing this forces a new resource to be created.
- Mapping[str, str]
- A mapping of tags to assign to the Web Application Firewall Policy.
- custom
Rules List<Property Map> - One or more
custom_rulesblocks as defined below. - http
Listener List<String>Ids - A list of HTTP Listener IDs from an
azure.network.ApplicationGateway. - location String
- Resource location. Changing this forces a new resource to be created.
- managed
Rules Property Map - A
managed_rulesblocks as defined below. - name String
- The name of the policy. Changing this forces a new resource to be created.
- path
Based List<String>Rule Ids - A list of URL Path Map Path Rule IDs from an
azure.network.ApplicationGateway. - policy
Settings Property Map - A
policy_settingsblock as defined below. - resource
Group StringName - The name of the resource group. Changing this forces a new resource to be created.
- Map<String>
- A mapping of tags to assign to the Web Application Firewall Policy.
Supporting Types
PolicyCustomRule, PolicyCustomRuleArgs
- Action string
- Type of action.
- Match
Conditions List<PolicyCustom Rule Match Condition> - One or more
match_conditionsblocks as defined below. - Priority int
- Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
- Rule
Type string - Describes the type of rule.
- Name string
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- Action string
- Type of action.
- Match
Conditions []PolicyCustom Rule Match Condition - One or more
match_conditionsblocks as defined below. - Priority int
- Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
- Rule
Type string - Describes the type of rule.
- Name string
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- action String
- Type of action.
- match
Conditions List<PolicyCustom Rule Match Condition> - One or more
match_conditionsblocks as defined below. - priority Integer
- Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
- rule
Type String - Describes the type of rule.
- name String
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- action string
- Type of action.
- match
Conditions PolicyCustom Rule Match Condition[] - One or more
match_conditionsblocks as defined below. - priority number
- Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
- rule
Type string - Describes the type of rule.
- name string
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- action str
- Type of action.
- match_
conditions Sequence[PolicyCustom Rule Match Condition] - One or more
match_conditionsblocks as defined below. - priority int
- Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
- rule_
type str - Describes the type of rule.
- name str
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
- action String
- Type of action.
- match
Conditions List<Property Map> - One or more
match_conditionsblocks as defined below. - priority Number
- Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
- rule
Type String - Describes the type of rule.
- name String
- Gets name of the resource that is unique within a policy. This name can be used to access the resource.
PolicyCustomRuleMatchCondition, PolicyCustomRuleMatchConditionArgs
- Match
Values List<string> - A list of match values.
- Match
Variables List<PolicyCustom Rule Match Condition Match Variable> - One or more
match_variablesblocks as defined below. - Operator string
- Describes operator to be matched.
- Negation
Condition bool - Describes if this is negate condition or not
- Transforms List<string>
- A list of transformations to do before the match is attempted.
- Match
Values []string - A list of match values.
- Match
Variables []PolicyCustom Rule Match Condition Match Variable - One or more
match_variablesblocks as defined below. - Operator string
- Describes operator to be matched.
- Negation
Condition bool - Describes if this is negate condition or not
- Transforms []string
- A list of transformations to do before the match is attempted.
- match
Values List<String> - A list of match values.
- match
Variables List<PolicyCustom Rule Match Condition Match Variable> - One or more
match_variablesblocks as defined below. - operator String
- Describes operator to be matched.
- negation
Condition Boolean - Describes if this is negate condition or not
- transforms List<String>
- A list of transformations to do before the match is attempted.
- match
Values string[] - A list of match values.
- match
Variables PolicyCustom Rule Match Condition Match Variable[] - One or more
match_variablesblocks as defined below. - operator string
- Describes operator to be matched.
- negation
Condition boolean - Describes if this is negate condition or not
- transforms string[]
- A list of transformations to do before the match is attempted.
- match_
values Sequence[str] - A list of match values.
- match_
variables Sequence[PolicyCustom Rule Match Condition Match Variable] - One or more
match_variablesblocks as defined below. - operator str
- Describes operator to be matched.
- negation_
condition bool - Describes if this is negate condition or not
- transforms Sequence[str]
- A list of transformations to do before the match is attempted.
- match
Values List<String> - A list of match values.
- match
Variables List<Property Map> - One or more
match_variablesblocks as defined below. - operator String
- Describes operator to be matched.
- negation
Condition Boolean - Describes if this is negate condition or not
- transforms List<String>
- A list of transformations to do before the match is attempted.
PolicyCustomRuleMatchConditionMatchVariable, PolicyCustomRuleMatchConditionMatchVariableArgs
- Variable
Name string - The name of the Match Variable
- Selector string
- Describes field of the matchVariable collection
- Variable
Name string - The name of the Match Variable
- Selector string
- Describes field of the matchVariable collection
- variable
Name String - The name of the Match Variable
- selector String
- Describes field of the matchVariable collection
- variable
Name string - The name of the Match Variable
- selector string
- Describes field of the matchVariable collection
- variable_
name str - The name of the Match Variable
- selector str
- Describes field of the matchVariable collection
- variable
Name String - The name of the Match Variable
- selector String
- Describes field of the matchVariable collection
PolicyManagedRules, PolicyManagedRulesArgs
- Managed
Rule List<PolicySets Managed Rules Managed Rule Set> - One or more
managed_rule_setblock defined below. - Exclusions
List<Policy
Managed Rules Exclusion> - One or more
exclusionblock defined below.
- Managed
Rule []PolicySets Managed Rules Managed Rule Set - One or more
managed_rule_setblock defined below. - Exclusions
[]Policy
Managed Rules Exclusion - One or more
exclusionblock defined below.
- managed
Rule List<PolicySets Managed Rules Managed Rule Set> - One or more
managed_rule_setblock defined below. - exclusions
List<Policy
Managed Rules Exclusion> - One or more
exclusionblock defined below.
- managed
Rule PolicySets Managed Rules Managed Rule Set[] - One or more
managed_rule_setblock defined below. - exclusions
Policy
Managed Rules Exclusion[] - One or more
exclusionblock defined below.
- managed_
rule_ Sequence[Policysets Managed Rules Managed Rule Set] - One or more
managed_rule_setblock defined below. - exclusions
Sequence[Policy
Managed Rules Exclusion] - One or more
exclusionblock defined below.
- managed
Rule List<Property Map>Sets - One or more
managed_rule_setblock defined below. - exclusions List<Property Map>
- One or more
exclusionblock defined below.
PolicyManagedRulesExclusion, PolicyManagedRulesExclusionArgs
- Match
Variable string - The name of the Match Variable. Possible values:
RequestArgNames,RequestCookieNames,RequestHeaderNames. - Selector string
- Describes field of the matchVariable collection.
- Selector
Match stringOperator - Describes operator to be matched. Possible values:
Contains,EndsWith,Equals,EqualsAny,StartsWith.
- Match
Variable string - The name of the Match Variable. Possible values:
RequestArgNames,RequestCookieNames,RequestHeaderNames. - Selector string
- Describes field of the matchVariable collection.
- Selector
Match stringOperator - Describes operator to be matched. Possible values:
Contains,EndsWith,Equals,EqualsAny,StartsWith.
- match
Variable String - The name of the Match Variable. Possible values:
RequestArgNames,RequestCookieNames,RequestHeaderNames. - selector String
- Describes field of the matchVariable collection.
- selector
Match StringOperator - Describes operator to be matched. Possible values:
Contains,EndsWith,Equals,EqualsAny,StartsWith.
- match
Variable string - The name of the Match Variable. Possible values:
RequestArgNames,RequestCookieNames,RequestHeaderNames. - selector string
- Describes field of the matchVariable collection.
- selector
Match stringOperator - Describes operator to be matched. Possible values:
Contains,EndsWith,Equals,EqualsAny,StartsWith.
- match_
variable str - The name of the Match Variable. Possible values:
RequestArgNames,RequestCookieNames,RequestHeaderNames. - selector str
- Describes field of the matchVariable collection.
- selector_
match_ stroperator - Describes operator to be matched. Possible values:
Contains,EndsWith,Equals,EqualsAny,StartsWith.
- match
Variable String - The name of the Match Variable. Possible values:
RequestArgNames,RequestCookieNames,RequestHeaderNames. - selector String
- Describes field of the matchVariable collection.
- selector
Match StringOperator - Describes operator to be matched. Possible values:
Contains,EndsWith,Equals,EqualsAny,StartsWith.
PolicyManagedRulesManagedRuleSet, PolicyManagedRulesManagedRuleSetArgs
- Version string
- The rule set version. Possible values:
0.1,1.0,2.2.9,3.0,3.1and3.2. - Rule
Group List<PolicyOverrides Managed Rules Managed Rule Set Rule Group Override> - One or more
rule_group_overrideblock defined below. - Type string
- The rule set type. Possible values:
Microsoft_BotManagerRuleSetandOWASP.
- Version string
- The rule set version. Possible values:
0.1,1.0,2.2.9,3.0,3.1and3.2. - Rule
Group []PolicyOverrides Managed Rules Managed Rule Set Rule Group Override - One or more
rule_group_overrideblock defined below. - Type string
- The rule set type. Possible values:
Microsoft_BotManagerRuleSetandOWASP.
- version String
- The rule set version. Possible values:
0.1,1.0,2.2.9,3.0,3.1and3.2. - rule
Group List<PolicyOverrides Managed Rules Managed Rule Set Rule Group Override> - One or more
rule_group_overrideblock defined below. - type String
- The rule set type. Possible values:
Microsoft_BotManagerRuleSetandOWASP.
- version string
- The rule set version. Possible values:
0.1,1.0,2.2.9,3.0,3.1and3.2. - rule
Group PolicyOverrides Managed Rules Managed Rule Set Rule Group Override[] - One or more
rule_group_overrideblock defined below. - type string
- The rule set type. Possible values:
Microsoft_BotManagerRuleSetandOWASP.
- version str
- The rule set version. Possible values:
0.1,1.0,2.2.9,3.0,3.1and3.2. - rule_
group_ Sequence[Policyoverrides Managed Rules Managed Rule Set Rule Group Override] - One or more
rule_group_overrideblock defined below. - type str
- The rule set type. Possible values:
Microsoft_BotManagerRuleSetandOWASP.
- version String
- The rule set version. Possible values:
0.1,1.0,2.2.9,3.0,3.1and3.2. - rule
Group List<Property Map>Overrides - One or more
rule_group_overrideblock defined below. - type String
- The rule set type. Possible values:
Microsoft_BotManagerRuleSetandOWASP.
PolicyManagedRulesManagedRuleSetRuleGroupOverride, PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs
- Rule
Group stringName - The name of the Rule Group
- Disabled
Rules List<string> - One or more Rule ID's
- Rule
Group stringName - The name of the Rule Group
- Disabled
Rules []string - One or more Rule ID's
- rule
Group StringName - The name of the Rule Group
- disabled
Rules List<String> - One or more Rule ID's
- rule
Group stringName - The name of the Rule Group
- disabled
Rules string[] - One or more Rule ID's
- rule_
group_ strname - The name of the Rule Group
- disabled_
rules Sequence[str] - One or more Rule ID's
- rule
Group StringName - The name of the Rule Group
- disabled
Rules List<String> - One or more Rule ID's
PolicyPolicySettings, PolicyPolicySettingsArgs
- Enabled bool
- Describes if the policy is in enabled state or disabled state. Defaults to
true. - File
Upload intLimit In Mb - The File Upload Limit in MB. Accepted values are in the range
1to4000. Defaults to100. - Max
Request intBody Size In Kb - The Maximum Request Body Size in KB. Accepted values are in the range
8to2000. Defaults to128. - Mode string
- Describes if it is in detection mode or prevention mode at the policy level. Valid values are
DetectionandPrevention. Defaults toPrevention. - Request
Body boolCheck - Is Request Body Inspection enabled? Defaults to
true.
- Enabled bool
- Describes if the policy is in enabled state or disabled state. Defaults to
true. - File
Upload intLimit In Mb - The File Upload Limit in MB. Accepted values are in the range
1to4000. Defaults to100. - Max
Request intBody Size In Kb - The Maximum Request Body Size in KB. Accepted values are in the range
8to2000. Defaults to128. - Mode string
- Describes if it is in detection mode or prevention mode at the policy level. Valid values are
DetectionandPrevention. Defaults toPrevention. - Request
Body boolCheck - Is Request Body Inspection enabled? Defaults to
true.
- enabled Boolean
- Describes if the policy is in enabled state or disabled state. Defaults to
true. - file
Upload IntegerLimit In Mb - The File Upload Limit in MB. Accepted values are in the range
1to4000. Defaults to100. - max
Request IntegerBody Size In Kb - The Maximum Request Body Size in KB. Accepted values are in the range
8to2000. Defaults to128. - mode String
- Describes if it is in detection mode or prevention mode at the policy level. Valid values are
DetectionandPrevention. Defaults toPrevention. - request
Body BooleanCheck - Is Request Body Inspection enabled? Defaults to
true.
- enabled boolean
- Describes if the policy is in enabled state or disabled state. Defaults to
true. - file
Upload numberLimit In Mb - The File Upload Limit in MB. Accepted values are in the range
1to4000. Defaults to100. - max
Request numberBody Size In Kb - The Maximum Request Body Size in KB. Accepted values are in the range
8to2000. Defaults to128. - mode string
- Describes if it is in detection mode or prevention mode at the policy level. Valid values are
DetectionandPrevention. Defaults toPrevention. - request
Body booleanCheck - Is Request Body Inspection enabled? Defaults to
true.
- enabled bool
- Describes if the policy is in enabled state or disabled state. Defaults to
true. - file_
upload_ intlimit_ in_ mb - The File Upload Limit in MB. Accepted values are in the range
1to4000. Defaults to100. - max_
request_ intbody_ size_ in_ kb - The Maximum Request Body Size in KB. Accepted values are in the range
8to2000. Defaults to128. - mode str
- Describes if it is in detection mode or prevention mode at the policy level. Valid values are
DetectionandPrevention. Defaults toPrevention. - request_
body_ boolcheck - Is Request Body Inspection enabled? Defaults to
true.
- enabled Boolean
- Describes if the policy is in enabled state or disabled state. Defaults to
true. - file
Upload NumberLimit In Mb - The File Upload Limit in MB. Accepted values are in the range
1to4000. Defaults to100. - max
Request NumberBody Size In Kb - The Maximum Request Body Size in KB. Accepted values are in the range
8to2000. Defaults to128. - mode String
- Describes if it is in detection mode or prevention mode at the policy level. Valid values are
DetectionandPrevention. Defaults toPrevention. - request
Body BooleanCheck - Is Request Body Inspection enabled? Defaults to
true.
Import
Web Application Firewall Policy can be imported using the resource id, e.g.
$ pulumi import azure:waf/policy:Policy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/example-wafpolicy
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi